sssd performance on large domains
by zfnoctis@gmail.com
Hi,
I'm wondering if there are any plans to improve sssd performance on large active directory domains (100k+ users, 40k+ groups), or if there are settings I am not aware of that can greatly improve performance, specifically for workstation use cases.
Currently if I do not set "ignore_group_members = True" in sssd.conf, logins can take upwards of 6 minutes and "sssd_be" will max the CPU for up to 20 minutes after logon, which makes it a non-starter. The reason I want to allow group members to be seen is that I want certain domain groups to be able to perform elevated actions using polkit. If I ignore group members, polkit reports that the group is empty and so no one can elevate in the graphical environment.
Ultimately this means that Linux workstations are at a severe disadvantage since they cannot be bound to the domain and have the normal set of access features users and IT expect from macOS or Windows.
Distributions used: Ubuntu 16.04 (sssd 1.13.4-1ubuntu1.1), Ubuntu 16.10 (sssd 1.13.4-3) and Fedora 24 (sssd-1.13.4-3.fc24). All exhibit the same problems.
I've also tried "ldap_group_nesting_level = 1" without seeing any noticeable improvement with respect to performance. Putting the database on /tmp isn't viable as these are workstations that will reboot semi-frequently, and I don't believe this is an I/O bound performance issue anyways.
Thanks for your time.
1 year, 10 months
- 6
- 29
Enumerate users from external group from AD trust
by Bolke de Bruin
Hello,
I have sssd 1.13.00 working against FreeIPA 4.2 domain. This domain has a trust relationship with a active directory domain.
One of the systems we are using requires to enumerate all users in groups by (unfortunate) design (Apache Ranger). This is done by using
“getent group”. During this enumeration the full user list for a group that has a nested external member group* is not always returned so we thought to
add “getent group mygroup” in order to get more details. Unfortunately this does not seem to work consistently: sometimes this gives information sometimes it does not:
[root@master centos]# getent group ad_users
ad_users:*:1950000004:
[root@master centos]# id bolke(a)ad.local
UID=1796201107(bolke(a)ad.local) GID=1796201107(bolke(a)ad.local) groepen=1796201107(bolke(a)ad.local),1796200513(domain users@ad.local),1796201108(test(a)ad.local)
[root@master centos]# getent group ad_users
ad_users:*:1950000004:bolke@ad.local <mailto:bolke@ad.local>
If I clear the cache (sss_cache -E) the entry is gone again:
[root@master centos]# getent group ad_users
ad_users:*:1950000004:
My question is how do I get sssd to enumerate *all users* in a group consistently?
Thanks!
Bolke
* https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/trust-g...
4 years
- 3
- 15
SSSD for one-way trusted AD domain
by Ondrej Valousek
Hi List,
Question, we have joined machine into AD domain B. This domain has one way trust to domain A. No direct connection from domain B network to DCs in domain A is possible.
Can we use SSSD to authenticate members in domain A.
In windows, this works - but can't get it working in Linux via SSSD (Fedora 25, used realmd for AD join).
Thanks,
Ondrej
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
5 years, 6 months
- 3
- 2
Does anyone use id_provider=local ?
by Jakub Hrozek
Hi,
are there any SSSD users who actively use a configuration with:
id_provider=local ?
If so, what is your use-case?
We're considering deprecating and eventually removing this provider
upstream. The replacemant for id_provider=local would be id_provider=files:
https://fedorahosted.org/sssd/wiki/DesignDocs/FilesProvider
which is already under review and later extension of the SSSD's D-Bus
interface to allow manipulating custom user attributes.
My current plan for deprecating the local provider is to only build the
provider and the tools around it if a configure-time flag is provided.
This flag would be disabled by default. Then, if noone complains,
eventually just remove the code.
6 years, 1 month
- 3
- 5
Kerberos Tickets not obtained until restart of SSSD
by Sam Weston
Hi again,
The issue with password caching seems to have been solved. However with my 1.15.2 deployment still has one problem which is not present with 1.13. If you log in to a machine when it is offline, you have to reboot the machine or restart the sssd service for any Kerberos tickets to be obtained from the KDC when the machine comes back online.
