After upgrading our IPA servers AD user resolution seems to have stopped
working.
id myADUser says:
id: ‘myADUser’: no such user
Why? The log say:
==> /var/log/sssd/sssd_nss.log <==
(2020-11-18 9:09:59): [nss] [accept_fd_handler] (0x0400): Client
[0x55b92cb403e0][26] connected!
(2020-11-18 9:09:59): [nss] [sss_cmd_get_version] (0x0200): Received
client version [1].
(2020-11-18 9:09:59): [nss] [sss_cmd_get_version] (0x0200): Offered
version [1].
(2020-11-18 9:09:59): [nss] [nss_getby_name] (0x0400): Input name: myADUser
(2020-11-18 9:09:59): [nss] [cache_req_send] (0x0400): CR #0: New
request 'User by name'
(2020-11-18 9:09:59): [nss] [cache_req_process_input] (0x0400): CR #0:
Parsing input name [myADUser]
(2020-11-18 9:09:59): [nss] [sss_parse_name_for_domains] (0x0200): name
'myADUser' matched without domain, user is myADUser
(2020-11-18 9:09:59): [nss] [nss_get_object_send] (0x0400): Client
[0x55b92cb403e0][26]: sent cache request #0
(2020-11-18 9:09:59): [nss] [cache_req_set_name] (0x0400): CR #0:
Setting name [myADUser]
(2020-11-18 9:09:59): [nss] [cache_req_select_domains] (0x0400): CR #0:
Performing a multi-domain search
(2020-11-18 9:09:59): [nss] [cache_req_search_domains] (0x0400): CR #0:
Search will check the cache and check the data provider
(2020-11-18 9:09:59): [nss] [cache_req_set_domain] (0x0400): CR #0:
Using domain [implicit_files]
(2020-11-18 9:09:59): [nss] [cache_req_prepare_domain_data] (0x0400):
CR #0: Preparing input data for domain [implicit_files] rules
(2020-11-18 9:09:59): [nss] [cache_req_search_send] (0x0400): CR #0:
Looking up myADUser@implicit_files
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
Checking negative cache for [myADUser@implicit_files]
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
[myADUser@implicit_files] is not present in negative cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser@implicit_files] in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser@implicit_files] was not found in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_dp] (0x0400): CR #0:
Looking up [myADUser@implicit_files] in data provider
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser@implicit_files] in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser@implicit_files] was not found in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache_add_to_domain]
(0x0400): CR #0: Adding [myADUser@implicit_files] to negative cache
(2020-11-18 9:09:59): [nss] [sss_ncache_set_str] (0x0400): Adding
[NCE/USER/implicit_files/myADUser@implicit_files] to negative cache
(2020-11-18 9:09:59): [nss] [cache_req_set_domain] (0x0400): CR #0:
Using domain [org.mydomain.at]
(2020-11-18 9:09:59): [nss] [cache_req_prepare_domain_data] (0x0400):
CR #0: Preparing input data for domain [org.mydomain.at] rules
(2020-11-18 9:09:59): [nss] [cache_req_search_send] (0x0400): CR #0:
Looking up myADUser(a)org.mydomain.at
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
Checking negative cache for [myADUser(a)org.mydomain.at]
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
[myADUser(a)org.mydomain.at] is not present in negative cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)org.mydomain.at] in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)org.mydomain.at] was not found in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_dp] (0x0400): CR #0:
Looking up [myADUser(a)org.mydomain.at] in data provider
(2020-11-18 9:09:59): [nss] [sss_dp_get_account_send] (0x0400):
Creating request for
[org.mydomain.at][0x1][BE_REQ_USER][name=myADUser@org.mydomain.at:-]
==> /var/log/sssd/sssd_linux.mydomain.at.log <==
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[dp_get_account_info_send] (0x0200): Got request for
[0x1][BE_REQ_USER][name=myADUser(a)org.mydomain.at]
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
DP Request [Account #1]: New request. Flags [0x0001].
