On Sat, May 16, 2020 at 04:55:08PM +0200, Thibault Boyeux wrote:
> Hi Sumit
>
> Thanks a lot for your email. Apologies for the late answer, it took me a
> little time to get used to how gdb works ;)
>
> Anyway, after debugging the latest git version, it looks like the issue
> systematically happens line 237 of *ad_gpo_ndr.c, *in the
> *ndr_pull_security_ace_object_ctr()* method, calling Samba's new
> ndr_pull_steal_switch_value method (introduced in 4.12 according to this
> <
https://github.com/SSSD/sssd/pull/976>):
>
> 237: NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
>
> This check systematically returns NDR_ERR_TOKEN (instead, I guess, of
> NDR_ERR_SUCCESS), which then makes all other methods fail in the following
> order: ndr_pull_security_ace() (line 320), ndr_pull_security_acl() (line
> 372) and ad_gpo_ndr_pull_security_descriptor() (line 513). See gdb logs
> below
>
> Anything I could do to investigate this further?
Hi,
thanks for the details, but I still have no idea what might be wrong.
Can you send me the binary data used as 'data' variable in
ad_gpo_parse_sd()? Then I can try on my own with different versions of
Samba.
Hi,
thanks for privately sending the data. I was able to reproduce the issue
and there was another report about this issue as well. I create a
pull-request with the fix at
. If
you have a chance to test the patch feedback would be very welcome.
bye,
Sumit
bye,
Sumit
>
> Thanks again,
>
> Best,
>
> Thibault
>
>
> Breakpoint 15, ndr_pull_security_ace_object_ctr (ndr=0x5581d6ddd5b0,
> ndr_flags=512, r=0x5581d6e2147c) at src/providers/ad/ad_gpo_ndr.c:237
> 237 NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
> (gdb) fin
> Run till exit from #0 ndr_pull_security_ace_object_ctr
> (ndr=0x5581d6ddd5b0, ndr_flags=512, r=0x5581d6e2147c) at
> src/providers/ad/ad_gpo_ndr.c:237
> 0x00007f18aa8cf0d2 in ndr_pull_security_ace (ndr=0x5581d6ddd5b0,
> ndr_flags=512, r=0x5581d6e21470) at src/providers/ad/ad_gpo_ndr.c:320
> 320 NDR_CHECK(ndr_pull_security_ace_object_ctr
> Value returned is $123 = NDR_ERR_TOKEN
> (gdb) fin
> Run till exit from #0 0x00007f18aa8cf0d2 in ndr_pull_security_ace
> (ndr=0x5581d6ddd5b0, ndr_flags=512, r=0x5581d6e21470) at
> src/providers/ad/ad_gpo_ndr.c:320
> 0x00007f18aa8cf576 in ndr_pull_security_acl (ndr=0x5581d6ddd5b0,
> ndr_flags=768, r=0x5581d6de3230) at src/providers/ad/ad_gpo_ndr.c:372
> 372 NDR_CHECK(ndr_pull_security_ace
> Value returned is $124 = NDR_ERR_TOKEN
> (gdb) fin
> Run till exit from #0 0x00007f18aa8cf576 in ndr_pull_security_acl
> (ndr=0x5581d6ddd5b0, ndr_flags=768, r=0x5581d6de3230) at
> src/providers/ad/ad_gpo_ndr.c:372
> 0x00007f18aa8d03ee in ad_gpo_ndr_pull_security_descriptor
> (ndr=0x5581d6ddd5b0, ndr_flags=768, r=0x7ffdec42d870) at
> src/providers/ad/ad_gpo_ndr.c:513
> 513 NDR_CHECK(ndr_pull_security_acl(ndr,
> Value returned is $125 = NDR_ERR_TOKEN
> (gdb) fin
> Run till exit from #0 0x00007f18aa8d03ee in
> ad_gpo_ndr_pull_security_descriptor (ndr=0x5581d6ddd5b0, ndr_flags=768,
> r=0x7ffdec42d870) at src/providers/ad/ad_gpo_ndr.c:513
> 0x00007f18aa8ca867 in ad_gpo_parse_sd (mem_ctx=0x5581d6e0cf50,
> data=0x5581d6e171d0 "\001", length=256, _gpo_sd=0x5581d6e0cf50) at
> src/providers/ad/ad_gpo.c:3925
> 3925 ndr_err = ad_gpo_ndr_pull_security_descriptor(ndr_pull,
> Value returned is $126 = NDR_ERR_TOKEN
>
>
> On Mon, May 11, 2020 at 11:07 AM Sumit Bose <sbose(a)redhat.com> wrote:
>
> > On Fri, May 08, 2020 at 03:35:56PM +0200, Thibault Boyeux wrote:
> > > Hi all,
> > >
> > > I'm encountering an issue after upgrading to Samba 4.12.2. I can no
> > longer
> > > login with an Active Directory account from a terminal or gnome. I'm
> > > prompted with a "System error" message.