If I originally login when the machine is offline, I get this ticket:
sweston@sflt28:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1117605638_HtMNOv
Default principal: sweston(a)SMALLBUSINESS.LAN
Valid starting Expires Service principal
01/01/70 01:00:00 01/01/70 01:00:00 krbtgt/SMALLBUSINESS.LAN(a)SMALLBUSINESS.LAN
If I log out and login again with the network cable plugged in, I still only have the above ticket. The logs look like this:
Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=sweston(a)smallbusiness.lan]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [Initgroups #329]: New request. Flags [0x0001].
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [Initgroups #329]: Receiving request data.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_reply_gen_error] (0x0080): DP Request [Initgroups #329]: Finished. Backend is currently offline.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::SMALLBUSINESS.LAN:name=sweston@smallbusiness.lan] from reply table
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [Initgroups #329]: Request removed.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: sudo
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser: sweston
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 3849
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Authenticate #330]: New request. Flags [0000].
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [krb5_auth_send] (0x0100): Home directory for user [sweston(a)smallbusiness.lan] not known.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_enable] (0x0080): Task [Check if online (periodic)]: already enabled
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_cache_auth] (0x0100): Hashes do match!
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Authenticate #330]: Request handler finished [0]: Success
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #330]: Receiving request data.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #330]: Request removed.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [3857] finished successfully.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [Subdomains Refresh]: disabling task
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: sudo
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser: sweston
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 3849
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Account #331]: New request. Flags [0000].
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_access_send] (0x0400): Performing access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_send] (0x0400): service sudo maps to Permitted
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Account #331]: Request handler finished [0]: Success
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Account #331]: Receiving request data.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Account #331]: Request removed.
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [SUDO Smart Refresh]: disabling task
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [SUDO Full Refresh]: disabling task
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.SMALLBUSINESS.LAN], [2][No such file or directory]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.SMALLBUSINESS.LAN], [2][No such file or directory]
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_offline_cb] (0x0400): Back end is offline
(Tue Sep 12 17:17:08 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_ptask_disable] (0x0400): Task [AD machine account password renewal]: disabling task
If I restart the sssd service and then lock the screen and login again everything works correctly. I get the ticket that I want:
Ticket cache: FILE:/tmp/krb5cc_1117605638_HtMNOv
Default principal: sweston(a)SMALLBUSINESS.LAN
Valid starting Expires Service principal
12/09/17 17:21:24 13/09/17 03:21:24 krbtgt/SMALLBUSINESS.LAN(a)SMALLBUSINESS.LAN
renew until 13/09/17 17:21:24
Logs:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=sweston(a)smallbusiness.lan]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [Initgroups #1]: New request. Flags [0x0001].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_send] (0x0400): About to find domain controllers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_dc_servers_send] (0x0400): Looking up domain controllers in domain SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got 2 servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_dc_servers_done] (0x0400): Found 2 domain controllers in domain SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_dcs_done] (0x0400): About to locate suitable site
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_connect_host_send] (0x0400): Resolving host sfbackup02.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sfbackup02.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sfbackup02.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sfbackup02.smallbusiness.lan' in DNS
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://sfbackup02.smallbusiness.lan:389
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_connect_host_done] (0x0400): Successful connection to ldap://sfbackup02.smallbusiness.lan:389
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=SMALLBUSINESS.LAN)(NtVer=\14\00\00\00))][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_client_site_done] (0x0400): Found site: Default-First-Site-Name
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_get_client_site_done] (0x0400): Found forest: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_site_done] (0x0400): About to discover primary and backup servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_servers_send] (0x0400): Looking up primary servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'gc'. Will use DNS discovery domain 'Default-First-Site-Name._sites.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_gc._tcp.Default-First-Site-Name._sites.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got 2 servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_servers_primary_done] (0x0400): Looking up backup servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'gc'. Will use DNS discovery domain 'SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_gc._tcp.SMALLBUSINESS.LAN'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got answer. Processing...
