sudo does not work with SSSD
by Asif Iqbal
Hi All
I have this is sssd.conf
[sudo]
debug_level = 0x3ff0
[domain/LDAP]
debug_level = 0x02F0
...
sudo_provider = ldap
ldap_sudo_search_base = ou=People,dc=mnet,dc=qintra,dc=com
ldap_sudorule_object_class = mnetperson
user can login OK with ldap, but sudo is failing
I see the it is doing a ldapsearch like this in the sssd_sudo.log
(Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=iqbala)(sudoUser=#408462)(sudoUser=%iqbala)(sudoUser=+*)))]
(Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [iqbala@LDAP]
It would have worked if search were like this
(&(objectClass=mnetperson)(|(sudoUser=ALL)(name=defaults)(uid=iqbala)(sudoUser=#408462)(sudoUser=%iqbala)(sudoUser=+*)))
How do I change the config to search like above?
Essentiall all I need is (&(objectClass=mnetperson)(uid=iqbala)) and may be
I will add more attributes if I want other groups to be able to sudo.
Also I do I map this to the sudo command that a user can run?
Appreciate the help!
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
6 years, 6 months
Does anyone use id_provider=local ?
by Jakub Hrozek
Hi,
are there any SSSD users who actively use a configuration with:
id_provider=local ?
If so, what is your use-case?
We're considering deprecating and eventually removing this provider
upstream. The replacemant for id_provider=local would be id_provider=files:
https://fedorahosted.org/sssd/wiki/DesignDocs/FilesProvider
which is already under review and later extension of the SSSD's D-Bus
interface to allow manipulating custom user attributes.
My current plan for deprecating the local provider is to only build the
provider and the tools around it if a configure-time flag is provided.
This flag would be disabled by default. Then, if noone complains,
eventually just remove the code.
6 years, 6 months
SSSD reports errors with GPO formatted using SDDL
by Daniel Bryan
Hello, I noticed some of our users having linux authentication issues
recently. Upon further digging it happened when a GPO was applied to the
same OU these linux servers belonged to. The debug logs said there was an
error due to a missing equal sign. I tracked down the policy and looked at
the ini file and instantly noticed it differed from the normal format.
*Many of our GPOs are in the format of:*
[section]
key=value
*But this one was like:*
saltminion",2,"D:AR(A;;CCLCSWLOCRRC;;;AU(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LA)(A;;CCLCSWL
The result was that access was denied to the user logging into the server.
*Questions:*
1.) Should SSSD be able to parse GPOs using the template of Microsofts SDDL
(Security Descriptor Definition Language)
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa379567(v=vs.85...>
?
2.) What options are available to restore access besides removing the GPO
from the OU, or setting ad_gpo_access_control to disabled or permissive?
Thanks!
--Dan
--
*Daniel Bryan*
DevOps Engineer | Stratus Solutions
dbryan(a)stratussolutions.com
www.stratussolutions.com
6 years, 6 months
A security bug in SSSD 1.12 and later (CVE-2017-12173)
by Sumit Bose
=============== A security bug in SSSD 1.12 and later =========================
=
= Subject: Unsanitized input when searching in local cache database
=
= CVE ID#: CVE-2017-12173
=
= Summary: SSSD stores its cached data in an LDAP like local database
= file using libldb. To lookup cached data LDAP search
= filters like '(objectClass=user)(name=user_name)' are used.
= However, in sysdb_search_user_by_upn_res(), the input is
= not sanitized and allows to manipulate the search filter
= for cache lookups.
=
= This would allow a logged in user to discover the password
= hash of a different user.
=
= Impact: Moderate
=
= Affects default
= configuration: When configured with tools like realmd or
= ipa-client-install
=
= Introduced with: 1.12.0
=
==============================================================================
==== DESCRIPTION ====
SSSD stores its cached data in an LDAP like local database file using libldb.
To lookup cached data LDAP search filters like
'(objectClass=user)(name=user_name)' are used. However, in
sysdb_search_user_by_upn_res(), the input is not sanitized and allows to
manipulate the search filter for cache lookups.
This would allow a logged in user to discover the password hash of a different
user.
While in the default configuration the sssd.conf parameter 'cache_credentials'
is set to 'False' it is typically switched to 'True' by tools like realmd or
ipa-client-install to support offline authentication.
