Troubleshooting Fleet Commander

This document contains common issues of Fleet Commander integration with SSSD. Please, refer to the Fleet Commander project documentation for general issues that are not related to the SSSD project. You can also read the Fleet Commander Integration design page to get a better understanding of the SSSD role and how the integration works under the hood.

To enable verbose Fleet Commander’s debug logs please set:

[admin]
log_level = debug

Use journalctl command to read the logs.

  • Error: Error during service connection. Check system logs for details.

  • Logs:

    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: Traceback (most recent call last):
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: "__main__", fname, loader, pkg_name)
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: exec code in run_globals
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/share/fleet-commander-admin/python/fleetcommander/fcdbus.py", line 881, in <module>
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: svc = FleetCommanderDbusService(config)
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/share/fleet-commander-admin/python/fleetcommander/fcdbus.py", line 196, in __init__
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: os.makedirs(self.state_dir)
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/lib64/python2.7/os.py", line 150, in makedirs
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: makedirs(head, mode)
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/lib64/python2.7/os.py", line 150, in makedirs
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: makedirs(head, mode)
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/lib64/python2.7/os.py", line 150, in makedirs
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: makedirs(head, mode)
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: File "/usr/lib64/python2.7/os.py", line 157, in makedirs
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: mkdir(name, mode)
    Aug 21 08:44:07 master.ipa.fc org.freedesktop.FleetCommander[23521]: OSError: [Errno 13] Permission denied: '/home/admin'
    
  • Cause: You have installed ipa-server without --mkhomedir option.

  • Solution:

    1. Enable mkhomedir PAM module

      Fedora
      authselect enable-feature with-mkhomedir
      
      RHEL
      authselect enable-feature with-mkhomedir
      
    2. Log into the system with the admin user in order to have its home directory created

      ssh -l admin localhost
      
    3. And now click on Retry connection

  • Error: Error connecting to IPA server. Check system logs for details.

  • Logs:

    Aug 21 09:11:33 master.ipa.fc org.freedesktop.FleetCommander[23521]: FC: [DEBUG] Started session checking
    Aug 21 09:11:33 master.ipa.fc org.freedesktop.FleetCommander[23521]: FC: [DEBUG] Connecting to IPA server
    Aug 21 09:11:34 master.ipa.fc org.freedesktop.FleetCommander[23521]: ipa: INFO: trying https://master.ipa.fc/ipa/session/json
    Aug 21 09:11:34 master.ipa.fc org.freedesktop.FleetCommander[23521]: ipa: INFO: [try 1]: Forwarding 'ping/1' to json server 'https://master.ipa.fc/ipa/session/json'
    Aug 21 09:11:34 master.ipa.fc [22135]: GSSAPI client step 1
    Aug 21 09:11:34 master.ipa.fc [22135]: GSSAPI client step 1
    Aug 21 09:11:34 master.ipa.fc ns-slapd[22623]: GSSAPI server step 1
    Aug 21 09:11:34 master.ipa.fc [22135]: GSSAPI client step 1
    Aug 21 09:11:34 master.ipa.fc org.freedesktop.FleetCommander[23521]: FC: [DEBUG] FreeIPAConnector: Starting sanity check
    Aug 21 09:11:34 master.ipa.fc org.freedesktop.FleetCommander[23521]: FC: [ERROR] FreeIPAConnector: Error connecting to FreeIPA: freeipa-desktop-profile is not installed in FreeIPA server
    Aug 21 09:11:34 master.ipa.fc org.freedesktop.FleetCommander[23521]: FC: [DEBUG] IPA server connection failed: freeipa-desktop-profile is not installed in FreeIPA server
    Aug 21 09:11:34 master.ipa.fc org.freedesktop.FleetCommander[23521]: FC: [DEBUG] Last call time: 1534835493.38
    Aug 21 09:11:34 master.ipa.fc org.freedesktop.FleetCommander[23521]: FC: [DEBUG] Checking running sessions. Time passed: 1.32938504219
    
  • Cause: freeipa-desktop-profile plugin is not installed

  • Solution:

    1. Install freeipa-desktop-profile

      Fedora
      dnf install freeipa-desktop-profile
      
      RHEL
      yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
      yum install freeipa-desktop-profile
      
    2. Click on Retry connection

  • Error: Error getting domain list. This error may happen when connecting to a Live Session.

  • Logs:

    Aug 21 12:46:41 master.ipa.fc sshd[7846]: pam_unix(sshd:session): session opened for user user by (uid=0)
    Aug 21 12:46:41 master.ipa.fc sshd[7852]: Received disconnect from 192.168.0.114 port 52348:11: disconnected by user
    Aug 21 12:46:41 master.ipa.fc sshd[7852]: Disconnected from 192.168.0.114 port 52348
    Aug 21 12:46:41 master.ipa.fc org.freedesktop.FleetCommander[3802]: FC: [DEBUG] Getting domain try 2: Error connecting to host: Error executing remote command: bash: virsh: command not found
    Aug 21 12:46:41 master.ipa.fc org.freedesktop.FleetCommander[3802]: FC: [ERROR] Error retrieving domains Error connecting to host: Error executing remote command: bash: virsh: command not found
    Aug 21 12:46:41 master.ipa.fc org.freedesktop.FleetCommander[3802]: FC: [DEBUG] Last call time: 1534848400.52
    Aug 21 12:46:41 master.ipa.fc org.freedesktop.FleetCommander[3802]: FC: [DEBUG] Checking running sessions. Time passed: 0.843245983124
    Aug 21 12:46:41 master.ipa.fc sshd[7846]: pam_unix(sshd:session): session closed for user user
    
  • Cause: virsh is not present on the machine

  • Solution:

    1. Install libvirt-client

      Fedora
      dnf install libvirt-client
      
      RHEL
      yum install libvirt-client
      
    2. Add the user to the libvirt group

      usermod --append --groups libvirt <user>
      
    3. Retry the Live Session

  • Check that the profile applies to your user and machine.

  • Check if /var/lib/sss/deskprofile/<domain>/<username>/<profile> exists. If yes, then the problem is between SSSD and fleet-commander-client. If no then SSSD was not able to download or store the profile correctly.

  • Enable SSSD debugging, restart SSSD and try to log in again to get more verbose information:

    [domain/<domain>]
    ...
    debug_level = 0x3ff0
    ...
    
  • Read the logs at /var/log/sssd/sssd_<domain>.log

    1. The problem is between SSSD and fleet-commander-client

      [ipa_pam_session_handler_notify_deskprofile_client_done] Error sending sbus message ...
      [ipa_pam_session_handler_save_deskprofile_rules] ipa_pam_session_handler_notify_deskprofile_client() failed ...
      
    2. The profile was not correctly stored

      [ipa_pam_session_handler_done] Unable to fetch Desktop Profile rules ...
      [ipa_pam_session_handler_save_deskprofile_rules] Could not retrieve Desktop Profile rules from the cache
      ...
      [ipa_pam_session_handler_save_deskprofile_rules] Failed to save a Desktop Profile Rule to disk ...
      ...
      

If you did not have any luck with debugging the issue yourself you can reach us through multiple channels, see the Community page for more information. Please, provide us all the information that you have found in advance.