On Mon, Jul 01, 2019 at 09:09:24AM -0000, B M wrote:
Hi Jakub,
Thx for the suggestions!
Here more logs:
NOTE: Replaced xxxx-xxxx or xxxx from the original name.
/var/log/sssd/sssd_sudo.log
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Received client
version [1].
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Offered version
[1].
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using protocol version
[1]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_get_rules_send] (0x0400): Running
initgroups for [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_plugin] (0x2000): CR #8: Setting
"Initgroups by name" plugin
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_send] (0x0400): CR #8: New request
'Initgroups by name'
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_process_input] (0x0400): CR #8:
Parsing input name [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name
'admin(a)awsad.xxxx-xxxx.com' matched expression for domain
'awsad.xxxx-xxxx.com', user is admin
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_name] (0x0400): CR #8: Setting
name [admin]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_select_domains] (0x0400): CR #8:
Performing a single domain search
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_domain_get_state] (0x1000): Domain
awsad.xxxx-xxxx.com is Active
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_domains] (0x0400): CR #8:
Search will check the cache and check the data provider
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_validate_domain_type] (0x2000):
Request type POSIX-only for domain
awsad.xxxx-xxxx.com type POSIX is valid
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_domain] (0x0400): CR #8: Using
domain [
awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_prepare_domain_data] (0x0400): CR #8:
Preparing input data for domain [
awsad.xxxx-xxxx.com] rules
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR #8: Looking
up admin(a)awsad.xxxx-xxxx.com
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): CR #8:
Checking negative cache for [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking
negative cache for [
NCE/USER/awsad.xxxx-xxxx.com/admin@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): CR #8:
[admin(a)awsad.xxxx-xxxx.com] is not present in negative cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR #8: Looking
up [admin(a)awsad.xxxx-xxxx.com] in cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR #8: Object
found, but needs to be refreshed.
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_dp] (0x0400): CR #8: Looking up
[admin(a)awsad.xxxx-xxxx.com] in data provider
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x55c2341d5360:3:admin@awsad.xxxx-xxxx.com@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_account_msg] (0x0400): Creating
request for
[awsad.xxxx-xxxx.com][0x3][BE_REQ_INITGROUPS][name=admin@awsad.xxxx-xxxx.com:-]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_add_timeout] (0x2000): 0x55c2362f3a70
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x55c2341d5360:3:admin@awsad.xxxx-xxxx.com@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_remove_timeout] (0x2000): 0x55c2362f3a70
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_reply] (0x0010): The Data Provider
returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
You'll want to fix this first..unless sssd can stay online at least for
the duration of the test, the logs won't be as useful..
The way I usually debug these issues is to find the first occurence of
"Going offline" or "Marking port XYZ as NOT_WORKING" in the log and
then
look couple of lines before.
See inline..
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv]
(0x0040): CR #8: Data Provider Error: 3, 5, Failed to get reply from Data Provider
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv] (0x0400): CR #8: Due
to an error we will return cached data
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR #8: Looking
up [admin(a)awsad.xxxx-xxxx.com] in cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache_filter] (0x0400): CR #8:
This request type does not support filtering result by negative cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_done] (0x0400): CR #8:
Returning updated object [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_create_and_add_result] (0x0400): CR
#8: Found 24 entries in domain
awsad.xxxx-xxxx.com
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_req_destructor] (0x0400): Deleting
request: [0x55c2341d5360:3:admin@awsad.xxxx-xxxx.com@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_done] (0x0400): CR #8: Finished:
Success
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sysdb_get_sudo_user_info] (0x0400): original
name: Admin(a)awsad.xxxx-xxxx.com
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): Searching sysdb
with
[(&(objectClass=sudoRule)(dataExpireTimestamp<=1561969502)(|(name=defaults)(sudoUser=ALL)(sudoUser=Admin@awsad.xxxx-xxxx.com)(sudoUser=#1979001109)(sudoUser=%Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Account\20Operators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Group\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20System\20Management\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%DnsAdmins@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Server\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%TESTS@awsad.xxxx-xxxx.com)(sudoUser=%Domain\20Users(a)awsad.xxxx-xxxx.com)(sudoUser=+*)))]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_refresh_rules_send] (0x0400): No expired
rules were found for [Admin@awsad.xxxx-xxxx.com(a)awsad.xxxx-xxxx.com].