To remove the only password hashes from the cache 'cache_credentials' should be
set to 'False' in all [domain/...] sections of sssd.conf. Additionally the
already stored hashes must be remove e.g. by calling
ldbedit -H /var/lib/sss/db/cache_DOMAIN-NAME.ldb
for each configured domain and removing all 'cachedPassword' attributes.
==== PATCH AVAILABILITY ====
The patch is available at:
https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835?br...
6 years, 6 months
Re: A security bug in SSSD 1.12 and later (CVE-2017-12173)
by Douglas Duckworth
To mitigate could one make the cache only readable by root which I thought
would be the default?
On Oct 11, 2017 5:43 PM, "Lachlan Musicman" <datakid(a)gmail.com> wrote:
Will the COPR repos will be republished?
------
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor should we panic
about it. It is a shared consciousness that our institutions have failed
and our ecosystem is collapsing, yet we are still here — and we are
creative agents who can shape our destinies. Apocalyptic civics is the
conviction that the only way out is through, and the only way through is
together. "
*Greg Bloom* @greggish https://twitter.com/greggish/
status/873177525903609857
<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_greggish...>
On 12 October 2017 at 02:41, Sumit Bose <sbose(a)redhat.com> wrote:
> =============== A security bug in SSSD 1.12 and later
> =========================
> =
> = Subject: Unsanitized input when searching in local cache
> database
> =
> = CVE ID#: CVE-2017-12173
> =
> = Summary: SSSD stores its cached data in an LDAP like local
> database
> = file using libldb. To lookup cached data LDAP search
> = filters like '(objectClass=user)(name=user_name)' are
> used.
> = However, in sysdb_search_user_by_upn_res(), the input
> is
> = not sanitized and allows to manipulate the search
> filter
> = for cache lookups.
> =
> = This would allow a logged in user to discover the
> password
> = hash of a different user.
> =
> = Impact: Moderate
> =
> = Affects default
> = configuration: When configured with tools like realmd or
> = ipa-client-install
> =
> = Introduced with: 1.12.0
> =
> ============================================================
> ==================
>
> ==== DESCRIPTION ====
>
> SSSD stores its cached data in an LDAP like local database file using
> libldb.
> To lookup cached data LDAP search filters like
> '(objectClass=user)(name=user_name)' are used. However, in
> sysdb_search_user_by_upn_res(), the input is not sanitized and allows to
> manipulate the search filter for cache lookups.
>
> This would allow a logged in user to discover the password hash of a
> different
> user.
>
> While in the default configuration the sssd.conf parameter
> 'cache_credentials'
> is set to 'False' it is typically switched to 'True' by tools like realmd
> or
> ipa-client-install to support offline authentication.
>
> To remove the only password hashes from the cache 'cache_credentials'
> should be
> set to 'False' in all [domain/...] sections of sssd.conf. Additionally the
> already stored hashes must be remove e.g. by calling
>
> ldbedit -H /var/lib/sss/db/cache_DOMAIN-NAME.ldb
>
> for each configured domain and removing all 'cachedPassword' attributes.
>
> ==== PATCH AVAILABILITY ====
>
> The patch is available at:
> https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750
> abfc6d0835?branch=master
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__pagure.io_SSSD_sssd_...>
>
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>
6 years, 6 months
HBAC rules randomly failing on ubuntu 16.04
by Orion Poplawski
I just added my first ubuntu 16.04 client to our IPA domain and am having
problem with HBAC rules randomly denying access to a user that should have
access. Users are in AD (ad.nwra.com), I have an external group containing
the AD user linked to an IPA group used for the HBAC rule. Much of the time
it will work, but sometimes not.
sssd.conf:
[domain/nwra.com]
cache_credentials = True
krb5_auth_timeout = 30
krb5_store_password_if_offline = True
ipa_domain = nwra.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = ipa.nwra.com, _srv_
ldap_tls_cacert = /etc/ipa/ca.crt
dns_discovery_domain = nwra.com
timeout = 20
debug_level = 5
[sssd]
services = nss, sudo, pam, ssh, autofs
domains = nwra.com
default_domain_suffix = ad.nwra.com
debug_level = 5
This is with 1.13.4-1ubuntu1.8
Is there any hope for this version to work? Any reliable source for an
updated package?