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=myADUser))][cn=Default Trust
View,cn=views,cn=accounts,dc=linux,dc=mydomain,dc=at].
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[ipa_s2n_get_acct_info_send] (0x0400): Sending request_type:
[REQ_FULL_WITH_MEMBERS] for trust user [myADUser] to IPA server
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [ipa_s2n_exop_send]
(0x0400): Executing extended operation
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [ipa_s2n_exop_done]
(0x0040): ldap_extended_operation result: No such object(32), (null).
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [sysdb_search_by_name]
(0x0400): No such entry
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_req_done] (0x0400):
DP Request [Account #1]: Request handler finished [0]: Success
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [_dp_req_recv] (0x0400):
DP Request [Account #1]: Receiving request data.
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): DP Request [Account #1]: Request removed.
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [sbus_issue_request_done]
(0x0400): sssd.dataprovider.getAccountInfo: Success
==> /var/log/sssd/sssd_nss.log <==
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)org.mydomain.at] in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)org.mydomain.at] was not found in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache_add_to_domain]
(0x0400): CR #0: Adding [myADUser(a)org.mydomain.at] to negative cache
(2020-11-18 9:09:59): [nss] [sss_ncache_set_str] (0x0400): Adding
[NCE/USER/org.mydomain.at/myADUser(a)org.mydomain.at] to negative cache
(2020-11-18 9:09:59): [nss] [cache_req_set_domain] (0x0400): CR #0:
Using domain [linux.mydomain.at]
(2020-11-18 9:09:59): [nss] [cache_req_prepare_domain_data] (0x0400):
CR #0: Preparing input data for domain [linux.mydomain.at] rules
(2020-11-18 9:09:59): [nss] [cache_req_search_send] (0x0400): CR #0:
Looking up myADUser(a)linux.mydomain.at
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
Checking negative cache for [myADUser(a)linux.mydomain.at]
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
[myADUser(a)linux.mydomain.at] is not present in negative cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)linux.mydomain.at] in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)linux.mydomain.at] was not found in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_dp] (0x0400): CR #0:
Looking up [myADUser(a)linux.mydomain.at] in data provider
(2020-11-18 9:09:59): [nss] [sss_dp_get_account_send] (0x0400):
Creating request for
[linux.mydomain.at][0x1][BE_REQ_USER][name=myADUser@linux.mydomain.at:-]
==> /var/log/sssd/sssd_linux.mydomain.at.log <==
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[dp_get_account_info_send] (0x0200): Got request for
[0x1][BE_REQ_USER][name=myADUser(a)linux.mydomain.at]
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
DP Request [Account #2]: New request. Flags [0x0001].
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_search_user_next_base] (0x0400): Searching for users with base
[cn=accounts,dc=linux,dc=mydomain,dc=at]
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(uid=myADUser)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=linux,dc=mydomain,dc=at].
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_search_user_process] (0x0400): Search for users, returned 0 results.
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [sysdb_search_by_name]
(0x0400): No such entry
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [sysdb_search_by_name]
(0x0400): No such entry
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending
request
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_req_done] (0x0400):
DP Request [Account #2]: Request handler finished [0]: Success
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [_dp_req_recv] (0x0400):
DP Request [Account #2]: Receiving request data.
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): DP Request [Account #2]: Request removed.