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_discover_srv_done] (0x0400): Got 2 servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_srv_plugin_servers_done] (0x0400): Got 2 primary and 2 backup servers
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'sfpdc.smallbusiness.lan:3268' to service 'AD_GC'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'sfbackup02.smallbusiness.lan:3268' to service 'AD_GC'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Server 'sfbackup02.smallbusiness.lan:3268' for service 'AD_GC' is already present
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_add_server_to_list] (0x0400): Server 'sfpdc.smallbusiness.lan:3268' for service 'AD_GC' is already present
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD_GC' as 'resolved'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sfpdc.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfpdc.smallbusiness.lan' as 'resolving name'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sfpdc.smallbusiness.lan' in files
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sfpdc.smallbusiness.lan' in DNS
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [request_watch_destructor] (0x0400): Deleting request watch
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfpdc.smallbusiness.lan' as 'name resolved'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_resolve_server_process] (0x0200): Found address for server sfpdc.smallbusiness.lan: [192.168.1.7] TTL 3600
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://sfpdc.smallbusiness.lan'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://sfpdc.smallbusiness.lan:3268'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, SFLT28$, SMALLBUSINESS.LAN, 86400)
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_resolve_server_process] (0x0200): Found address for server sfbackup02.smallbusiness.lan: [192.168.1.3] TTL 3600
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 48
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4718] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_SMALLBUSINESS.LAN], expired on [1505269284]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: SFLT28$
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_cli_connect_recv] (0x0400): Connection established.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0100): Marking port 3268 of server 'sfpdc.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfpdc.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0400): Marking port 3268 of duplicate server 'sfpdc.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [DC=SMALLBUSINESS,DC=LAN]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=sweston)(objectclass=user)(objectSID=*))][DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Save user
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_primary_name] (0x0400): Processing object sweston
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Processing user sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Adding original memberOf attributes to [sweston(a)smallbusiness.lan].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Adding user principal [sweston(a)SMALLBUSINESS.LAN] to attributes of [sweston(a)smallbusiness.lan].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Storing info for user sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][CN=Sam Weston,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-550] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-545] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-544] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-549] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-574] is a built-in one.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_done] (0x0400): Primary group already cached, nothing to do.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [Initgroups #1]: Request handler finished [0]: Success
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [Initgroups #1]: Receiving request data.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #1]: Finished. Success.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::SMALLBUSINESS.LAN:name=sweston@smallbusiness.lan] from reply table
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [Initgroups #1]: Request removed.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty2
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 4714
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Authenticate #2]: New request. Flags [0000].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [krb5_auth_send] (0x0100): Home directory for user [sweston(a)smallbusiness.lan] not known.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [be_resolve_server_process] (0x0200): Found address for server sfbackup02.smallbusiness.lan: [192.168.1.3] TTL 3600
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'sfbackup02.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [set_server_common_status] (0x0100): Marking server 'sfbackup02.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'sfbackup02.smallbusiness.lan' as 'working'
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston(a)smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [cache, ts_cache] attrs.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Authenticate #2]: Request handler finished [0]: Success
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #2]: Receiving request data.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #2]: Request removed.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4719] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty2
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 4714
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Account #3]: New request. Flags [0000].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_access_send] (0x0400): Performing access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [sweston(a)smallbusiness.lan]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_send] (0x0400): service gdm-password maps to Interactive
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_connect_done] (0x0400): sam_account_name is SFLT28$
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=user)(sAMAccountName=SFLT28$))][dc=smallbusiness,dc=lan].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=domain][DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_next_done] (0x0400): Found SID [S-1-5-21-3845744863-2409227386-3211111987].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=SMALLBUSINESS.LAN)(NtVer=\14\00\00\00))][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found flat name [SMALLBUSINESS].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found site [Default-First-Site-Name].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found forest [SMALLBUSINESS.LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[0]->som_dn is OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[1]->som_dn is OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[2]->som_dn is OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[3]->som_dn is DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[4]->som_dn is cn=Default-First-Site-Name,cn=Sites,CN=Configuration,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn=Default-First-Site-Name,cn=Sites,CN=Configuration,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_get_som_attrs_done] (0x0040): no attrs found for SOM; try next SOM
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[0]->gpo_dn: CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[1]->gpo_dn: CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[2]->gpo_dn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[3]->gpo_dn: cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[4]->gpo_dn: cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[5]->gpo_dn: cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[6]->gpo_dn: cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[7]->gpo_dn: cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[8]->gpo_dn: cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[9]->gpo_dn: cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[10]->gpo_dn: cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[11]->gpo_dn: cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[12]->gpo_dn: cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[13]->gpo_dn: cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[14]->gpo_dn: cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN].