--
Orion Poplawski
Technical Manager of NWRA Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301 https://www.nwra.com/
6 years, 6 months
debugging sssd / autofs problem
by Thomas Beaudry
Hi,
I have sssd + autofs working properly on 20+ machines. Recently, 1 of those machine has been not functioning properly (it might be linked to a power failure). Essentially, after any user logs into the machine, they get a: .bashrc: permission denied
I thought that this could have been linked to a corrupt cache, so i deleted everything in my /var/lib/sss/db folder and restarted sssd. This didn't fix my problem.?
Does anyone else have some suggestions as to what i can try? My logs are very large (6.5GB), so i could post them. but maybe there aren't necessary since maybe someone knows what the problem is.
Thanks!
Thomas
6 years, 6 months
Kerberos Tickets not obtained until restart of SSSD
by Sam Weston
Hi again,
The issue with password caching seems to have been solved. However with my 1.15.2 deployment still has one problem which is not present with 1.13. If you log in to a machine when it is offline, you have to reboot the machine or restart the sssd service for any Kerberos tickets to be obtained from the KDC when the machine comes back online.
If I originally login when the machine is offline, I get this ticket:
sweston@sflt28:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1117605638_HtMNOv
Default principal: sweston(a)SMALLBUSINESS.LAN
Valid starting Expires Service principal
01/01/70 01:00:00 01/01/70 01:00:00 krbtgt/SMALLBUSINESS.LAN(a)SMALLBUSINESS.LAN
If I log out and login again with the network cable plugged in, I still only have the above ticket. The logs look like this:
Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=sweston(a)smallbusiness.lan]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [Initgroups #329]: New request. Flags [0x0001].
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [Initgroups #329]: Receiving request data.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_reply_gen_error] (0x0080): DP Request [Initgroups #329]: Finished. Backend is currently offline.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::SMALLBUSINESS.LAN:name=sweston@smallbusiness.lan] from reply table
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [Initgroups #329]: Request removed.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: sudo
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser: sweston
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 3849
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Authenticate #330]: New request. Flags [0000].
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [krb5_auth_send] (0x0100): Home directory for user [sweston(a)smallbusiness.lan] not known.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_enable] (0x0080): Task [Check if online (periodic)]: already enabled
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_cache_auth] (0x0100): Hashes do match!
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Authenticate #330]: Request handler finished [0]: Success
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #330]: Receiving request data.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #330]: Request removed.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [3857] finished successfully.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [Subdomains Refresh]: disabling task
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: sudo
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser: sweston
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 3849
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Account #331]: New request. Flags [0000].
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_access_send] (0x0400): Performing access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_send] (0x0400): service sudo maps to Permitted
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Account #331]: Request handler finished [0]: Success
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Account #331]: Receiving request data.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Account #331]: Request removed.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [SUDO Smart Refresh]: disabling task
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [SUDO Full Refresh]: disabling task
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.SMALLBUSINESS.LAN], [2][No such file or directory]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.SMALLBUSINESS.LAN], [2][No such file or directory]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [AD machine account password renewal]: disabling task
If I restart the sssd service and then lock the screen and login again everything works correctly. I get the ticket that I want:
Ticket cache: FILE:/tmp/krb5cc_1117605638_HtMNOv
Default principal: sweston(a)SMALLBUSINESS.LAN
Valid starting Expires Service principal
12/09/17 17:21:24 13/09/17 03:21:24 krbtgt/SMALLBUSINESS.LAN(a)SMALLBUSINESS.LAN
renew until 13/09/17 17:21:24
Logs:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=sweston(a)smallbusiness.lan]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [Initgroups #1]: New request. Flags [0x0001].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_send] (0x0400): About to find domain controllers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_dc_servers_send] (0x0400): Looking up domain controllers in domain SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got 2 servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_dc_servers_done] (0x0400): Found 2 domain controllers in domain SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_dcs_done] (0x0400): About to locate suitable site
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_connect_host_send] (0x0400): Resolving host sfbackup02.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sfbackup02.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sfbackup02.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sfbackup02.smallbusiness.lan' in DNS
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://sfbackup02.smallbusiness.lan:389
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_connect_host_done] (0x0400): Successful connection to ldap://sfbackup02.smallbusiness.lan:389
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=SMALLBUSINESS.LAN)(NtVer=\14\00\00\00))][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_client_site_done] (0x0400): Found site: Default-First-Site-Name