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): Retrieving
default options for [Admin@awsad.xxxx-xxxx.com(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): Searching sysdb
with [(&(objectClass=sudoRule)(name=defaults))]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): Returning 0
default options for [Admin@awsad.xxxx-xxxx.com(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): error: [0]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): rules_num:
[0]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using protocol version
[1]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_get_rules_send] (0x0400): Running
initgroups for [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_plugin] (0x2000): CR #9: Setting
"Initgroups by name" plugin
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_send] (0x0400): CR #9: New request
'Initgroups by name'
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_process_input] (0x0400): CR #9:
Parsing input name [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name
'admin(a)awsad.xxxx-xxxx.com' matched expression for domain
'awsad.xxxx-xxxx.com', user is admin
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_name] (0x0400): CR #9: Setting
name [admin]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_select_domains] (0x0400): CR #9:
Performing a single domain search
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_domain_get_state] (0x1000): Domain
awsad.xxxx-xxxx.com is Active
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_domains] (0x0400): CR #9:
Search will check the cache and check the data provider
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_validate_domain_type] (0x2000):
Request type POSIX-only for domain
awsad.xxxx-xxxx.com type POSIX is valid
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_domain] (0x0400): CR #9: Using
domain [
awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_prepare_domain_data] (0x0400): CR #9:
Preparing input data for domain [
awsad.xxxx-xxxx.com] rules
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR #9: Looking
up admin(a)awsad.xxxx-xxxx.com
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): CR #9:
Checking negative cache for [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking
negative cache for [
NCE/USER/awsad.xxxx-xxxx.com/admin@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): CR #9:
[admin(a)awsad.xxxx-xxxx.com] is not present in negative cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR #9: Looking
up [admin(a)awsad.xxxx-xxxx.com] in cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR #9: Object
found, but needs to be refreshed.
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_dp] (0x0400): CR #9: Looking up
[admin(a)awsad.xxxx-xxxx.com] in data provider
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x55c2341d5360:3:admin@awsad.xxxx-xxxx.com@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_account_msg] (0x0400): Creating
request for
[awsad.xxxx-xxxx.com][0x3][BE_REQ_INITGROUPS][name=admin@awsad.xxxx-xxxx.com:-]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_add_timeout] (0x2000): 0x55c236313f70
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x55c2341d5360:3:admin@awsad.xxxx-xxxx.com@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_remove_timeout] (0x2000): 0x55c236313f70
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_reply] (0x0010): The Data Provider
returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv] (0x0040): CR #9: Data
Provider Error: 3, 5, Failed to get reply from Data Provider
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv] (0x0400): CR #9: Due
to an error we will return cached data
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR #9: Looking
up [admin(a)awsad.xxxx-xxxx.com] in cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache_filter] (0x0400): CR #9:
This request type does not support filtering result by negative cache
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_done] (0x0400): CR #9:
Returning updated object [admin(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_create_and_add_result] (0x0400): CR
#9: Found 24 entries in domain
awsad.xxxx-xxxx.com
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_req_destructor] (0x0400): Deleting
request: [0x55c2341d5360:3:admin@awsad.xxxx-xxxx.com@awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_done] (0x0400): CR #9: Finished:
Success
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sysdb_get_sudo_user_info] (0x0400): original
name: Admin(a)awsad.xxxx-xxxx.com
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): Searching sysdb
with
[(&(objectClass=sudoRule)(dataExpireTimestamp<=1561969502)(|(name=defaults)(sudoUser=ALL)(sudoUser=Admin@awsad.xxxx-xxxx.com)(sudoUser=#1979001109)(sudoUser=%Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Account\20Operators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Group\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20System\20Management\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%DnsAdmins@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Server\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%TESTS@awsad.xxxx-xxxx.com)(sudoUser=%Domain\20Users(a)awsad.xxxx-xxxx.com)(sudoUser=+*)))]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_refresh_rules_send] (0x0400): No expired
rules were found for [Admin@awsad.xxxx-xxxx.com(a)awsad.xxxx-xxxx.com].