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [sbus_issue_request_done]
(0x0400): sssd.dataprovider.getAccountInfo: Success
==> /var/log/sssd/sssd_nss.log <==
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)linux.mydomain.at] in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)linux.mydomain.at] was not found in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache_add_to_domain]
(0x0400): CR #0: Adding [myADUser(a)linux.mydomain.at] to negative cache
(2020-11-18 9:09:59): [nss] [sss_ncache_set_str] (0x0400): Adding
[NCE/USER/linux.mydomain.at/myADUser(a)linux.mydomain.at] to negative cache
(2020-11-18 9:09:59): [nss] [cache_req_set_domain] (0x0400): CR #0:
Using domain [buero.mydomain.at]
(2020-11-18 9:09:59): [nss] [cache_req_prepare_domain_data] (0x0400):
CR #0: Preparing input data for domain [buero.mydomain.at] rules
(2020-11-18 9:09:59): [nss] [cache_req_search_send] (0x0400): CR #0:
Looking up myADUser(a)buero.mydomain.at
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
Checking negative cache for [myADUser(a)buero.mydomain.at]
(2020-11-18 9:09:59): [nss] [cache_req_search_ncache] (0x0400): CR #0:
[myADUser(a)buero.mydomain.at] is not present in negative cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)buero.mydomain.at] in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)buero.mydomain.at] was not found in cache
(2020-11-18 9:09:59): [nss] [cache_req_search_dp] (0x0400): CR #0:
Looking up [myADUser(a)buero.mydomain.at] in data provider
(2020-11-18 9:09:59): [nss] [sss_dp_get_account_send] (0x0400):
Creating request for
[buero.mydomain.at][0x1][BE_REQ_USER][name=myADUser@buero.mydomain.at:-]
==> /var/log/sssd/sssd_linux.mydomain.at.log <==
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[dp_get_account_info_send] (0x0200): Got request for
[0x1][BE_REQ_USER][name=myADUser(a)buero.mydomain.at]
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
DP Request [Account #3]: New request. Flags [0x0001].
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=myADUser))][cn=Default Trust
View,cn=views,cn=accounts,dc=linux,dc=mydomain,dc=at].
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(2020-11-18 9:09:59): [be[linux.mydomain.at]]
[ipa_s2n_get_acct_info_send] (0x0400): Sending request_type:
[REQ_FULL_WITH_MEMBERS] for trust user [myADUser] to IPA server
(2020-11-18 9:09:59): [be[linux.mydomain.at]] [ipa_s2n_exop_send]
(0x0400): Executing extended operation
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [ipa_s2n_exop_done]
(0x0040): ldap_extended_operation result: No such object(32), (null).
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sysdb_search_by_name]
(0x0400): No such entry
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_done] (0x0400):
DP Request [Account #3]: Request handler finished [0]: Success
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [_dp_req_recv] (0x0400):
DP Request [Account #3]: Receiving request data.
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): DP Request [Account #3]: Request removed.
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sbus_issue_request_done]
(0x0400): sssd.dataprovider.getAccountInfo: Success
==> /var/log/sssd/sssd_nss.log <==
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)buero.mydomain.at] in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)buero.mydomain.at] was not found in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_ncache_add_to_domain]
(0x0400): CR #0: Adding [myADUser(a)buero.mydomain.at] to negative cache
(2020-11-18 9:10:00): [nss] [sss_ncache_set_str] (0x0400): Adding
[NCE/USER/buero.mydomain.at/myADUser(a)buero.mydomain.at] to negative cache
(2020-11-18 9:10:00): [nss] [cache_req_set_domain] (0x0400): CR #0:
Using domain [mydomain.at]
(2020-11-18 9:10:00): [nss] [cache_req_prepare_domain_data] (0x0400):
CR #0: Preparing input data for domain [mydomain.at] rules
(2020-11-18 9:10:00): [nss] [cache_req_search_send] (0x0400): CR #0:
Looking up myADUser(a)mydomain.at
(2020-11-18 9:10:00): [nss] [cache_req_search_ncache] (0x0400): CR #0:
Checking negative cache for [myADUser(a)mydomain.at]
(2020-11-18 9:10:00): [nss] [cache_req_search_ncache] (0x0400): CR #0:
[myADUser(a)mydomain.at] is not present in negative cache
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)mydomain.at] in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)mydomain.at] was not found in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_dp] (0x0400): CR #0:
Looking up [myADUser(a)mydomain.at] in data provider
(2020-11-18 9:10:00): [nss] [sss_dp_get_account_send] (0x0400):
Creating request for
[mydomain.at][0x1][BE_REQ_USER][name=myADUser@mydomain.at:-]
==> /var/log/sssd/sssd_linux.mydomain.at.log <==
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[dp_get_account_info_send] (0x0200): Got request for
[0x1][BE_REQ_USER][name=myADUser(a)mydomain.at]
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
DP Request [Account #4]: New request. Flags [0x0001].