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[1]->gpo_guid is {7F8D8A41-8831-4EF1-990F-3AECF333E735}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[2]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[3]->gpo_guid is {5F743845-71B6-4CDF-965F-20360E51C01A}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[4]->gpo_guid is {8FC54817-BD35-4D6F-AB72-E799C66667E8}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[5]->gpo_guid is {CED4E066-9ADF-47A5-8F92-BBDDB522A034}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[6]->gpo_guid is {6ECD6877-791E-4F38-9945-EFAF733C3475}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[7]->gpo_guid is {CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[8]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[9]->gpo_guid is {29274130-3B70-4A97-AB38-25EA9D8D0F67}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[10]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[11]->gpo_guid is {3452D745-B138-4799-A555-1EBFB3654704}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[12]->gpo_guid is {B42D8E08-C289-436C-8E31-BD3DD2A415DC}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[13]->gpo_guid is {355444B3-99ED-4D77-B9EC-BAF3EAA17AA7}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[1]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[2]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[3]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): num_cse_filtered_gpos: 4
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_delete_gpo_result_object] (0x0400): Deleting GPO Result object
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 655593
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 655593
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[1]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{BA4389F2-AD33-4678-BF30-44D81E900008}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 10
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4722] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 10
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {BA4389F2-AD33-4678-BF30-44D81E900008}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): [/var/lib/sss/gpo_cache/SMALLBUSINESS.LAN/Policies/{BA4389F2-AD33-4678-BF30-44D81E900008}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf]: ini_config_parse failed [5][Input/output error]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): Error (5) on line 7: Equal sign is missing.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): Error (5) on line 8: Equal sign is missing.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[2]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{57EF63D0-BF6F-4079-BD9B-9D896BB9A495}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 8
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4724] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 8
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {57EF63D0-BF6F-4079-BD9B-9D896BB9A495}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Storing setting: key [SeDenyInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Updating setting: key [SeDenyRemoteInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[3]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfpdc.smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{D6B5C6DF-114E-49FC-976E-5B8893FA1E27}]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 262220
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4726] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 262220
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {D6B5C6DF-114E-49FC-976E-5B8893FA1E27}
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeInteractiveLogonRight] value [(null)]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [parse_policy_setting_value] (0x0400): No value for key [SeInteractiveLogonRight] found in gpo result
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeDenyInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806]
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): RESULTANT POLICY:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): gpo_map_type: Interactive
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): allowed_size = 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): denied_size = 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): denied_sids[0] = S-1-5-21-3845744863-2409227386-3211111987-3806
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): CURRENT USER:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): user_sid = S-1-5-21-3845744863-2409227386-3211111987-5638
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[0] = S-1-5-21-3845744863-2409227386-3211111987-5652
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[1] = S-1-5-21-3845744863-2409227386-3211111987-5656
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[2] = S-1-5-21-3845744863-2409227386-3211111987-3798
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[3] = S-1-5-21-3845744863-2409227386-3211111987-5655
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[4] = S-1-5-21-3845744863-2409227386-3211111987-5659
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[5] = S-1-5-21-3845744863-2409227386-3211111987-5653
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[6] = S-1-5-21-3845744863-2409227386-3211111987-5660
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[7] = S-1-5-21-3845744863-2409227386-3211111987-5663
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[8] = S-1-5-21-3845744863-2409227386-3211111987-5732
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[9] = S-1-5-21-3845744863-2409227386-3211111987-3722
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[10] = S-1-5-21-3845744863-2409227386-3211111987-5709
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[11] = S-1-5-21-3845744863-2409227386-3211111987-512
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[12] = S-1-5-21-3845744863-2409227386-3211111987-3823
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[13] = S-1-5-21-3845744863-2409227386-3211111987-5654
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[14] = S-1-5-21-3845744863-2409227386-3211111987-513
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[15] = S-1-5-21-3845744863-2409227386-3211111987-3665
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[16] = S-1-5-21-3845744863-2409227386-3211111987-3737
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[17] = S-1-5-21-3845744863-2409227386-3211111987-3754
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[18] = S-1-5-21-3845744863-2409227386-3211111987-5665
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[19] = S-1-5-21-3845744863-2409227386-3211111987-3715
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[20] = S-1-5-21-3845744863-2409227386-3211111987-5661
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[21] = S-1-5-21-3845744863-2409227386-3211111987-3812
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[22] = S-1-5-21-3845744863-2409227386-3211111987-572
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[23] = S-1-5-21-3845744863-2409227386-3211111987-3610
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[24] = S-1-5-21-3845744863-2409227386-3211111987-1182
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[25] = S-1-5-21-3845744863-2409227386-3211111987-1627
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[26] = S-1-5-21-3845744863-2409227386-3211111987-1630
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[27] = S-1-5-21-3845744863-2409227386-3211111987-1767
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[28] = S-1-5-21-3845744863-2409227386-3211111987-1628
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[29] = S-1-5-21-3845744863-2409227386-3211111987-2354
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[30] = S-1-5-21-3845744863-2409227386-3211111987-1625
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[31] = S-1-5-21-3845744863-2409227386-3211111987-1766
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[32] = S-1-5-21-3845744863-2409227386-3211111987-1768
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[33] = S-1-5-21-3845744863-2409227386-3211111987-3667
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[34] = S-1-5-21-3845744863-2409227386-3211111987-3759
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[35] = S-1-5-11
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): POLICY DECISION:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): access_granted = 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): access_denied = 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Account #3]: Request handler finished [0]: Success
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Account #3]: Receiving request data.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Account #3]: Request removed.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [4728] finished successfully.