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): Retrieving rules
for [Admin@awsad.xxxx-xxxx.com(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): Searching sysdb
with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=Admin@awsad.xxxx-xxxx.com)(sudoUser=#1979001109)(sudoUser=%Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Account\20Operators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Group\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20System\20Management\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%DnsAdmins@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Server\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%TESTS@awsad.xxxx-xxxx.com)(sudoUser=%Domain\20Users(a)awsad.xxxx-xxxx.com)))]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_cached_rules_by_user] (0x0400):
Replacing sudoUser attribute with sudoUser: #1979001109
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): Searching sysdb
with
[(&(objectClass=sudoRule)(sudoUser=+*)(!(|(sudoUser=ALL)(sudoUser=Admin@awsad.xxxx-xxxx.com)(sudoUser=#1979001109)(sudoUser=%Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Account\20Operators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Group\20Policy\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20System\20Management\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\20Users@awsad.xxxx-xxxx.com)(sudoUser=%DnsAdmins@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%AWS\20Delegated\20Server\20Administrators@awsad.xxxx-xxxx.com)(sudoUser=%TESTS@awsad.xxxx-xxxx.com)(sudoUser=%Domain\20Users(a)awsad.xxxx-xxxx.com))))]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): Returning 0 rules
for [Admin@awsad.xxxx-xxxx.com(a)awsad.xxxx-xxxx.com]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): error: [0]
(Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): rules_num:
[0]
/var/log/sssd/sssd_LDAP_AWSAD.XXXX-XXXX.COM.log
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sysdb_sudo_store_rule]
(0x0400): Adding sudo rule %TESTS(a)awsad.xxxx-xxxx.com
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sysdb_sudo_store_rule]
(0x0400): Adding sudo rule r3
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sysdb_sudo_store_rule]
(0x0400): Adding sudo rule defaults
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_sudo_refresh_done]
(0x0400): Sudoers is successfully stored in cache
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_sudo_set_usn]
(0x0200): SUDO higher USN value: [245544]
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [be_ptask_done] (0x0400):
Task [SUDO Full Refresh]: finished successfully
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [be_ptask_schedule]
(0x0400): Task [SUDO Full Refresh]: scheduling task 21600 seconds from last execution time
[1561990778]
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[(nil)], ldap[0x55f8831bc530]
(Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sbus_message_handler]
(0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[dp_get_account_info_handler] (0x0200): Got request for
[0x3][BE_REQ_INITGROUPS][name=ubuntu(a)ldap_awsad.xxxx-xxxx.com]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sss_domain_get_state]
(0x1000): Domain
LDAP_AWSAD.xxxx-xxxx.COM is Active
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_attach_req] (0x0400):
DP Request [Initgroups #5]: New request. Flags [0x0001].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sss_domain_get_state]
(0x1000): Domain
LDAP_AWSAD.xxxx-xxxx.COM is Active
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_initgr_next_base] (0x0400): Searching for users with base
[DC=awsad,DC=xxxx-xxxx,DC=com]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_print_server]
(0x2000): Searching 10.80.100.196:389
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(uid=ubuntu)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][DC=awsad,DC=xxxx-xxxx,DC=com].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [rhost]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sshPublicKey]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 15
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_op_add] (0x2000):
New operation 15 timeout 6
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbbe0],
ldap[0x55f8831bc530]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[
ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=x...]
with fd [23].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[
ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=x...]
with fd [24].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[
ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com] with fd [25].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_rebind_proc]
(0x1000): Successfully bind to
[
ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_rebind_proc]
(0x1000): Successfully bind to
[
ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=x...].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_rebind_proc]
(0x1000): Successfully bind to
[
ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=x...].
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=x...
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbbe0],
ldap[0x55f8831bc530]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbbe0],
ldap[0x55f8831bc530]
(Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=x...
