Re: freeIPA Host certs
by Florence Blanc-Renaud
On 3/18/19 7:50 PM, Azim Siddiqui wrote:
> Hi Florence,
>
> Thanks for your reply.
> I am referring to the applications. For example, we have
> Apache,haproxy,jenkins,git which uses certs signed by IPA. And now when
> I am browsing these applications urls. It is showing, this site is not
> secured.
> And originally, This cert were created by a system admin, who is not
> working with us now. So its getting hard for me to figure out, how can I
> create or renew the certs.
>
> And I don't see any files ssl.conf or nss.conf in the server.
> The output for getcert list command shows this :-
> getcert list
> Number of certificates and requests being tracked: 0.
>
>
> I just want to create a crt and key file signed by IPA. So that I can
> use it for the browsers.
Hi,
please keep the users mailing list in cc, so that everyone can get
involved/see the resolution.
It is difficult to provide advice with so few information. Can you start
by checking which certificates were already issued by FreeIPA, and we'll
see if they are expired?
$ kinit admin
$ ipa cert-find
With the full output and based on the subject you'll be able to identify
the host or service certs that you are using for your applications. For
each of these certs, run
$ kinit admin
$ ipa cert-show <serial number>
and the output will show if the cert is expired (check the Not After field).
For an expired cert, you will be able to renew the cert if you still
have the private key. The private key location can be found by checking
the configuration of your applications.
For instance apache on rhel or fedora stores its config in
/etc/httpd/conf/httpd.conf, which by default loads the modules in
conf.modules.d/*.conf and the config files in conf.d/*.conf.
flo
>
> Thanks,
> Azeem
>
>
> On Mon, 18 Mar 2019 at 05:30, Florence Blanc-Renaud <flo(a)redhat.com
> <mailto:flo@redhat.com>> wrote:
>
> On 3/15/19 8:16 PM, Azim Siddiqui wrote:
> > Hi Florence,
> >
> > Hope you are doing good. I tried the way you said. But still, it is
> > showing certificate is expired.
> >
> > Let me be more clear about it.
> >
> > We have apache running with an expired certificate which is
> signed by
> > FreeIPA. Now I want to renew or create a new certificate. So can you
> > please tell me how can I renew or create a new certificate signed by
> > Freeipa.
> > As whenever I am going to the Apache URL from the browser, it is
> showing
> > site is not secured.
> >
> > Thanks & Regards,
> > Azeem
> >
> Hi,
>
> (re-adding freeipa-users in CC).
> Can you first confirm that you are referring to a cert for the apache
> server *not running on one of the FreeIPA masters*?
>
> Then please explain how you originally obtained the certificate. Also
> include the following information:
> - relevant apache configuration (if using mod_ssl, then
> /etc/httpd/conf.d/ssl.conf or if using mod_nss,
> /etc/httpd/conf.d/nss.conf).
> - output of getcert list on the host running apache
>
> flo
>
> > On Wed, 19 Dec 2018 at 14:04, Florence Blanc-Renaud
> <flo(a)redhat.com <mailto:flo@redhat.com>
> > <mailto:flo@redhat.com <mailto:flo@redhat.com>>> wrote:
> >
> > On 12/13/18 4:04 PM, Azim Siddiqui via FreeIPA-users wrote:
> > > Hello,
> > >
> > > Hope you are doing good. I have a question regarding
> freeIPA host
> > > certificates.
> > > We are using FreeIPA as our LDAP. We have some
> certificates for
> > hosts ex
> > > :- http/uat.com <http://uat.com> <http://uat.com>
> <http://uat.com>.
> > > And we deploying the certs in Haproxy in PEM format.
> > > But the certificates for this host has been expired.
> > > Can you please let me know in detail how to renew my expired
> > > certificates for the hosts. Please provide me the commands
> and steps.
> > >
> > Hi,
> >
> > from your description I understand that you are referring to
> > certificates delivered by IPA CA for one of the IPA-enrolled
> hosts, but
> > not the master's Server-Cert used for IPA Web GUI.
> >
> > In this case, how did you obtain the certificate? If you used
> a method
> > similar to what is described in this wiki [1], the certificate
> > should be
> > monitored by certmonger and automatically renewed.
> >
> > If you followed instead this wiki [2], the certificate is not
> > tracked by
> > certmonger and needs to be manually renewed. You need to do the
> > following, assuming that the cert is in a NSS database $NSSDB
> on the
> > IPA
> > client:
> > - find the key nickname
> > # certutil -K -d $NSSDB
> > certutil: Checking token "NSS Certificate DB" in slot "NSS
> User Private
> > Key and Certificate Services"
> > Enter Password or Pin for "NSS Certificate DB":
> > < 0> rsa 7c0646606b33ab683ee4d1790719ebc4154db0f6 NSS
> > Certificate
> > DB:Server-Cert
> > (note the key nickname for the next command)
> >
> > - create a new certificate request that will re-use the
> existing key
> > (replace DOMAIN.COM <http://DOMAIN.COM> <http://DOMAIN.COM>
> with your IPA domain, in
> > uppercase):
> > # certutil -R -d $NSSDB -k "NSS Certificate DB:Server-Cert" -s
> > cn=`hostname,O=DOMAIN.COM <http://DOMAIN.COM>
> <http://DOMAIN.COM>" -a -o /tmp/cert.csr
> > Enter Password or Pin for "NSS Certificate DB":
> >
> > - request a certificate using the new certificate request
> > # kinit admin
> > # ipa cert-request --principal=HTTP/`hostname` /tmp/web.csr
> > (the output will display a Serial Number that needs to be
> noted for the
> > next command)
> >
> > - remove the previous cert from the NSS database:
> > # certutil -D -d $NSSDB -n Server-Cert
> >
> > - export the certificate to a file, then import the
> certificate in the
> > NSS database:
> > # ipa cert-show $SERIAL_NUMBER --out=/tmp/server.crt
> > # certutil -A -d $NSSDB -n Server-Cert -t u,u,u -i
> /tmp/server.crt
> >
> > HTH,
> > flo
> >
> > [1]
> >
> https://www.freeipa.org/page/PKI#Automated_certificate_requests_with_Cert...