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_SETCRED
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston(a)smallbusiness.lan
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty2
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost:
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 4714
(Tue Sep 12 17:21:24 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set
My config:
[sssd]
config_file_version = 2
reconnection_retries = 3
services = nss,pam
domains = SMALLBUSINESS.LAN
offline_timeout = 10
debug_level = 6
[nss]
debug_level = 6
[pam]
debug_level = 6
[domain/SMALLBUSINESS.LAN]
debug_level = 6
access_provider = ad
ad_domain = SMALLBUSINESS.LAN
ad_gpo_access_control = permissive
cache_credentials = True
default_shell = /bin/bash
fallback_homedir = /home/%u
id_provider = ad
krb5_store_password_if_offline = True
ldap_id_mapping = True
realmd_tags = manages-system joined-with-samba
The offline_timeout line is a recent addition which doesn't seem to have helped. I guess my question is why I have to restart SSSD for it "realise" that it's back online. Ideally I would like it to get a kerberos ticket as soon as it comes online which I guess it should do with the krb5_store_password_if_offline option set?
Thanks for all your help
Sam
6 years, 1 month
- 3
- 2
Fw: sssd email login performance
by Galen Johnson
Adding the list since Sumit appears to be busy. The info is anonymized so it should be ok. Hopefully, the gz file makes it through.
=G=?
________________________________
From: Galen Johnson
Sent: Thursday, September 21, 2017 5:36 PM
To: Sumit Bose
Cc: Philip Holman
Subject: sssd email login performance
Hi Sumit,
I'm finally getting a chance to follow up on the email thread (of the same title) from the sssd list. We've seen some delays (multi-second) for auth requests when users use their email address versus their id. I've attached a tar file with several log files. Phil may need to explain the summary file if you have any questions about it. We are running Centos 7.4 now but I'm fairly certain that it's the same binaries as RHEL 7.4. These logs were taken while on 7.3. I noticed that sssd bumped to 1.15 with 7.4.
Some outstanding questions we have are:
1. The cache appears to not be used for the email attribute. Why is this not used?
2. We're also curious why the ldap requests add 2 seconds when performing the same query from the command-line returns almost immediately.
3. Is it possible to have SSSD ignore the domain and just immediately look up the address? We see "is_email_from_domain" in the domain log (reflected in the nss log). We checked the man pages and nothing really jumped out as a config option.
It should be noted that we also moved the sssd db cache to tmpfs (per a blog from Jakub).
?
Thanks for any insight
=G=?
Phil's analysis follows:
To wrap up, I took one more look at one of the very slow email logins to pull out a trace of what it was doing. The attached files are the log snippets with line breaks marking off the incoming requests to make it more clear what each module was servicing when. The summary.txt shows the summarized entry for the connection and also gives an abridged combined view of the logs marking where the 7 seconds appear to have gone. So this seemed enough info to share if we have the opportunity for a consult with someone.
The short version is that 1 second roughly went to the bind that tests the user, but the other 6 appear to have likely been the result of interacting with local caches rather than the DCs. So that makes the cache files and related configuration look suspicious. It also makes more sense that our earlier checks (against logs or live tests) of the Exnet interactions have failed to show any latency issues on those step.
Possibly the fiddling we've already done with the cache files and cache config resolved this, but it is probably still worth passing this along to someone knowledgeable who might be able to explain what about the setup likely made everything go sideways. Otherwise, we might be facing some kind of build-up pattern where it will always look rosy after a restart and gradually degrade over time as state builds up.
It might also be a good idea to bounce and clear out sssd/pam state on the weekly restarts just to protect against any possible build-up (unless we want to intentionally avoid that for now to see if it does degrade over time).