Here we see many referrals being followed. This is typical with AD and
with LDAP provider with AD you'll want to switch off the referral
support:
ldap_referrals = false
this is documented here:
https://docs.pagure.org/SSSD.sssd/users/ldap_with_ad.html
Is there a reason to use the LDAP provider and not the AD provider?
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbbe0],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbbe0],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://awsad.xxxx-xxxx.com/CN=Schema,CN=Configuration,DC=awsad,DC=xxxx-xx...
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbbe0],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbbe0],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_op_destructor]
(0x2000): Operation 15 finished
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_user_by_upn] (0x0400): No entry with upn [ubuntu(a)ldap_awsad.xxxx-xxxx.com]
found.
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_entry_by_sid_str] (0x0400): No such entry
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_object_attr] (0x0400): No such entry.
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sysdb_get_real_name]
(0x0040): Cannot find user [ubuntu(a)ldap_awsad.xxxx-xxxx.com] in cache
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [groups_by_user_done]
(0x2000): Failed to canonicalize name, using [ubuntu(a)ldap_awsad.xxxx-xxxx.com] [2]: No
such file or directory.
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_by_name] (0x0400): No such entry
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_cache_search_groups] (0x2000): Search groups with filter:
(&(objectCategory=group)(ghost=ubuntu(a)ldap_awsad.xxxx-xxxx.com))
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_cache_search_groups] (0x2000): No such entry
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_done]
(0x0400): DP Request [Initgroups #5]: Request handler finished [0]: Success
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [_dp_req_recv]
(0x0400): DP Request [Initgroups #5]: Receiving request data.
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[dp_req_reply_list_success] (0x0400): DP Request [Initgroups #5]: Finished. Success.
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_reply_std]
(0x1000): DP Request [Initgroups #5]: Returning [Success]: 0,0,Success
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[dp_table_value_destructor] (0x0400): Removing
[0:1:0x0001:3::LDAP_AWSAD.xxxx-xxxx.COM:name=ubuntu@ldap_awsad.xxxx-xxxx.com] from reply
table
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_destructor]
(0x0400): DP Request [Initgroups #5]: Request removed.
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[(nil)], ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[dp_get_account_info_handler] (0x0200): Got request for
[0x3][BE_REQ_INITGROUPS][name=ubuntu(a)ldap_awsad.xxxx-xxxx.com]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sss_domain_get_state] (0x1000): Domain
LDAP_AWSAD.xxxx-xxxx.COM is Active
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_attach_req]
(0x0400): DP Request [Initgroups #6]: New request. Flags [0x0001].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sss_domain_get_state] (0x1000): Domain
LDAP_AWSAD.xxxx-xxxx.COM is Active
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_initgr_next_base] (0x0400): Searching for users with base
[DC=awsad,DC=xxxx-xxxx,DC=com]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_print_server]
(0x2000): Searching 10.80.100.196:389
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(uid=ubuntu)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][DC=awsad,DC=xxxx-xxxx,DC=com].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [rhost]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sshPublicKey]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 26
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_op_add]
(0x2000): New operation 26 timeout 6
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbd60],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[
ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=x...]
with fd [23].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[
ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=x...]
with fd [24].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[
ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com] with fd [25].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_rebind_proc]
(0x1000): Successfully bind to
[
ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_rebind_proc]
(0x1000): Successfully bind to
[
ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=x...].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_rebind_proc]
(0x1000): Successfully bind to
[
ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=x...].
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=x...
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbd60],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbd60],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=x...
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbd60],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbd60],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_ext_add_references] (0x1000): Additional References:
ldap://awsad.xxxx-xxxx.com/CN=Schema,CN=Configuration,DC=awsad,DC=xxxx-xx...
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbd60],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[0x55f8831dbd60],
ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_op_destructor]
(0x2000): Operation 26 finished
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_user_by_upn] (0x0400): No entry with upn [ubuntu(a)ldap_awsad.xxxx-xxxx.com]
found.
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_entry_by_sid_str] (0x0400): No such entry
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_object_attr] (0x0400): No such entry.