> > [2] https://www.freeipa.org/page/PKI#Manual_certificate_requests
> >
> > > FreeIPA, version: 4.2.0
> > >
> > > Thanks & Regards,
> > > Azeem
> > >
> > >
> > > _______________________________________________
> > > FreeIPA-users mailing list --
> > freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> > <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>>
> > > To unsubscribe send an email to
> > freeipa-users-leave(a)lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org>
> > <mailto:freeipa-users-leave@lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org>>
> > > Fedora Code of Conduct:
> https://getfedora.org/code-of-conduct.html
> > > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> >
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> > >
> >
>
5 years, 2 months
ipa-replica-manage --force replica.server fails
by Ralph Crongeyer
Hi List,
I have a master server that had a replica installed. The replica has been
uninstalled. When I try to run "ipa-replica-manage del --force
replica.server" it fails with:
invalid 'PKINIT enabled server': all masters must have IPA master role
enabled
How can I delete this replica?
Thanks,
Ralph
5 years, 2 months
Re: ipa-replica-manage --force replica.server fails
by Dmitry Perets
Hi,
I have the same issue right now...
I had two working replicas, and I tried to add the third one. But due
to some issues with ansible playbook, the installation of that third
replica failed in the middle (I believe ansible lost SSH connection
somewhere in the middle). That obviously left the new replica in kinda
undefined state, which is not my issue. My issue is that it affected
WebUI of both other two replicas.
Exactly as the others report, I can no longer login to the WebUI. It
says "invalid 'PKINIT enabled server': all masters must have IPA
master role enabled" and then throws an exception:
TypeError: Cannot read property 'ipapwdexpadvnotify' of undefined
at Object.y.update_password_expiration
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?4060...)
at Object.start_runtime
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?4060...)
at Object.<anonymous>
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?4060...)
at https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?4060...
at Object.forEach
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=4060...)
at Object._run_phase
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?4060...)
at Object.next_phase
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?4060...)
at Object.<anonymous>
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/freeipa/app.js?4060...)
at c (https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=4060...)
at e.extend.then.then.t.then
(https://rhel-ipa-replica.ams.ims.telekom.de/ipa/ui/js/dojo/dojo.js?v=4060...)
All the commands offered in this thread give me the same error so far:
"invalid 'PKINIT enabled server': all masters must have IPA master
role enabled"
Fortunately, it seems that the domain services keep working fine,
users can login etc. But WebUI is dead, and the failed replica is
stuck in the list of ipa-replica-manage...
Sounds like a bug...?
--
Regards,
Dmitry Perets.
"The more one knows, the less opinions he shares"
-- Wilhelm Schwebel
5 years, 2 months
replace ipa-server and relink clients on same realm
by Rob van Halteren
I had to replace the IPA-server due to loss of CA
Original setup was that all clients were connected to a replica-server v3.0 on centos 6 that hosted the domain and realm OURDOMAIN.EXAMPLE
I configured a new IPA-master v4.6.4 on centos 7 with the same domain,realm, and id-range and reconnected all clients to the new master.
I used ipa-client-install --uninstall , cleared /var/lib/sss/db/*, and ran ipa-client-install
All clients now login from the new ipa-master. All woks fine as long as I leave the old replica-server online. As soon as I turn it off, my clients start to suffer problems after a couple of hours or next day that
cause several applications to stall when opening. Eg Firefox browser will not start any more. DNS is online and resolves requests
When I then start the old replica again all function restore almost immediately as it comes online.
Does someone has any idea what could be happening ?
5 years, 2 months
Block change others password
by Mateusz O
Hello,
I want to gave users possibility to change their password, but when I log in using user from ipausers group I can view others account and reset their passwords.
How to block it? I wan to set everything to block a normal user from group ipausers view others account (he's able to see only his account) and reset only his password.
Best regards?
Mateusz
5 years, 2 months
Re: freeIPA Host certs
by Florence Blanc-Renaud
On 3/15/19 8:16 PM, Azim Siddiqui wrote:
> Hi Florence,
>
> Hope you are doing good. I tried the way you said. But still, it is
> showing certificate is expired.
>
> Let me be more clear about it.
>
> We have apache running with an expired certificate which is signed by
> FreeIPA. Now I want to renew or create a new certificate. So can you
> please tell me how can I renew or create a new certificate signed by
> Freeipa.
> As whenever I am going to the Apache URL from the browser, it is showing
> site is not secured.
>
> Thanks & Regards,
> Azeem
>
Hi,
(re-adding freeipa-users in CC).
Can you first confirm that you are referring to a cert for the apache
server *not running on one of the FreeIPA masters*?
Then please explain how you originally obtained the certificate. Also
include the following information:
- relevant apache configuration (if using mod_ssl, then
/etc/httpd/conf.d/ssl.conf or if using mod_nss, /etc/httpd/conf.d/nss.conf).
- output of getcert list on the host running apache
flo
> On Wed, 19 Dec 2018 at 14:04, Florence Blanc-Renaud <flo(a)redhat.com
> <mailto:flo@redhat.com>> wrote:
>
> On 12/13/18 4:04 PM, Azim Siddiqui via FreeIPA-users wrote:
> > Hello,
> >
> > Hope you are doing good. I have a question regarding freeIPA host
> > certificates.