> > >
> > > When I downgrade to samba 4.11.3 everything works fine. AD authentication
> > > works OK with the same account from a Windows machine.
> > >
> > > "getent passwd my_username" works well, as "getent passwd
<group>". kinit
> > > my_username(a)DOMAIN.NET works OK too. Logging in in with "su
<username>"
> > > from a local account works too.
> > >
> > > SSSD version: 2.2.3. This is from an Arch Linux package, that has been
> > > patched
> > > <
> >
https://git.archlinux.org/svntogit/community.git/tree/trunk?h=packages/sssd
> > >
> > > by its maintainer for compatibility with Samba 4.12 (I also compiled sssd
> > > from the current git source code, but encountered the same cryptic
> > error.)
> > > Samba version: 4.12.2
> > > Operating system: Arch Linux (fully upgraded)
> >
> > Hi,
> >
> > do I understand correctly that you recompiled SSSD after updating Samba
> > to version 4.12.2 or did you use the same SSSD binary you used with
> > Samba 4.11.3?
> >
> > According to the logs the error most probably happened in
> > ad_gpo_ndr_pull_security_descriptor(). Can you step through this
> > function with gdb to see which operation failed (please add 'timeout =
> > 999999' to the [domain/...] section of sssd.conf to not run into issues
> > with the watchdog and gdb)? If not I can try to reproduce this locally.
> >
> > bye,
> > Sumit
> >
> > >
> > > Any idea how I could fix this / investigate this further? Please find
> > > sssd.conf and logs below - I couldn't find anything interesting in
there
> > > but I'm no expert :)
> > >
> > > Thanks a lot!
> > >
> > > === sssd.conf ===
> > >
> > > [sssd]
> > > config_file_version = 2
> > > domains =
domain.net
> > > services = nss, pam
> > > debug_level = 6
> > >
> > > [
domain/domain.net]
> > > ad_hostname =
computer.domain.net
> > > krb5_realm =
DOMAIN.NET
> > > cache_credentials = true
> > > id_provider = ad
> > > auth_provider = ad
> > > access_provider = ad
> > > chpass_provider = ad
> > > ldap_schema = ad
> > > default_shell = /bin/zsh
> > > fallback_homedir = /home/DOMAIN/%u
> > > dyndns_update = true
> > > dyndns_refresh_interval = 43200
> > > dyndns_update_ptr = true
> > > dyndns_ttl = 3600
> > > debug_level = 6
> > > #enumerate = true
> > >
> > > [pam]
> > > debug_level = 6
> > >
> > > [nss]
> > > debug_level = 6
> > >
> > >
> > > === sssd_domain.net.log ===
> > >
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [dp_get_account_info_send] (0x0200): Got request for
> > > [0x3][BE_REQ_INITGROUPS][name=my_username(a)domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_attach_req]
> > (0x0400):
> > > DP Request [Initgroups #17]: New request. Flags [0x0001].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_attach_req]
> > (0x0400):
> > > Number of active DP request: 1
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_initgr_next_base] (0x0400): Searching for users with base
> > > [DC=domain,DC=net]
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > >
> >
[(&(sAMAccountName=my_username)(objectclass=user)(objectSID=*))][DC=domain,DC=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_save_user]
> > > (0x0400): Save user
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [sdap_get_primary_name]
> > > (0x0400): Processing object MY_USERNAME
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_save_user]
> > > (0x0400): Processing user MY_USERNAME(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_save_user]
> > > (0x0400): Adding original memberOf attributes to [MY_USERNAME(a)domain.net
> > ].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_save_user]
> > > (0x0400): Adding user principal [MY_USERNAME(a)DOMAIN.NET] to attributes
> > of [
> > > MY_USERNAME(a)domain.net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_save_user]