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sysdb_get_real_name]
(0x0040): Cannot find user [ubuntu(a)ldap_awsad.xxxx-xxxx.com] in cache
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [groups_by_user_done]
(0x2000): Failed to canonicalize name, using [ubuntu(a)ldap_awsad.xxxx-xxxx.com] [2]: No
such file or directory.
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_search_by_name] (0x0400): No such entry
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_cache_search_groups] (0x2000): Search groups with filter:
(&(objectCategory=group)(ghost=ubuntu(a)ldap_awsad.xxxx-xxxx.com))
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[sysdb_cache_search_groups] (0x2000): No such entry
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_done]
(0x0400): DP Request [Initgroups #6]: Request handler finished [0]: Success
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [_dp_req_recv]
(0x0400): DP Request [Initgroups #6]: Receiving request data.
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[dp_req_reply_list_success] (0x0400): DP Request [Initgroups #6]: Finished. Success.
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_reply_std]
(0x1000): DP Request [Initgroups #6]: Returning [Success]: 0,0,Success
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]]
[dp_table_value_destructor] (0x0400): Removing
[0:1:0x0001:3::LDAP_AWSAD.xxxx-xxxx.COM:name=ubuntu@ldap_awsad.xxxx-xxxx.com] from reply
table
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_destructor]
(0x0400): DP Request [Initgroups #6]: Request removed.
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: sh[0x55f8831b51f0], connected[1], ops[(nil)], ldap[0x55f8831bc530]
> (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_process_result]
(0x2000): Trace: end of ldap_result list
>
>
> ldbsearch -H /var/lib/sss/db/cache_LDAP_AWSAD.XXXX-XXXX.COM.ldb
>
> asq: Unable to register control with rootdse!
> # record 1
> dn: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: Users
> distinguishedName: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 2
> dn: name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: r2
> dataExpireTimestamp: 1561974578
> entryUSN: 245385
> name: r2
> objectClass: sudoRule
> originalDN: CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: Admin(a)awsad.xxxx-xxxx.com
> sudoUser: admin(a)awsad.xxxx-xxxx.com
> distinguishedName:
name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,
> cn=sysdb
>
> # record 3
> dn: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn:
LDAP_AWSAD.xxxx-xxxx.COM
> distinguishedName: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 4
> dn: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: defaults
> dataExpireTimestamp: 1561974578
> entryUSN: 245543
> name: defaults
> objectClass: sudoRule
> originalDN: CN=defaults,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: ALL
> sudoUser: all
> distinguishedName: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.YARA-DFD
> P.COM,cn=sysdb
>
> # record 5
> dn:
name=%TESTS(a)awsad.xxxx-xxxx.com,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: %TESTS(a)awsad.xxxx-xxxx.com
> dataExpireTimestamp: 1561974578
> entryUSN: 245477
> name: %TESTS(a)awsad.xxxx-xxxx.com
> objectClass: sudoRule
> originalDN: CN=%TESTS(a)awsad.xxxx-xxxx.com,OU=SUDOers,OU=awsad,DC=awsad,DC=yara
> -dfdp,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: %TESTS(a)awsad.xxxx-xxxx.com
> sudoUser: %tests(a)awsad.xxxx-xxxx.com
> distinguishedName: name=%TESTS(a)awsad.xxxx-xxxx.com,cn=sudorules,cn=custom,cn=L
> DAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 6
> dn: cn=ranges,cn=sysdb
> cn: ranges
> distinguishedName: cn=ranges,cn=sysdb
>
> # record 7
> dn: name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: r3
> dataExpireTimestamp: 1561974578
> entryUSN: 245509
> name: r3
> objectClass: sudoRule
> originalDN: CN=r3,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: ALL
> sudoUser: Admin(a)ldap_awsad.xxxx-xxxx.com
> sudoUser: admin(a)ldap_awsad.xxxx-xxxx.com
> distinguishedName:
name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,
> cn=sysdb
>
> # record 8
> dn: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: sudorules
> sudoLastFullRefreshTime: 1561969178
> distinguishedName: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 9
> dn: cn=sysdb
> cn: sysdb
> description: base object
> version: 0.20
> distinguishedName: cn=sysdb
>
> # record 10
> dn: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: Groups
> distinguishedName: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 11
> dn: name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: r1
> dataExpireTimestamp: 1561974578
> entryUSN: 245304
> name: r1
> objectClass: sudoRule
> originalDN: CN=r1,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: ubuntu(a)ldap_awsad.xxxx-xxxx.com
> distinguishedName:
name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,
> cn=sysdb
>
> # returned 11 records
> # 11 entries
> # 0 referrals
> root@dfdp-080100016:~# ldbsearch -H
/var/lib/sss/db/cache_LDAP_AWSAD.xxxx-xxxx.COM.ldb
> asq: Unable to register control with rootdse!