> > We are using FreeIPA as our LDAP. We have some certificates for
> hosts ex
> > :- http/uat.com <http://uat.com> <http://uat.com>.
> > And we deploying the certs in Haproxy in PEM format.
> > But the certificates for this host has been expired.
> > Can you please let me know in detail how to renew my expired
> > certificates for the hosts. Please provide me the commands and steps.
> >
> Hi,
>
> from your description I understand that you are referring to
> certificates delivered by IPA CA for one of the IPA-enrolled hosts, but
> not the master's Server-Cert used for IPA Web GUI.
>
> In this case, how did you obtain the certificate? If you used a method
> similar to what is described in this wiki [1], the certificate
> should be
> monitored by certmonger and automatically renewed.
>
> If you followed instead this wiki [2], the certificate is not
> tracked by
> certmonger and needs to be manually renewed. You need to do the
> following, assuming that the cert is in a NSS database $NSSDB on the
> IPA
> client:
> - find the key nickname
> # certutil -K -d $NSSDB
> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private
> Key and Certificate Services"
> Enter Password or Pin for "NSS Certificate DB":
> < 0> rsa 7c0646606b33ab683ee4d1790719ebc4154db0f6 NSS
> Certificate
> DB:Server-Cert
> (note the key nickname for the next command)
>
> - create a new certificate request that will re-use the existing key
> (replace DOMAIN.COM <http://DOMAIN.COM> with your IPA domain, in
> uppercase):
> # certutil -R -d $NSSDB -k "NSS Certificate DB:Server-Cert" -s
> cn=`hostname,O=DOMAIN.COM <http://DOMAIN.COM>" -a -o /tmp/cert.csr
> Enter Password or Pin for "NSS Certificate DB":
>
> - request a certificate using the new certificate request
> # kinit admin
> # ipa cert-request --principal=HTTP/`hostname` /tmp/web.csr
> (the output will display a Serial Number that needs to be noted for the
> next command)
>
> - remove the previous cert from the NSS database:
> # certutil -D -d $NSSDB -n Server-Cert
>
> - export the certificate to a file, then import the certificate in the
> NSS database:
> # ipa cert-show $SERIAL_NUMBER --out=/tmp/server.crt
> # certutil -A -d $NSSDB -n Server-Cert -t u,u,u -i /tmp/server.crt
>
> HTH,
> flo
>
> [1]
> https://www.freeipa.org/page/PKI#Automated_certificate_requests_with_Cert...
> [2] https://www.freeipa.org/page/PKI#Manual_certificate_requests
>
> > FreeIPA, version: 4.2.0
> >
> > Thanks & Regards,
> > Azeem
> >
> >
> > _______________________________________________
> > FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org>
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> >
>
5 years, 2 months
Ad user password authentication doesn't work
by Patrick Irish
I've been fighting with this for 2 months. I've rebuilt both the ad and ip server twice. Currently ipa and ad only contain a single unique user. AD and ipa are on separate dns domains (ad.domain.com and int.domain.com respectively). AD domain has windows pc joined to it. IPA server has linux server joined to it. Any help is greatly appreciated.
AD server
Server: dc0.ad.domain.com
Domain: ad.domain.com
IP: 10.10.60.81
IPA server
Server: identity.int.domain.com
domain int.domain.com
IP: 10.10.60.61
What works on ipa server:
id aduser
getent passwd aduser
kinit aduser(a)ad.domain.com
what doesn't work
ssh 'aduse(a)ad.domain.com'@ipaserver
Password:
Password:
Password:
[localuser@ipaserver] su - aduser(a)ad.domain.com
Password:
su: Authentication failure
logs:
ldap_child.log
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [main] (0x0400): ldap_child started.
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [main] (0x2000): context initialized
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x1000): total buffer size: 70
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x1000): realm_str size: 16
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x1000): got realm_str: INT.DOMAIN.COM
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x1000): princ_str size: 30
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x1000): got princ_str: host/identity.int.domain.com
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x1000): keytab_name size: 0
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x1000): lifetime: 86400
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unpack_buffer] (0x0200): Will run as [0][0].
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [privileged_krb5_setup] (0x2000): Kerberos context initialized
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [main] (0x2000): Kerberos context initialized
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [become_user] (0x0200): Trying to become user [0][0].
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [become_user] (0x0200): Already user [0].
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [main] (0x2000): Running as [0][0].