> > > (0x0400): Storing info for user MY_USERNAME(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sysdb_set_entry_attr]
> > > (0x0200): Entry [name=MY_USERNAME(a)domain.net,cn=users,cn=domain.net
> > ,cn=sysdb]
> > > has set [ts_cache] attrs.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sysdb_store_user]
> > > (0x0400): User "MY_USERNAME(a)domain.net" has been stored
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
> > > filter][CN=My Username,OU=Users,DC=domain,DC=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [sdap_idmap_sid_to_unix]
> > > (0x0400): Object SID [S-1-5-32-545] is a built-in one.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping
> > built-in
> > > object.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_get_initgr_done]
> > > (0x0400): Primary group already cached, nothing to do.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_done]
> > (0x0400):
> > > DP Request [Initgroups #17]: Request handler finished [0]: Success
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [_dp_req_recv]
> > (0x0400):
> > > DP Request [Initgroups #17]: Receiving request data.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_destructor]
> > > (0x0400): DP Request [Initgroups #17]: Request removed.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_destructor]
> > > (0x0400): Number of active DP request: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [dp_get_account_info_initgroups_step] (0x0400): Ordering NSS responder to
> > > update memory cache
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sysdb_set_entry_attr]
> > > (0x0200): Entry [name=MY_USERNAME(a)domain.net,cn=users,cn=domain.net
> > ,cn=sysdb]
> > > has set [ts_cache] attrs.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [sbus_issue_request_done]
> > > (0x0400): sssd.dataprovider.getAccountInfo: Success
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_pam_handler_send]
> > > (0x0100): Got request with the following data
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): command: SSS_PAM_AUTHENTICATE
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): domain:
domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): user: MY_USERNAME(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): service: login
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): tty: tty4
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): ruser:
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): rhost:
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): authtok type: 1
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): newauthtok type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): priv: 1
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): cli_pid: 70306
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): logon name: not set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): flags: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_attach_req]
> > (0x0400):
> > > DP Request [PAM Authenticate #18]: New request. Flags [0000].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_attach_req]
> > (0x0400):
> > > Number of active DP request: 1
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [krb5_auth_send]
> > > (0x0100): Domain directory for user [MY_USERNAME(a)domain.net] not known.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [fo_resolve_service_send]
> > > (0x0100): Trying to resolve service 'AD'
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [resolve_srv_send]
> > > (0x0200): The status of SRV lookup is resolved
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [be_resolve_server_process] (0x0200): Found address for server
> > >
ADDC.domain.net: [192.168.5.4] TTL 900
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [write_pipe_handler]
> > > (0x0400): All data has been sent!