> # record 1
> dn: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: Users
> distinguishedName: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 2
> dn: name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: r2
> dataExpireTimestamp: 1561974578
> entryUSN: 245385
> name: r2
> objectClass: sudoRule
> originalDN: CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: Admin(a)awsad.xxxx-xxxx.com
> sudoUser: admin(a)awsad.xxxx-xxxx.com
> distinguishedName:
name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,
> cn=sysdb
>
> # record 3
> dn: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn:
LDAP_AWSAD.xxxx-xxxx.COM
> distinguishedName: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 4
> dn: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: defaults
> dataExpireTimestamp: 1561974578
> entryUSN: 245543
> name: defaults
> objectClass: sudoRule
> originalDN: CN=defaults,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: ALL
> sudoUser: all
> distinguishedName: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.YARA-DFD
> P.COM,cn=sysdb
>
> # record 5
> dn:
name=%TESTS(a)awsad.xxxx-xxxx.com,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: %TESTS(a)awsad.xxxx-xxxx.com
> dataExpireTimestamp: 1561974578
> entryUSN: 245477
> name: %TESTS(a)awsad.xxxx-xxxx.com
> objectClass: sudoRule
> originalDN: CN=%TESTS(a)awsad.xxxx-xxxx.com,OU=SUDOers,OU=awsad,DC=awsad,DC=yara
> -dfdp,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: %TESTS(a)awsad.xxxx-xxxx.com
> sudoUser: %tests(a)awsad.xxxx-xxxx.com
> distinguishedName: name=%TESTS(a)awsad.xxxx-xxxx.com,cn=sudorules,cn=custom,cn=L
> DAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 6
> dn: cn=ranges,cn=sysdb
> cn: ranges
> distinguishedName: cn=ranges,cn=sysdb
>
> # record 7
> dn: name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: r3
> dataExpireTimestamp: 1561974578
> entryUSN: 245509
> name: r3
> objectClass: sudoRule
> originalDN: CN=r3,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: ALL
> sudoUser: Admin(a)ldap_awsad.xxxx-xxxx.com
> sudoUser: admin(a)ldap_awsad.xxxx-xxxx.com
> distinguishedName:
name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,
> cn=sysdb
>
> # record 8
> dn: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: sudorules
> sudoLastFullRefreshTime: 1561969178
> distinguishedName: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 9
> dn: cn=sysdb
> cn: sysdb
> description: base object
> version: 0.20
> distinguishedName: cn=sysdb
>
> # record 10
> dn: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: Groups
> distinguishedName: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
>
> # record 11
> dn: name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb
> cn: r1
> dataExpireTimestamp: 1561974578
> entryUSN: 245304
> name: r1
> objectClass: sudoRule
> originalDN: CN=r1,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> sudoCommand: ALL
> sudoHost: ALL
> sudoOption: !authenticate
> sudoUser: ubuntu(a)ldap_awsad.xxxx-xxxx.com
> distinguishedName:
name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,
> cn=sysdb
>
> # returned 11 records
> # 11 entries
> # 0 referrals
>
> /etc/sssd/sssd.conf
>
> [sssd]
> services = nss, pam,ssh, sudo
> debug_level = 0x7FFF
> domains =
awsad.xxxx-xxxx.com,
aws.dfdp.com,
LDAP_AWSAD.xxxx-xxxx.COM