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=myADUser))][cn=Default Trust
View,cn=views,cn=accounts,dc=linux,dc=mydomain,dc=at].
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[ipa_s2n_get_acct_info_send] (0x0400): Sending request_type:
[REQ_FULL_WITH_MEMBERS] for trust user [myADUser] to IPA server
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [ipa_s2n_exop_send]
(0x0400): Executing extended operation
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [ipa_s2n_exop_done]
(0x0040): ldap_extended_operation result: No such object(32), (null).
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sysdb_search_by_name]
(0x0400): No such entry
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_done] (0x0400):
DP Request [Account #4]: Request handler finished [0]: Success
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [_dp_req_recv] (0x0400):
DP Request [Account #4]: Receiving request data.
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): DP Request [Account #4]: Request removed.
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sbus_issue_request_done]
(0x0400): sssd.dataprovider.getAccountInfo: Success
==> /var/log/sssd/sssd_nss.log <==
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)mydomain.at] in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)mydomain.at] was not found in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_ncache_add_to_domain]
(0x0400): CR #0: Adding [myADUser(a)mydomain.at] to negative cache
(2020-11-18 9:10:00): [nss] [sss_ncache_set_str] (0x0400): Adding
[NCE/USER/mydomain.at/myADUser(a)mydomain.at] to negative cache
(2020-11-18 9:10:00): [nss] [cache_req_set_domain] (0x0400): CR #0:
Using domain [tk.mydomain.at]
(2020-11-18 9:10:00): [nss] [cache_req_prepare_domain_data] (0x0400):
CR #0: Preparing input data for domain [tk.mydomain.at] rules
(2020-11-18 9:10:00): [nss] [cache_req_search_send] (0x0400): CR #0:
Looking up myADUser(a)tk.mydomain.at
(2020-11-18 9:10:00): [nss] [cache_req_search_ncache] (0x0400): CR #0:
Checking negative cache for [myADUser(a)tk.mydomain.at]
(2020-11-18 9:10:00): [nss] [cache_req_search_ncache] (0x0400): CR #0:
[myADUser(a)tk.mydomain.at] is not present in negative cache
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)tk.mydomain.at] in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)tk.mydomain.at] was not found in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_dp] (0x0400): CR #0:
Looking up [myADUser(a)tk.mydomain.at] in data provider
(2020-11-18 9:10:00): [nss] [sss_dp_get_account_send] (0x0400):
Creating request for
[tk.mydomain.at][0x1][BE_REQ_USER][name=myADUser@tk.mydomain.at:-]
==> /var/log/sssd/sssd_linux.mydomain.at.log <==
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[dp_get_account_info_send] (0x0200): Got request for
[0x1][BE_REQ_USER][name=myADUser(a)tk.mydomain.at]
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
DP Request [Account #5]: New request. Flags [0x0001].
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=myADUser))][cn=Default Trust
View,cn=views,cn=accounts,dc=linux,dc=mydomain,dc=at].
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(2020-11-18 9:10:00): [be[linux.mydomain.at]]
[ipa_s2n_get_acct_info_send] (0x0400): Sending request_type:
[REQ_FULL_WITH_MEMBERS] for trust user [myADUser] to IPA server
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [ipa_s2n_exop_send]
(0x0400): Executing extended operation
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [ipa_s2n_exop_done]
(0x0040): ldap_extended_operation result: No such object(32), (null).