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [child_sig_handler]
> > > (0x0100): child [71170] finished successfully.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [read_pipe_handler]
> > > (0x0400): EOF received, client finished
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [fo_set_port_status]
> > > (0x0100): Marking port 389 of server 'ADDC.domain.net' as
'working'
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [set_server_common_status] (0x0100): Marking server
'ADDC.domain.net' as
> > > 'working'
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [fo_set_port_status]
> > > (0x0400): Marking port 389 of duplicate server 'ADDC.domain.net'
as
> > > 'working'
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sysdb_set_entry_attr]
> > > (0x0200): Entry [name=MY_USERNAME(a)domain.net,cn=users,cn=domain.net
> > ,cn=sysdb]
> > > has set [cache, ts_cache] attrs.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sysdb_set_entry_attr]
> > > (0x0200): Entry [name=MY_USERNAME(a)domain.net,cn=users,cn=domain.net
> > ,cn=sysdb]
> > > has set [cache, ts_cache] attrs.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_done]
> > (0x0400):
> > > DP Request [PAM Authenticate #18]: Request handler finished [0]: Success
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [_dp_req_recv]
> > (0x0400):
> > > DP Request [PAM Authenticate #18]: Receiving request data.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_destructor]
> > > (0x0400): DP Request [PAM Authenticate #18]: Request removed.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_destructor]
> > > (0x0400): Number of active DP request: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_method_enabled]
> > > (0x0400): Target selinux is not configured
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [sbus_issue_request_done]
> > > (0x0400): sssd.dataprovider.pamHandler: Success
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_pam_handler_send]
> > > (0x0100): Got request with the following data
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): command: SSS_PAM_ACCT_MGMT
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): domain:
domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): user: MY_USERNAME(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): service: login
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): tty: tty4
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): ruser:
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): rhost:
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): authtok type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): newauthtok type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): priv: 1
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): cli_pid: 70306
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): logon name: not set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [pam_print_data]
> > > (0x0100): flags: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_attach_req]
> > (0x0400):
> > > DP Request [PAM Account #19]: New request. Flags [0000].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_attach_req]
> > (0x0400):
> > > Number of active DP request: 1
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_access_send]
> > > (0x0400): Performing access check for user [MY_USERNAME(a)domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [sdap_account_expired_ad]
> > > (0x0400): Performing AD access check for user [MY_USERNAME(a)domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [ad_gpo_access_send]
> > > (0x0400): service login maps to Interactive
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [ad_gpo_connect_done]
> > > (0x0400): sam_account_name is COMPUTER$
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > > [(&(objectclass=user)(sAMAccountName=COMPUTER$))][dc=domain,dc=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > > [objectclass=domain][DC=domain,DC=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_master_domain_next_done] (0x0400): Found SID
> > > [S-1-5-21-3635097336-3991203712-2063481127].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > > [(&(DnsDomain=domain.net)(NtVer=\14\00\00\00))][].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_master_domain_netlogon_done] (0x0400): Found flat name [DOMAIN].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_master_domain_netlogon_done] (0x0400): Found site [Domain].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_master_domain_netlogon_done] (0x0400): Found forest [
domain.net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_site_name_retrieval_done] (0x0400): Using AD site
'cn=Domain'.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > > [(objectclass=*)][].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[0]->som_dn is
> > > OU=Computers,DC=domain,DC=net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[1]->som_dn is
> > > DC=domain,DC=net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[2]->som_dn is
> > > cn=Domain,cn=Sites,CN=Configuration,DC=domain,DC=net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > > [(objectclass=*)][OU=Computers,DC=domain,DC=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_populate_gplink_list] (0x0400): som_dn:
> > > OU=Computers,DC=domain,DC=net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > > [(objectclass=*)][DC=domain,DC=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_populate_gplink_list] (0x0400): som_dn: DC=domain,DC=net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > > [(objectclass=*)][cn=Domain,cn=Sites,CN=Configuration,DC=domain,DC=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_get_som_attrs_done] (0x0040): no attrs found for SOM; try next
> > SOM
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[0]->gpo_dn:
> > >
> >
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[1]->gpo_dn:
> > >
> >
cn={6FF5E2F5-D491-45A1-9432-5AB497AEF031},cn=policies,cn=system,DC=domain,DC=net
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [sdap_sd_search_send]
> > > (0x0400): Searching entry
> > >
> >
[CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=net]
> > > using SD
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because
> > > scope is set to base.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> > >
> >
[(objectclass=*)][CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=net].
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> > > errmsg set
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [ad_gpo_parse_sd]
> > > (0x0020): Failed to pull security descriptor
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [ad_gpo_sd_process_attrs]
> > > (0x0040): ad_gpo_parse_sd() failed
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [ad_gpo_process_gpo_done]
> > > (0x0040): Unable to get GPO list: [22](Invalid argument)
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [ad_gpo_access_done]
> > > (0x0040): GPO-based access control failed.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_done]
> > (0x0400):
> > > DP Request [PAM Account #19]: Request handler finished [0]: Success
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [_dp_req_recv]
> > (0x0400):
> > > DP Request [PAM Account #19]: Receiving request data.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_destructor]
> > > (0x0400): DP Request [PAM Account #19]: Request removed.