6 years, 2 months
- 3
- 13
how to call SSS_NSS_GETIDBYSID from other programs?
by James Ralston
I have a storage appliance that needs local passwd/group files loaded
onto it, which need to match the entries we get by using sssd's
ldap_id_mapping feature. So I need some way to enumerate or synthesize
passwd/group entries, for every user/group object in our domain, using
LDIF dumps from AD that includes all users/groups, along with their
respective objectSid attributes.
We know (from experience, and from discussion on this list) that
enabling enumeration in sssd is problematic, so that's out.
I could just issue individual getpwnam()/getgrnam() calls for every
user/group object, and let sssd synthesize the entries. But this would
require careful tuning of sssd's cache configuration options to avoid
significant delays, and even then, this would pound our AD domain
controllers with thousands and thousands of lookup requests every time
we regenerate the synthesized passwd/group files (which will probably
be hourly).
From digging around in the sssd source code, I see that sssd has a
SSS_NSS_GETIDBYSID API call that looks to be exactly what I need. But
it's not clear to me whether that's a public or private API, and
additionally, it looks like I'd be limited to C for my implementation,
as I see no other language bindings for those functions.
Has anyone already rolled (Python, Ruby, Perl, et. al.) bindings for
sssd's API calls, specifically the ID-SID mapping calls?
One potential option would be to just re-implement sssd's id mapping
code in Python. I could "cheat" in our implementation, because I know
that the only options that vary across our domains are
(ldap_idmap_range_max, ldap_idmap_range_min, ldap_idmap_range_size).
But re-implementation opens the door for a subtle error that would
cause my mapping code to return different results from sssd in some
corner cases, which I definitely don't want. So leveraging sssd's
SSS_NSS_GETIDBYSID API call would be best… if that's possible.
Another option would be to bypass the API and talk directly to the NSS
responder via its listening socket, which is easy enough to do in
other languages. But this would require me to speak the protocol
exactly the way sssd expects, and any API changes would break my code.
Thoughts? Suggestions?
6 years, 2 months
- 3
- 6
SSSD + database
by Galen Johnson
Hey,
Pretty sure the answer is no but there are some packages that allow you to set up your systems to use a database as the provider for nss and pam (libnss_mysql, libpam_mysql)...does sssd support this configuration?
thx
=G=
6 years, 2 months
- 3
- 2
[SSSD] Announcing ding-libs 0.6.1
by Michal Židek
A new version of ding-libs (0.6.1) was released today!
ding-libs, or "Ding is not GLib" is a a set of helpful libraries used by
projects such as SSSD or gss-proxy.
The tarball can be downloaded from:
https://releases.pagure.org/SSSD/ding-libs/
MD5 sum is:
141ffba92d7703b7efc2595971305de7
== Highlights ==
* libini: Length of values in INI files is no longer limited to
PATH_MAX. The current limit is the amount of memory getline is
able to allocate.
== Note for distribution packagers ==
* API and ABI is backward compatible with last release (0.6.0)
== Detailed Changelog ==
Alexander Scheel (8):
Fix build with TRACE_LEVEL
Document use of basic regex in ini_config_augment
INI: Fix ini_config parsing SEGVs
INI: Tests for section/key name collisions
INI: Prevent null return_cfg during augment
INI: Add INI_MS_DETECT merge notifications
INI: Extend INI_MS_DETECT to be non-exclusive
INI: Test INI_MS_DETECT non-exclusive behavior
Lukas Slebodnik (10):
BUILD: Fix linking of ini_augment_ut_check
INI: Fix usage of buiddir in ini_augment_ut_check
INI: Fix memory leaks in unit test test_ini_augment_empty_dir
DHASH: Suppress gcc7 warning
INI: Fix warning Walloc-size-larger-than
Do not define _GNU_SOURCE
COLLECTION: Remove unused macros
INI: Fix doxygen comment for ini_errobj_create
COLLECTION: Fix misused comma
DHASH: Do not use c99 structure initialisation
Michal Židek (9):
ini_augment: Use full path when reporting pattern mismatch
DHASH: Add check based unit test
GIT: Add commit template
INI: Unit test for augmentation with empty dir
INI: do not use readdir_r
INI: Allow longer values then PATH_MAX
INI: Add test for long values
Bump version info
Update versions before 0.6.1 release
Philip Prindeville (1):
DHASH: Add new key type HASH_KEY_CONST_STRING
6 years, 2 months
- 1
- 0
sssd, Ubuntu 14.04, can't see users in trusted domains within same forest
by Jeff Silverman
Hi! Please help. Everything I've read has stated that this should work, but it does not. On ubuntu, that is. I set up a Centos 7 box and this *did* work. I've tried this on
* Ubuntu 14.04 with sssd 1.11.8 (from the default Ubuntu 14.04 repos) -- didn't work
* Ubuntu 14.04 with sssd 1.13.4 (from a PPA) -- also didn't work
* Centos 7 with sssd 1.14.0 -- This worked!