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sysdb_search_by_name]
(0x0400): No such entry
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_done] (0x0400):
DP Request [Account #5]: Request handler finished [0]: Success
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [_dp_req_recv] (0x0400):
DP Request [Account #5]: Receiving request data.
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): DP Request [Account #5]: Request removed.
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(2020-11-18 9:10:00): [be[linux.mydomain.at]] [sbus_issue_request_done]
(0x0400): sssd.dataprovider.getAccountInfo: Success
==> /var/log/sssd/sssd_nss.log <==
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Looking up [myADUser(a)tk.mydomain.at] in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_cache] (0x0400): CR #0:
Object [myADUser(a)tk.mydomain.at] was not found in cache
(2020-11-18 9:10:00): [nss] [cache_req_search_ncache_add_to_domain]
(0x0400): CR #0: Adding [myADUser(a)tk.mydomain.at] to negative cache
(2020-11-18 9:10:00): [nss] [sss_ncache_set_str] (0x0400): Adding
[NCE/USER/tk.mydomain.at/myADUser(a)tk.mydomain.at] to negative cache
(2020-11-18 9:10:00): [nss] [cache_req_process_result] (0x0400): CR #0:
Finished: Not found
(2020-11-18 9:10:00): [nss] [client_recv] (0x0200): Client disconnected!
Show replies by date
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
After upgrading our IPA servers AD user resolution seems to have
stopped
working.
id myADUser says:
id: ‘myADUser’: no such user
It might have something to do with:
sssctl domain-status org.mydomain.at
Online status: Offline
But why is it seen as offline?
On 18.11.20 09:41, Ronald Wimmer via FreeIPA-users wrote:
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
> After upgrading our IPA servers AD user resolution seems to have
> stopped working.
>
> id myADUser says:
> id: ‘myADUser’: no such user
It might have something to do with:
sssctl domain-status org.mydomain.at
Online status: Offline
But why is it seen as offline?
./sssd_linux.mydomain.at.log:(2020-11-18 9:35:48):
[be[linux.mydomain.at]] [fo_set_port_status] (0x0100): Marking port 389
of server 'somedomaincontroller.org.mydomain.at' as 'not working'
./sssd_linux.mydomain.at.log:(2020-11-18 9:35:48):
[be[linux.mydomain.at]] [fo_set_port_status] (0x0400): Marking port 389
of duplicate server 'somedomaincontroller.org.mydomain.at' as 'not
working'
On ke, 18 marras 2020, Ronald Wimmer via FreeIPA-users wrote:
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
>After upgrading our IPA servers AD user resolution seems to have
>stopped working.
>
>id myADUser says:
>id: ‘myADUser’: no such user
It might have something to do with:
sssctl domain-status org.mydomain.at
Online status: Offline
But why is it seen as offline?
In your original log you can see that ipa_s2n requests return an error.
Check SSSD logs on IPA masters that the client talks to. This all is
covered at
https://sssd.io/docs/users/troubleshooting.html#common-ipa-provider-issues
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
On 18.11.20 09:46, Alexander Bokovoy wrote:
On ke, 18 marras 2020, Ronald Wimmer via FreeIPA-users wrote:
> On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
>> After upgrading our IPA servers AD user resolution seems to have
>> stopped working.
>>
>> id myADUser says:
>> id: ‘myADUser’: no such user
>
> It might have something to do with:
> sssctl domain-status org.mydomain.at
> Online status: Offline
>
> But why is it seen as offline?
In your original log you can see that ipa_s2n requests return an error.
Check SSSD logs on IPA masters that the client talks to. This all is
covered at
https://sssd.io/docs/users/troubleshooting.html#common-ipa-provider-issues
As it turned out I had to enable an encryption policy in order to allow
the deprecated type RC4 for communication to AD.
This is done by issuing the command (on every 8.3 server that needs to
communicate to AD) by:
update-crypto-policies --set DEFAULT:AD-SUPPORT
Details can be found in the Ootpa Release Notes:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
Cheers,
Ronald