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_client_site_done] (0x0400): Found forest: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_site_done] (0x0400): About to discover primary and backup servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_servers_send] (0x0400): Looking up primary servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'gc'. Will use DNS discovery domain 'Default-First-Site-Name._sites.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_gc._tcp.Default-First-Site-Name._sites.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got 2 servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_servers_primary_done] (0x0400): Looking up backup servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'gc'. Will use DNS discovery domain 'SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_gc._tcp.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got 2 servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_servers_done] (0x0400): Got 2 primary and 2 backup servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'sfpdc.smallbusiness.lan:3268' to service 'AD_GC'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'sfbackup02.smallbusiness.lan:3268' to service 'AD_GC'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Server 'sfbackup02.smallbusiness.lan:3268' for service 'AD_GC' is already present
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Server 'sfpdc.smallbusiness.lan:3268' for service 'AD_GC' is already present
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD_GC' as 'resolved'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sfpdc.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfpdc.smallbusiness.lan' as 'resolving name'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sfpdc.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sfpdc.smallbusiness.lan' in DNS
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfpdc.smallbusiness.lan' as 'name resolved'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_resolve_server_process] (0x0200): Found address for server sfpdc.smallbusiness.lan: [192.168.1.7] TTL 3600
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://sfpdc.smallbusiness.lan'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://sfpdc.smallbusiness.lan:3268'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, SFLT28$, SMALLBUSINESS.LAN, 86400)
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_resolve_server_process] (0x0200): Found address for server sfbackup02.smallbusiness.lan: [192.168.1.3] TTL 3600
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 48
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4718] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_SMALLBUSINESS.LAN], expired on [1505269284]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: SFLT28$
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_cli_connect_recv] (0x0400): Connection established.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0100): Marking port 3268 of server 'sfpdc.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfpdc.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0400): Marking port 3268 of duplicate server 'sfpdc.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [DC=SMALLBUSINESS,DC=LAN]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=sweston)(objectclass=user)(objectSID=*))][DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Save user
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_primary_name] (0x0400): Processing object sweston
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Processing user sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Adding original memberOf attributes to [sweston(a)smallbusiness.lan].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Adding user principal [sweston(a)SMALLBUSINESS.LAN] to attributes of [sweston(a)smallbusiness.lan].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Storing info for user sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][CN=Sam Weston,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-550] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-545] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-544] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-549] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-574] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_done] (0x0400): Primary group already cached, nothing to do.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [Initgroups #1]: Request handler finished [0]: Success
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [Initgroups #1]: Receiving request data.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #1]: Finished. Success.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::SMALLBUSINESS.LAN:name=sweston@smallbusiness.lan] from reply table
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [Initgroups #1]: Request removed.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty2
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 4714
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Authenticate #2]: New request. Flags [0000].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [krb5_auth_send] (0x0100): Home directory for user [sweston(a)smallbusiness.lan] not known.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_resolve_server_process] (0x0200): Found address for server sfbackup02.smallbusiness.lan: [192.168.1.3] TTL 3600
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'sfbackup02.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfbackup02.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'sfbackup02.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [cache, ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Authenticate #2]: Request handler finished [0]: Success
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #2]: Receiving request data.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #2]: Request removed.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4719] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty2
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 4714
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Account #3]: New request. Flags [0000].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_access_send] (0x0400): Performing access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_send] (0x0400): service gdm-password maps to Interactive
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_connect_done] (0x0400): sam_account_name is SFLT28$