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [main] (0x2000): getting TGT sync
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [INT.DOMAIN.COM]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/identity.int.domain.com(a)INT.DOMAIN.COM]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14735: Getting initial credentials for host/identity.int.domain.com(a)INT.DOMAIN.COM
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14736: Looked up etypes in keytab: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14738: Sending unauthenticated request
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14739: Sending request (219 bytes) to INT.DOMAIN.COM
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14740: Initiating TCP connection to stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14741: ending TCP request to stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14742: Received answer (593 bytes) from stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14743: Terminating TCP connection to stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14744: Response was from master KDC
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14745: Received error from KDC: -1765328359/Additional pre-authentication required
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14748: Preauthenticating using KDC method data
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14749: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-PK-AS-REQ_OLD (14), PA-FX-FAST (136), PA-ETYPE-INFO2 (19), PA-PKINIT-KX (147), PA-SPAKE (151), PA-ENC-TIMESTAMP (2), PA_AS_FRESHNESS (150), PA-FX-COOKIE (133)
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14750: Selected etype info: etype aes256-cts, salt "INT.DOMAIN.COMhostidentity.int.domain.com", params ""
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14751: Received cookie: MIT1\x00\x00\x00\x01\x86\x9a\x8e>yI7\xe0\x9a\xa5xym\xa2,F{`d\xe7 N \x12\xef\xf1\x09)\x09:y\xc7J\xc8\xcd0U\x01\xacs\xbc\x02\x9a\xae\xfc\xe0\xa6\x0c\xe0\x96\x04e\xde\xc5?\xa0:U\xb8\xcdm\xbe\x0e\xf5\x9eW`\xa1\xd0\xcd\xed\xcd\xd0\x1a\xbb\xcfz\xe3\x91T\x03\xba\x05J\x8cz\xe3\x90\xe6\x8f\xa1\xf23\xea\xf8\x97\x12\xb7}\x15.\xd06$\x1aZ\xe7\xd5\xfd\x09D\xb2n\xafV\xb3\xc9\xab\xf8\xe7\xd3h-\xac?\x87\x15>\xd3G
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14752: PKINIT client has no configured identity; giving up
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14753: Preauth module pkinit (147) (info) returned: 0/Success
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14754: PKINIT client received freshness token from KDC
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14755: Preauth module pkinit (150) (info) returned: 0/Success
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14756: PKINIT client has no configured identity; giving up
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14757: Preauth module pkinit (16) (real) returned: 22/Invalid argument
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14758: PKINIT client ignoring draft 9 offer from RFC 4556 KDC
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14759: Preauth module pkinit (15) (real) returned: -1765328360/Preauthentication failed
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14760: PKINIT client ignoring draft 9 offer from RFC 4556 KDC
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14761: Preauth module pkinit (14) (real) returned: -1765328360/Preauthentication failed
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14762: PAKE challenge received with group 1, pubkey 400BEA93DC1F29293028E9CBDAB7FE7649318A0DBF7AF492C319ADA76A4B59F4
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14763: Retrieving host/identity.int.domain.com(a)INT.DOMAIN.COM from MEMORY:/etc/krb5.keytab (vno 0, enctype aes256-cts) with result: 0/Success
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14764: SPAKE key generated with pubkey 9BE6AA79E0B53D1B97641EB9FA6A27D0EE7C0387B05032B85920E190546464A6
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14765: SPAKE algorithm result: A501375464DD840A9E83F2038D18FE4AE664D3E8676983319E38E4D443476779
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14766: SPAKE final transcript hash: 27EB757B9F468B2A657293FB37623F3E7D47179A7A11B85D898D95011449DA2C
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14767: Sending SPAKE response
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14768: Preauth module spake (151) (real) returned: 0/Success
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14770: Sending request (478 bytes) to INT.DOMAIN.COM
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14771: Initiating TCP connection to stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14772: Sending TCP request to stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14773: Received answer (1496 bytes) from stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14774: Terminating TCP connection to stream 10.10.60.61:88
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14775: Response was from master KDC
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14776: Processing preauth types: PA-ETYPE-INFO2 (19)
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14777: Selected etype info: etype aes256-cts, salt "INT.DOMAIN.COMhostidentity.int.domain.com", params ""
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14778: Produced preauth for next request: (empty)
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14779: AS key determined by preauth: aes256-cts/5039
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14780: Decrypted AS reply; session key is: aes256-cts/4179
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14781: FAST negotiation: available
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_INT.DOMAIN.COM_YzeV0z]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14782: Initializing FILE:/var/lib/sss/db/ccache_INT.DOMAIN.COM_YzeV0z with default princ host/identity.int.domain.com(a)INT.DOMAIN.COM
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [sss_child_krb5_trace_cb] (0x4000): [2798] 1550983820.14783: Storing host/identity.int.domain.com(a)INT.DOMAIN.COM -> krbtgt/INT.DOMAIN.COM(a)INT.DOMAIN.COM in FILE:/var/lib/sss/db/ccache_INT.DOMAIN.COM_YzeV0z
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x2000): credentials stored
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_INT.DOMAIN.COM_YzeV0z] to [/var/lib/sss/db/ccache_INT.DOMAIN.COM]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_INT.DOMAIN.COM_YzeV0z]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_INT.DOMAIN.COM_YzeV0z]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [prepare_response] (0x0400): Building response for result [0]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [pack_buffer] (0x2000): response size: 64
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [44] msg [FILE:/var/lib/sss/db/ccache_INT.DOMAIN.COM]
(Sat Feb 23 23:50:20 2019) [[sssd[ldap_child[2798]]]] [main] (0x0400): ldap_child completed successfully
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [main] (0x0400): ldap_child started.
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [main] (0x2000): context initialized
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): total buffer size: 94
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): realm_str size: 15
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): got realm_str: AD.DOMAIN.COM
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): princ_str size: 12
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): got princ_str: INTDOMAIN$
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): keytab_name size: 43
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): got keytab_name: /var/lib/sss/keytabs/ad.domain.com.keytab
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x1000): lifetime: 86400
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unpack_buffer] (0x0200): Will run as [0][0].
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [privileged_krb5_setup] (0x2000): Kerberos context initialized
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [main] (0x2000): Kerberos context initialized
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [become_user] (0x0200): Trying to become user [0][0].
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [become_user] (0x0200): Already user [0].
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [main] (0x2000): Running as [0][0].