>
> [sudo]
> debug_level = 0x3ff0
>
> [
domain/LDAP_AWSAD.xxxx-xxxx.COM]
> case_sensitive=false
> debug_level = 0x3ff0
> access_provider = ldap
> id_provider = ldap
> sudo_provider = ldap
> ldap_uri = ldap://xxx.xxx.xxx.xxx
> ldap_default_bind_dn = account(a)awsad.xxxx-xxxx.com
> ldap_default_authtok = xxxxxxxxx
> ldap_sudo_search_base = OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
>
> [
domain/awsad.xxxx-xxxx.com]
> debug_level = 0x0200
> id_provider = ad
> access_provider = ad
> enumerate = true
> subdomain_enumerate = all
> ad_domain =
AWSAD.xxxx-xxxx.COM
> krb5_realm =
AWSAD.xxxx-xxxx.COM
> realmd_tags = manages-system joined-with-adcli
> cache_credentials = True
> krb5_store_password_if_offline = True
> default_shell = /bin/bash
> ldap_id_mapping = True
> use_fully_qualified_names = True
> fallback_homedir = /home/%d/%u
>
> [
domain/aws.xxxx.com]
> debug_level = 0x0200
> id_provider = ad
> access_provider = ad
> enumerate = true
> ad_domain =
AWS.xxxx.COM
> krb5_realm =
AWS.xxxx.COM
> realmd_tags = manages-system joined-with-adcli
> cache_credentials = True
> krb5_store_password_if_offline = True
> default_shell = /bin/bash
> ldap_id_mapping = True
> use_fully_qualified_names = True
> fallback_homedir = /home/%d/%u
>
>
> [
domain/ad.xxxx.com]
> debug_level = 0x0200
> id_provider = ad
> access_provider = ad
> ad_server =
xxx.ad.xxxx.com
> ad_server_backup =
xxx.ad.xxxx.com
> enumerate = true
> ad_domain =
AD.XXXX.COM
> krb5_realm =
AD.XXXX.COM
> realmd_tags = manages-system joined-with-adcli
> cache_credentials = True
> krb5_store_password_if_offline = True
> default_shell = /bin/bash
> ldap_id_mapping = True
> use_fully_qualified_names = True
> fallback_homedir = /home/%d/%u
>
>
>
> /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat systemd sss
> group: compat systemd sss
> shadow: compat sss
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files sss
> ethers: db files
> rpc: db files
>
> netgroup: nis sss
> sudoers: sss files
>
>
> Windows AD using the SUDO schema (imported).
>
> Only 1 entry from MS AD for the sake of example:
>
> PS C:\Windows\system32> Get-ADObject –Identity
"CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com" -Property *
>
>
> CanonicalName :
awsad.xxxx-xxxx.com/awsad/SUDOers/r2
> CN : r2
> Created : 6/30/2019 8:59:46 AM
> createTimeStamp : 6/30/2019 8:59:46 AM
> Deleted :
> Description :
> DisplayName :
> DistinguishedName :
CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com
> dSCorePropagationData : {1/1/1601 12:00:00 AM}
> instanceType : 4
> isDeleted :
> LastKnownParent :
> Modified : 6/30/2019 8:59:56 AM
> modifyTimeStamp : 6/30/2019 8:59:56 AM
> Name : r2
> nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
> ObjectCategory :
CN=sudoRole,CN=Schema,CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com
> ObjectClass : sudoRole
> ObjectGUID : 9b660613-94f8-4f58-86bc-21e813027fbf
> ProtectedFromAccidentalDeletion : False
> sDRightsEffective : 7
> sudoCommand : {ALL}
> sudoHost : {ALL}
> sudoOption : {!authenticate}
> sudoUser : {Admin(a)awsad.xxxx-xxxx.com}
> uSNChanged : 245385
> uSNCreated : 245385
> whenChanged : 6/30/2019 8:59:56 AM
> whenCreated : 6/30/2019 8:59:46 AM
>
>
>
>
> PS C:\Windows\system32>
>
>
> Thx a lot! and Cheers!
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...