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=user)(sAMAccountName=SFLT28$))][dc=smallbusiness,dc=lan].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=domain][DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_next_done] (0x0400): Found SID [S-1-5-21-3845744863-2409227386-3211111987].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=SMALLBUSINESS.LAN)(NtVer=\14\00\00\00))][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found flat name [SMALLBUSINESS].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found site [Default-First-Site-Name].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found forest [SMALLBUSINESS.LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[0]->som_dn is OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[1]->som_dn is OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[2]->som_dn is OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[3]->som_dn is DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[4]->som_dn is cn=Default-First-Site-Name,cn=Sites,CN=Configuration,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn=Default-First-Site-Name,cn=Sites,CN=Configuration,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_get_som_attrs_done] (0x0040): no attrs found for SOM; try next SOM
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[0]->gpo_dn: CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[1]->gpo_dn: CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[2]->gpo_dn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[3]->gpo_dn: cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[4]->gpo_dn: cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[5]->gpo_dn: cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[6]->gpo_dn: cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[7]->gpo_dn: cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[8]->gpo_dn: cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[9]->gpo_dn: cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[10]->gpo_dn: cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[11]->gpo_dn: cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[12]->gpo_dn: cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[13]->gpo_dn: cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[14]->gpo_dn: cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[1]->gpo_guid is {7F8D8A41-8831-4EF1-990F-3AECF333E735}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[2]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[3]->gpo_guid is {5F743845-71B6-4CDF-965F-20360E51C01A}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[4]->gpo_guid is {8FC54817-BD35-4D6F-AB72-E799C66667E8}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[5]->gpo_guid is {CED4E066-9ADF-47A5-8F92-BBDDB522A034}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[6]->gpo_guid is {6ECD6877-791E-4F38-9945-EFAF733C3475}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[7]->gpo_guid is {CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[8]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[9]->gpo_guid is {29274130-3B70-4A97-AB38-25EA9D8D0F67}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[10]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[11]->gpo_guid is {3452D745-B138-4799-A555-1EBFB3654704}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[12]->gpo_guid is {B42D8E08-C289-436C-8E31-BD3DD2A415DC}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[13]->gpo_guid is {355444B3-99ED-4D77-B9EC-BAF3EAA17AA7}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[1]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[2]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[3]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): num_cse_filtered_gpos: 4
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_delete_gpo_result_object] (0x0400): Deleting GPO Result object
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 655593
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 655593
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[1]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{BA4389F2-AD33-4678-BF30-44D81E900008}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 10
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4722] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 10
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): [/var/lib/sss/gpo_cache/SMALLBUSINESS.LAN/Policies/{BA4389F2-AD33-4678-BF30-44D81E900008}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf]: ini_config_parse failed [5][Input/output error]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): Error (5) on line 7: Equal sign is missing.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): Error (5) on line 8: Equal sign is missing.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[2]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{57EF63D0-BF6F-4079-BD9B-9D896BB9A495}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 8
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4724] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 8
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Storing setting: key [SeDenyInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Updating setting: key [SeDenyRemoteInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[3]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{D6B5C6DF-114E-49FC-976E-5B8893FA1E27}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 262220
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4726] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 262220
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeInteractiveLogonRight] value [(null)]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [parse_policy_setting_value] (0x0400): No value for key [SeInteractiveLogonRight] found in gpo result
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeDenyInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): RESULTANT POLICY:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): gpo_map_type: Interactive
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): allowed_size = 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): denied_size = 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): denied_sids[0] = S-1-5-21-3845744863-2409227386-3211111987-3806
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): CURRENT USER:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): user_sid = S-1-5-21-3845744863-2409227386-3211111987-5638
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[0] = S-1-5-21-3845744863-2409227386-3211111987-5652
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[1] = S-1-5-21-3845744863-2409227386-3211111987-5656
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[2] = S-1-5-21-3845744863-2409227386-3211111987-3798
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[3] = S-1-5-21-3845744863-2409227386-3211111987-5655