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [main] (0x2000): getting TGT sync
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [AD.DOMAIN.COM]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [INTDOMAIN$(a)AD.DOMAIN.COM]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/var/lib/sss/keytabs/ad.domain.com.keytab]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234657: Getting initial credentials for INTDOMAIN$(a)AD.DOMAIN.COM
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234658: Looked up etypes in keytab: aes256-cts, aes128-cts, rc4-hmac
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234660: Sending unauthenticated request
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234661: Sending request (198 bytes) to AD.DOMAIN.COM
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234662: Initiating TCP connection to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234663: Sending TCP request to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234664: Received answer (206 bytes) from stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234665: Terminating TCP connection to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234666: Response was from master KDC
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234667: Received error from KDC: -1765328359/Additional pre-authentication required
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234670: Preauthenticating using KDC method data
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234671: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2)
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234672: Selected etype info: etype aes256-cts, salt "AD.DOMAIN.COMkrbtgtINTDOMAIN", params ""
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234673: PKINIT client has no configured identity; giving up
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234674: PKINIT client has no configured identity; giving up
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234675: Preauth module pkinit (16) (real) returned: 22/Invalid argument
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234676: PKINIT client ignoring draft 9 offer from RFC 4556 KDC
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234677: Preauth module pkinit (15) (real) returned: -1765328360/Preauthentication failed
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234678: Retrieving INTDOMAIN$(a)AD.DOMAIN.COM from MEMORY:/var/lib/sss/keytabs/ad.domain.com.keytab (vno 0, enctype aes256-cts) with result: 0/Success
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234679: AS key obtained for encrypted timestamp: aes256-cts/18D5
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234681: Encrypted timestamp (for 1550983885.896873): plain 301AA011180F32303139303232343034353132355AA10502030DAF69, encrypted F264C965CF31F9501C9942AFEBF282493E712F282BBB6B47C1F7417317F6334B814F2E7CAB6FE13117A3BC3B8F8E91F5D0576E7957684AB3
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234682: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234683: Produced preauth for next request: PA-ENC-TIMESTAMP (2)
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234684: Sending request (278 bytes) to AD.DOMAIN.COM
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234685: Initiating TCP connection to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234686: Sending TCP request to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234685: Initiating TCP connection to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234686: Sending TCP request to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234687: Received answer (1585 bytes) from stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234688: Terminating TCP connection to stream 10.10.60.81:88
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234689: Response was from master KDC
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234690: Processing preauth types: PA-ETYPE-INFO2 (19)
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234691: Selected etype info: etype aes256-cts, salt "AD.DOMAIN.COMkrbtgtINTDOMAIN", params ""
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234692: Produced preauth for next request: (empty)
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234693: AS key determined by preauth: aes256-cts/18D5
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234694: Decrypted AS reply; session key is: aes256-cts/AE91
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234695: FAST negotiation: unavailable
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_AD.DOMAIN.COM_ZuI79F]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234696: Initializing FILE:/var/lib/sss/db/ccache_AD.DOMAIN.COM_ZuI79F with default princ INTDOMAIN$(a)AD.DOMAIN.COM
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [sss_child_krb5_trace_cb] (0x4000): [2802] 1550983884.234697: Storing INTDOMAIN$(a)AD.DOMAIN.COM -> krbtgt/AD.DOMAIN.COM(a)AD.DOMAIN.COM in FILE:/var/lib/sss/db/ccache_AD.DOMAIN.COM_ZuI79F
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x2000): credentials stored
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_AD.DOMAIN.COM_ZuI79F] to [/var/lib/sss/db/ccache_AD.DOMAIN.COM]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_AD.DOMAIN.COM_ZuI79F]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_AD.DOMAIN.COM_ZuI79F]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [prepare_response] (0x0400): Building response for result [0]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [pack_buffer] (0x2000): response size: 63
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [43] msg [FILE:/var/lib/sss/db/ccache_AD.DOMAIN.COM]
(Sat Feb 23 23:51:24 2019) [[sssd[ldap_child[2802]]]] [main] (0x0400): ldap_child completed successfully
krb5_child.log:
empty during log in attempts
sssd_int.domain.com.log
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_done] (0x0400): DP Request [Subdomains #15]: Request handler finished [0]: Success
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #15]: Receiving request data.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #15]: Finished. Success.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #15]: Returning [Success]: 0,0,Success
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:ad.domain.com'] from reply table
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #15]: Request removed.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c16110], connected[1], ops[(nil)], ldap[0x561795c1df90]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x561795bad8d0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_dispatch] (0x4000): Dispatching.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][name='aduser(a)ad.domain.com']
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_attach_req] (0x0400): DP Request [Account #16]: New request. Flags [0x0001].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain int.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain int.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [cn=accounts,dc=int,dc=domain,dc=com]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_print_server] (0x2000): Searching 10.10.60.61:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(|(krbPrincipalName='aduser(a)ad.domain.com')(mail='aduser(a)ad.domain.com')(krbPrincipalName='aduser\\(a)ad.domain.com'@INT.domain.COM))(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=int,dc=domain,dc=com].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUserAuthType]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_add] (0x2000): New operation 14 timeout 6
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c16110], connected[1], ops[0x561795c0d3a0], ldap[0x561795c1df90]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_destructor] (0x2000): Operation 14 finished
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [cn=trusts,dc=int,dc=domain,dc=com]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_print_server] (0x2000): Searching 10.10.60.61:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(&(|(krbPrincipalName='aduser(a)ad.domain.com')(mail='aduser(a)ad.domain.com')(krbPrincipalName='aduser\\(a)ad.domain.com'@INT.domain.COM))(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))(objectClass=ipaIDObject))][cn=trusts,dc=int,dc=domain,dc=com].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUserAuthType]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 15
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_add] (0x2000): New operation 15 timeout 6
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c16110], connected[1], ops[0x561795c0d3a0], ldap[0x561795c1df90]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c16110], connected[1], ops[0x561795c0d3a0], ldap[0x561795c1df90]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_destructor] (0x2000): Operation 15 finished