* Ubuntu 16.04 with sssd 1.13.4 -- this did not work
*Description*
I have two Active Directory domains in the same forest.
* Domain "CORP"
* Domain "QA"
I have 2-way trusts set up between the domains.
"Real users" are all in CORP
Authorization into QA is handled with AD Universal Groups, but I don't think that's relevant here (especially since what I want to work does work on Centos 7+sssd)
I have an Ubuntu 14.04 box set up which I joined to domain "QA" via realmd. here's the actual command I used
realm join \
--install=/ \
--verbose \
--user=jsilverman(a)CORP.EXAMPLE.COM \
--client-software=sssd \
--membership-software=adcli \
--computer-ou="OU=Linux,OU=Servers,DC=qa,DC=example,DC=com" \
QA.EXAMPLE.COM
Running this command, realmd
* creates a kerberos keytab
* sets up sssd.conf
* adds the computer to the OU specified in QA.EXAMPLE.COM
I then went in and added another domain to sssd.conf to configure CORP. When done, I have the following config files:
** File /etc/sssd.conf **:
[sssd]
domains = qa.example.com
config_file_version = 2
services = nss, pam
[domain/qa.example.com]
ad_domain = qa.example.com
krb5_realm = QA.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /srv/home/%u
access_provider = ad
enumerate = True
[domain/corp.example.com]
ad_domain = corp.example.com
krb5_realm = CORP.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /srv/home/%u
access_provider = ad
enumerate = True
** File /etc/krb5.conf **:
[libdefaults]
default_realm = QA.EXAMPLE.COM
[realms]
QA.EXAMPLE.COM = {
kdc = qadc01a.example.com
kdc = qadc01b.example.com
admin_server = qadc01a.example.com
}
CORP.EXAMPLE.COM = {
kdc = corpdc01a.it.example.com
kdc = corpdc01b.it.example.com
admin_server = corpdc01a.it.example.com
}
[domain_realm]
.qa.example.com = QA.EXAMPLE.COM
qa.example.com = QA.EXAMPLE.COM
.corp.example.com = CORP.EXAMPLE.COM
corp.example.com = CORP.EXAMPLE.COM
** File /etc/realmd.conf **:
[service]
automatic-install = no
[users]
default-home = /srv/home/%U
default-shell = /bin/bash
[qa.example.com]
computer-ou = OU=Servers,OU=Linux,DC=qa,DC=example,DC=com
automatic-id-mapping = yes
fully-qualified-names = no
[corp.example.com]
automatic-id-mapping = yes
fully-qualified-names = no
Finally, when I do all this on Centos 7, I am able to find users in both domains, and I'm able to authenticate as those users from both domains. Example , *on Centos 7*:
# getent passwd jsilverman(a)corp.example.com
jsilverman@corp.example.com:*:363201124:363201124:Jeff Silverman:/srv/home/jsilverman:/bin/bash
# getent passwd qatestadmin
qatestadmin:*:277401105:277400513:QA Test Admin:/srv/home/qatestadmin:/bin/bash
# getent passwd qatestadmin(a)qa.example.com
qatestadmin:*:277401105:277400513:QA Test Admin:/srv/home/qatestadmin:/bin/bash
HOWEVER, when I do all this on Ubuntu 14.04, OR on Ubuntu 16.04, I can only see users from the QA domain.
# getent passwd jsilverman(a)corp.example.com ## (Note: there is no output from this command)
# getent passwd qatestadmin
qatestadmin:*:277401105:277400513:QA Test Admin:/srv/home/qatestadmin:/bin/bash
# getent passwd qatestadmin(a)qa.example.com
qatestadmin:*:277401105:277400513:QA Test Admin:/srv/home/qatestadmin:/bin/bash
Please advise!
6 years, 2 months
- 2
- 2