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[4] = S-1-5-21-3845744863-2409227386-3211111987-5659
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[5] = S-1-5-21-3845744863-2409227386-3211111987-5653
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[6] = S-1-5-21-3845744863-2409227386-3211111987-5660
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[7] = S-1-5-21-3845744863-2409227386-3211111987-5663
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[8] = S-1-5-21-3845744863-2409227386-3211111987-5732
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[9] = S-1-5-21-3845744863-2409227386-3211111987-3722
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[10] = S-1-5-21-3845744863-2409227386-3211111987-5709
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[11] = S-1-5-21-3845744863-2409227386-3211111987-512
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[12] = S-1-5-21-3845744863-2409227386-3211111987-3823
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[13] = S-1-5-21-3845744863-2409227386-3211111987-5654
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[14] = S-1-5-21-3845744863-2409227386-3211111987-513
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[15] = S-1-5-21-3845744863-2409227386-3211111987-3665
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[16] = S-1-5-21-3845744863-2409227386-3211111987-3737
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[17] = S-1-5-21-3845744863-2409227386-3211111987-3754
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[18] = S-1-5-21-3845744863-2409227386-3211111987-5665
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[19] = S-1-5-21-3845744863-2409227386-3211111987-3715
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[20] = S-1-5-21-3845744863-2409227386-3211111987-5661
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[21] = S-1-5-21-3845744863-2409227386-3211111987-3812
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[22] = S-1-5-21-3845744863-2409227386-3211111987-572
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[23] = S-1-5-21-3845744863-2409227386-3211111987-3610
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[24] = S-1-5-21-3845744863-2409227386-3211111987-1182
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[25] = S-1-5-21-3845744863-2409227386-3211111987-1627
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[26] = S-1-5-21-3845744863-2409227386-3211111987-1630
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[27] = S-1-5-21-3845744863-2409227386-3211111987-1767
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[28] = S-1-5-21-3845744863-2409227386-3211111987-1628
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[29] = S-1-5-21-3845744863-2409227386-3211111987-2354
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[30] = S-1-5-21-3845744863-2409227386-3211111987-1625
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[31] = S-1-5-21-3845744863-2409227386-3211111987-1766
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[32] = S-1-5-21-3845744863-2409227386-3211111987-1768
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[33] = S-1-5-21-3845744863-2409227386-3211111987-3667
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[34] = S-1-5-21-3845744863-2409227386-3211111987-3759
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[35] = S-1-5-11
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): POLICY DECISION:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): access_granted = 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): access_denied = 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Account #3]: Request handler finished [0]: Success
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Account #3]: Receiving request data.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Account #3]: Request removed.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4728] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_SETCRED
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty2
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 4714
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
My config:
[sssd]
config_file_version = 2
reconnection_retries = 3
services = nss,pam
domains = SMALLBUSINESS.LAN
offline_timeout = 10
debug_level = 6
[nss]
debug_level = 6
[pam]
debug_level = 6
[domain/SMALLBUSINESS.LAN]
debug_level = 6
access_provider = ad
ad_domain = SMALLBUSINESS.LAN
ad_gpo_access_control = permissive
cache_credentials = True
default_shell = /bin/bash
fallback_homedir = /home/%u
id_provider = ad
krb5_store_password_if_offline = True
ldap_id_mapping = True
realmd_tags = manages-system joined-with-samba
The offline_timeout line is a recent addition which doesn't seem to have helped. I guess my question is why I have to restart SSSD for it "realise" that it's back online. Ideally I would like it to get a kerberos ticket as soon as it comes online which I guess it should do with the krb5_store_password_if_offline option set?
Thanks for all your help
Sam
6 years, 6 months
Re: Does sssd-1.5.1-71.el5 Support Autofs
by Douglas Duckworth
Thanks!
I was able to get it working with ldap!
Best
Doug
On Oct 7, 2017 5:37 AM, "Lukas Slebodnik" <lslebodn(a)redhat.com> wrote:
> On (06/10/17 13:37), Douglas Duckworth wrote:
>
> >Hi
>
> >
>
> >I have an old server that I need to retire.
>
> >
>
> >Until then can you tell me if this old version supports autofs?
>
> >
>
> >[root@node002 ~]# tail -n 100 /var/log/sssd/sssd.log
>
> >(Fri Oct 6 13:35:01 2017) [sssd] [get_monitor_config] (0): Invalid
> service
>
> >autofs
>
> >
>
> autofs support was implemented in 1.8.x
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.
> pagure.org_SSSD.sssd_design-5Fpages_index.html-23implemented-2Din-2D1-2D8-
> 2Dx&d=DwIGaQ&c=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu2s&r=2Fzhh_
> 78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m=izJtCOzMQghf4bY5878r7fv1HhLjlN
> wn9EQXoigsyZU&s=njYqiwTUvprEl2T9F49GB_0aczTVBif8RpQOVkAkGcE&e=
>
>
>
> So with older version you need to use ldap instead of sss.
>
>
>
> LS
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>
6 years, 6 months
Does sssd-1.5.1-71.el5 Support Autofs
by Douglas Duckworth
Hi
I have an old server that I need to retire.
Until then can you tell me if this old version supports autofs?
[root@node002 ~]# tail -n 100 /var/log/sssd/sssd.log
(Fri Oct 6 13:35:01 2017) [sssd] [get_monitor_config] (0): Invalid service
autofs
Thanks,
Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Physiology and Biophysics
Weill Cornell Medicine
E: doug(a)med.cornell.edu
O: 212-746-6305
F: 212-746-8690
6 years, 6 months