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_process] (0x2000): Retrieved total 0 users
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x561795c16e00
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x561795c16cf0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Running timer event 0x561795c16e00 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Destroying timer event 0x561795c16cf0 "ltdb_timeout"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Ending timer event 0x561795c16e00 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_search_by_name] (0x0400): No such entry
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_cache_search_groups] (0x2000): Search groups with filter: (&(objectCategory=group)(ghost='aduser(a)ad.domain.com'))
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x561795c1c110
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x561795c16cf0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Running timer event 0x561795c1c110 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Destroying timer event 0x561795c16cf0 "ltdb_timeout"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Ending timer event 0x561795c1c110 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_cache_search_groups] (0x2000): No such entry
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory)
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x561795c16e00
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x561795c16cf0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Running timer event 0x561795c16e00 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Destroying timer event 0x561795c16cf0 "ltdb_timeout"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Ending timer event 0x561795c16e00 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_search_user_by_upn] (0x0400): No entry with upn ['aduser(a)ad.domain.com'] found.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_done] (0x0400): DP Request [Account #16]: Request handler finished [0]: Success
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [_dp_req_recv] (0x0400): DP Request [Account #16]: Receiving request data.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #16]: Finished. Success.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_reply_std] (0x1000): DP Request [Account #16]: Returning [Success]: 0,0,Success
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:U:int.domain.com:name='aduser(a)ad.domain.com'] from reply table
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_destructor] (0x0400): DP Request [Account #16]: Request removed.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c16110], connected[1], ops[(nil)], ldap[0x561795c1df90]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x561795bad8d0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_dispatch] (0x4000): Dispatching.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][name='aduser(a)ad.domain.com']
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_attach_req] (0x0400): DP Request [Account #17]: New request. Flags [0x0001].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain int.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain ad.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain int.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain ad.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid='aduser))].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_print_server] (0x2000): Searching 10.10.60.61:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid='aduser))][cn=Default Trust View,cn=views,cn=accounts,dc=int,dc=domain,dc=com].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 16
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_add] (0x2000): New operation 16 timeout 6
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c16110], connected[1], ops[0x561795c0b230], ldap[0x561795c1df90]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_destructor] (0x2000): Operation 16 finished
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaUserOverride)(uid='aduser))].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain int.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain ad.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ipa_srv_ad_acct_lookup_step] (0x0400): Looking up AD account
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain int.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain ad.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sss_domain_get_state] (0x1000): Domain ad.domain.com is Active
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_connect_step] (0x4000): beginning to connect
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'sd_ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [get_server_status] (0x1000): Status of server 'dc0.ad.domain.com' is 'working'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [get_server_status] (0x0100): Hostname resolution expired, resetting the server status of 'dc0.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [set_server_common_status] (0x0100): Marking server 'dc0.ad.domain.com' as 'name not resolved'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [get_port_status] (0x1000): Port status of port 389 for server 'dc0.ad.domain.com' is 'working'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is expired
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [collapse_srv_lookup] (0x0100): Need to refresh SRV lookup for domain ad.domain.com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_srv_plugin_send] (0x0400): About to find domain controllers
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_get_dc_servers_send] (0x0400): Looking up domain controllers in domain ad.domain.com and site Default-First-Site-Name
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'Default-First-Site-Name._sites.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.Default-First-Site-Name._sites.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c16110], connected[1], ops[(nil)], ldap[0x561795c1df90]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [request_watch_destructor] (0x0400): Deleting request watch
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_discover_srv_done] (0x0040): SRV query failed [4]: Domain name not found
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_getsrv_done] (0x1000): Using TTL [600]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [request_watch_destructor] (0x0400): Deleting request watch
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_discover_srv_done] (0x0400): Got 1 servers
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_get_dc_servers_done] (0x0400): Found 1 domain controllers in domain ad.domain.com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_srv_plugin_dcs_done] (0x0400): About to locate suitable site
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_connect_host_send] (0x0400): Resolving host dc0.ad.domain.com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_is_address] (0x4000): [dc0.ad.domain.com] does not look like an IP address
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_step] (0x2000): Querying files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dc0.ad.domain.com' in files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_step] (0x2000): Querying files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dc0.ad.domain.com' in files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_step] (0x2000): Querying DNS
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dc0.ad.domain.com' in DNS
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [request_watch_destructor] (0x0400): Deleting request watch
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://dc0.ad.domain.com:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sssd_async_socket_init_send] (0x4000): Using file descriptor [30] for the connection.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://dc0.ad.domain.com:389/??base] with fd [30].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_connect_host_done] (0x0400): Successful connection to ldap://dc0.ad.domain.com:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_print_server] (0x2000): Searching 10.10.60.81:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=ad.domain.com)(NtVer=\14\00\00\00))][].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [netlogon]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_add] (0x2000): New operation 1 timeout 6
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795bb41c0], connected[1], ops[0x561795c1ad50], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_entry] (0x1000): OriginalDN: [].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [netlogon]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795bb41c0], connected[1], ops[0x561795c1ad50], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_destructor] (0x2000): Operation 1 finished
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_handle_release] (0x2000): Trace: sh[0x561795bb41c0], connected[1], ops[(nil)], ldap[0x561795bc93c0], destructor_lock[0], release_memory[0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [remove_connection_callback] (0x4000): Successfully removed connection callback.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_get_client_site_done] (0x0400): Found site: Default-First-Site-Name
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_get_client_site_done] (0x0400): Found forest: ad.domain.com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_srv_plugin_site_done] (0x0400): About to discover primary and backup servers
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_discover_servers_send] (0x0400): Looking up primary servers
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'Default-First-Site-Name._sites.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.Default-First-Site-Name._sites.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [request_watch_destructor] (0x0400): Deleting request watch
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_discover_srv_done] (0x0040): SRV query failed [4]: Domain name not found
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_getsrv_done] (0x1000): Using TTL [600]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [request_watch_destructor] (0x0400): Deleting request watch
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_discover_srv_done] (0x0400): Got 1 servers
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_srv_plugin_servers_done] (0x0400): Got 1 primary and 0 backup servers
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'dc0.ad.domain.com:389' to service 'sd_ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'sd_ad.domain.com' as 'resolved'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [get_server_status] (0x1000): Status of server 'dc0.ad.domain.com' is 'name not resolved'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_is_address] (0x4000): [dc0.ad.domain.com] does not look like an IP address
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_step] (0x2000): Querying files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dc0.ad.domain.com' in files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [set_server_common_status] (0x0100): Marking server 'dc0.ad.domain.com' as 'resolving name'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_step] (0x2000): Querying files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dc0.ad.domain.com' in files
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_step] (0x2000): Querying DNS
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dc0.ad.domain.com' in DNS
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [request_watch_destructor] (0x0400): Deleting request watch
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [set_server_common_status] (0x0100): Marking server 'dc0.ad.domain.com' as 'name resolved'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [be_resolve_server_process] (0x0200): Found address for server dc0.ad.domain.com: [10.10.60.81] TTL 600
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://dc0.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://dc0.ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [krb5_add_krb5info_offline_callback] (0x4000): Removal callback already available for service [sd_ad.domain.com].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_2flUNz]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/pubconf/.krb5info_dummy_2flUNz]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sssd_async_socket_init_send] (0x4000): Using file descriptor [25] for the connection.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://dc0.ad.domain.com:389/??base] with fd [25].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_print_server] (0x2000): Searching 10.10.60.81:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_add] (0x2000): New operation 1 timeout 6
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[0x561795c15290], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_entry] (0x1000): OriginalDN: [].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [currentTime]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [subschemaSubentry]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [dsServiceName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [namingContexts]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [defaultNamingContext]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [schemaNamingContext]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [configurationNamingContext]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [rootDomainNamingContext]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPPolicies]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [highestCommittedUSN]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedSASLMechanisms]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [dnsHostName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [ldapServiceName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [serverName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedCapabilities]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [isSynchronized]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [isGlobalCatalogReady]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedExtension]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainFunctionality]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [forestFunctionality]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainControllerFunctionality]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[0x561795c15290], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_destructor] (0x2000): Operation 1 finished
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_rootdse_done] (0x2000): Got rootdse
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 49446 (int: 49446)
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [7]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_server_opts_from_rootdse] (0x0100): Will look for schema at [CN=Schema,CN=Configuration,DC=ad,DC=domain,DC=com]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_kinit_send] (0x0400): Attempting kinit (/var/lib/sss/keytabs/ad.domain.com.keytab, INTdomain$, AD.domain.COM, 86400)
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service sd_ad.domain.com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'sd_ad.domain.com'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [get_server_status] (0x1000): Status of server 'dc0.ad.domain.com' is 'name resolved'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [get_server_status] (0x1000): Status of server 'dc0.ad.domain.com' is 'name resolved'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [be_resolve_server_process] (0x0200): Found address for server dc0.ad.domain.com: [10.10.60.81] TTL 600
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT...
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 94
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [2802]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for TGT child
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[(nil)], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [write_pipe_handler] (0x0400): All data has been sent!
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_AD.domain.COM], expired on [1551019884]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_cli_auth_step] (0x1000): the connection will expire at 1550984784
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: INTdomain$
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [child_sig_handler] (0x1000): Waiting for child [2802].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [child_sig_handler] (0x0100): child [2802] finished successfully.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_cli_connect_recv] (0x0400): Connection established.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv: 2086
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'dc0.ad.domain.com' as 'working'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [set_server_common_status] (0x0100): Marking server 'dc0.ad.domain.com' as 'working'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'dc0.ad.domain.com' as 'working'
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_connect_done] (0x2000): Old USN: 49438, New USN: 49446
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_connect_done] (0x4000): notify connected to op #1
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [dc=ad,dc=domain,dc=com]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_print_server] (0x2000): Searching 10.10.60.81:389
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(|(userPrincipalName='aduser(a)ad.domain.com')(mail='aduser(a)ad.domain.com')(userPrincipalName='aduser\\(a)ad.domain.com'@AD.domain.COM))(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=ad,dc=domain,dc=com].
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_add] (0x2000): New operation 5 timeout 6
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_connect_done] (0x4000): caching successful connection after 1 notifies
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [be_run_unconditional_online_cb] (0x4000): List of unconditional online callbacks is empty, nothing to do.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[0x561795c298a0], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://ForestDnsZones.ad.domain.com/DC=ForestDnsZones,DC=ad,DC=domain,DC=com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[0x561795c298a0], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://DomainDnsZones.ad.domain.com/DC=DomainDnsZones,DC=ad,DC=domain,DC=com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[0x561795c298a0], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://ad.domain.com/CN=Configuration,DC=ad,DC=domain,DC=com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[0x561795c298a0], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_op_destructor] (0x2000): Operation 5 finished
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [generic_ext_search_handler] (0x4000): Request included referrals which were ignored.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [generic_ext_search_handler] (0x4000): Ref: ldap://ForestDnsZones.ad.domain.com/DC=ForestDnsZones,DC=ad,DC=domain,DC=com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [generic_ext_search_handler] (0x4000): Ref: ldap://DomainDnsZones.ad.domain.com/DC=DomainDnsZones,DC=ad,DC=domain,DC=com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [generic_ext_search_handler] (0x4000): Ref: ldap://ad.domain.com/CN=Configuration,DC=ad,DC=domain,DC=com
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_search_user_process] (0x2000): Retrieved total 0 users
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x561795c16cf0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x561795c2a8f0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Running timer event 0x561795c16cf0 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Destroying timer event 0x561795c2a8f0 "ltdb_timeout"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Ending timer event 0x561795c16cf0 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_search_by_name] (0x0400): No such entry
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_cache_search_groups] (0x2000): Search groups with filter: (&(objectCategory=group)(ghost='aduser(a)ad.domain.com'))
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x561795c1c110
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x561795c2a8f0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Running timer event 0x561795c1c110 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Destroying timer event 0x561795c2a8f0 "ltdb_timeout"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Ending timer event 0x561795c1c110 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_cache_search_groups] (0x2000): No such entry
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory)
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x561795c16cf0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x561795c2a8f0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Running timer event 0x561795c16cf0 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Destroying timer event 0x561795c2a8f0 "ltdb_timeout"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ldb] (0x4000): Ending timer event 0x561795c16cf0 "ltdb_callback"
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sysdb_search_user_by_upn] (0x0400): No entry with upn ['aduser(a)ad.domain.com'] found.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [ipa_get_ad_acct_ad_part_done] (0x0080): Object not found, ending request
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_done] (0x0400): DP Request [Account #17]: Request handler finished [0]: Success
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [_dp_req_recv] (0x0400): DP Request [Account #17]: Receiving request data.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #17]: Finished. Success.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_reply_std] (0x1000): DP Request [Account #17]: Returning [Success]: 0,0,Success
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:U:ad.domain.com:name='aduser(a)ad.domain.com'] from reply table
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_destructor] (0x0400): DP Request [Account #17]: Request removed.
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: sh[0x561795c078f0], connected[1], ops[(nil)], ldap[0x561795bc93c0]
(Sat Feb 23 23:51:24 2019) [sssd[be[int.domain.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
5 years, 2 months
unable to have ipa users only
by Albert Szostkiewicz
Now this might be more of a distro issue rather than IPA itself and I have already reported it on bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1688363) and tried to get any answers on ask fedora but no luck (https://ask.fedoraproject.org/en/question/133793/fresh-fedora-with-domain...).
Long story short:
1. with fresh, new fedora 29 installation, instead of creating a user, i choose domain user
2. login as domain user, sessions starts and everything looks normal
3. after restart, i am being greet yet again with 'gnome-initial-setup' like no user exists
4. if i do create some some local user just for sake of not getting initial setup, and log-in as ipa domain user, any 'Administrator' authentication is asking for local user password (not the ipa user i am logged as).
5. if i would remove local user, i would get 'gnome-initial-setup' all over again
So I was wondering if any of you had or heard about similar issues and ideas for solution.
So far I've tried manually adding ipa user to wheel group but that did not help.
5 years, 2 months
LDAP module configuration
by Boudjoudad Abdelkader
Hello Alexander and all,
Can you someone please let me know what's the group object in LDAP 389 DS ?
I have this path to search the groups but it's not returning results:
In /etc/raddb/mods-enabled/ldap:
ldap {
server = 'freeipa.dc=server,dc=example,dc=com
# port = 389
# identity = 'cn=admin,dc=server,dc=example,dc=com'
# password = mypass
base_dn = 'cn=users,cn=accounts,dc=server,dc=example,dc=com'
...
}
group {
base_dn = 'cn=groups,cn=accounts,dc=server,dc=example,dc=com'
dc=example,dc=com
name_attribute = cn
membership_filter =
"(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
membership_attribute = memberOf
...
}
What i'm missing in group base_dn path ?
Thanks,
5 years, 2 months
No group membership attribute(s) found in user object
by Boudjoudad Abdelkader
Hi,
I'm trying to check if user is in a given group name in LDAP but it doesn't
work, here is the configuration:
- vi /etc/raddb/mods-enabled/ldap
ldap {
...
base_dn = 'cn=users,cn=accounts,dc=server,dc=example,dc=com'
...
}
group {
base_dn = "${..base_dn}"
filter = '(objectClass=posixGroup)'
scope = 'sub'
name_attribute = cn
membership_filter =
"(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
membership_attribute = memberOf
cacheable_name = 'yes'
cacheable_dn = 'yes'
# cache_attribute = 'LDAP-Cached-Membership'
The result:
rlm_ldap (ldap): Reserved connection (2)
(0) Using user DN from request
"uid=ttest2,cn=users,cn=accounts,dc=server,dc=example,dc=com"
(0) Checking for user in group objects
(0) EXPAND
(&(cn=ipausers)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})))
(0) -->
(&(cn=ipausers)(objectClass=posixGroup)(|(member=uid\3dttest2\2ccn\3dusers\2ccn\3daccounts\2cdc\3dserver\2cdc\3dexample\2cdc\3com)(memberUid=ttest2)))
(0) Performing search in
"cn=users,cn=accounts,dc=server,dc=example,dc=com" with filter
"(&(cn=ipausers)(objectClass=posixGroup)(|(member=uid\3dttest2\2ccn\3dusers\2ccn\3daccounts\2cdc\3dserver\2cdc\3dexample\2cdc\3dcom)(memberUid=ttest2)))",
scope "sub"
(0) Waiting for search result...
(0) Search returned no results
(0) Checking user object's memberOf attributes
(0) Performing unfiltered search in
"uid=ttest2,cn=users,cn=accounts,dc=server,dc=example,dc=com", scope "base"
(0) Waiting for search result...
(0) No group membership attribute(s) found in user object
What i'm missing ?
Thanks,
5 years, 2 months