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_req_destructor]
> > > (0x0400): Number of active DP request: 0
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]] [dp_method_enabled]
> > > (0x0400): Target selinux is not configured
> > > (Fri May 8 15:10:10 2020) [sssd[be[domain.net]]]
> > [sbus_issue_request_done]
> > > (0x0400): sssd.dataprovider.pamHandler: Success
> > >
> > >
> > > === sssd_pam.log ====
> > >
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [get_client_cred] (0x0080): The
> > > following failure is expected to happen in case SELinux is disabled:
> > > SELINUX_getpeercon failed [95][Operation not supported].
> > > Please, consider enabling SELinux in your system.
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [accept_fd_handler] (0x0400):
> > Client
> > > [0x5606d6371860][19] connected to privileged pipe!
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> > > Received client version [3].
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> > > Offered version [3].
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
> > > entering pam_cmd_authenticate
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sss_parse_name_for_domains]
> > > (0x0200): name 'my_username' matched without domain, user is
my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > command:
> > > SSS_PAM_AUTHENTICATE
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): domain:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): user:
> > > my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > service:
> > > login
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): tty:
> > tty4
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): authtok
> > > type: 1
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > > newauthtok type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > cli_pid:
> > > 70306
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): logon
> > > name: my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): flags:
> > 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_send] (0x0400): CR #12:
> > > New request 'Initgroups by name'
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_process_input]
> > (0x0400):
> > > CR #12: Parsing input name [my_username]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sss_parse_name_for_domains]
> > > (0x0200): name 'my_username' matched without domain, user is
my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_set_name] (0x0400): CR
> > > #12: Setting name [my_username]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_select_domains]
> > (0x0400):
> > > CR #12: Performing a multi-domain search
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_domains]
> > (0x0400):
> > > CR #12: Search will bypass the cache and check the data provider
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_set_domain] (0x0400):
> > CR
> > > #12: Using domain [
domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_prepare_domain_data]
> > > (0x0400): CR #12: Preparing input data for domain [
domain.net] rules
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_send] (0x0400):
> > CR
> > > #12: Looking up my_username(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_ncache]
> > (0x0400):
> > > CR #12: Checking negative cache for [my_username(a)domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_ncache]
> > (0x0400):
> > > CR #12: [my_username(a)domain.net] is not present in negative cache
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_dp] (0x0400): CR
> > > #12: Looking up [my_username(a)domain.net] in data provider
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sss_dp_get_account_send]
> > (0x0400):
> > > Creating request for [
domain.net
> > > ][0x3][BE_REQ_INITGROUPS][name=my_username@domain.net:-]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_cache] (0x0400):
> > > CR #12: Looking up [my_username(a)domain.net] in cache
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_ncache_filter]
> > > (0x0400): CR #12: This request type does not support filtering result by
> > > negative cache
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_done] (0x0400):
> > CR
> > > #12: Returning updated object [my_username(a)domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_create_and_add_result]
> > > (0x0400): CR #12: Found 4 entries in domain
domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_done] (0x0400): CR #12:
> > > Finished: Success
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pd_set_primary_name] (0x0400):
> > > User's primary name is my_username(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_dp_send_req] (0x0100):
> > Sending
> > > request with the following data:
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > command:
> > > SSS_PAM_AUTHENTICATE
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): domain:
> > >
domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): user:
> > > my_username(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > service:
> > > login
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): tty:
> > tty4
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): authtok
> > > type: 1
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > > newauthtok type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > cli_pid:
> > > 70306
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): logon
> > > name: my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): flags:
> > 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> > > pam_dp_send_req returned 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_dp_send_req_done] (0x0200):
> > > received: [0 (
Success)][domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sysdb_set_entry_attr] (0x0200):
> > > Entry [name=my_username(a)domain.net,cn=users,cn=domain.net,cn=sysdb] has
> > set
> > > [cache, ts_cache] attrs.
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [filter_responses] (0x0100):
> > > [pam_response_filter] not available, not fatal.
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_reply] (0x0200): blen: 85
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_reply] (0x0200): Returning
> > [0]:
> > > Success to the client
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100):
> > > entering pam_cmd_acct_mgmt
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sss_parse_name_for_domains]
> > > (0x0200): name 'my_username' matched without domain, user is
my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > command:
> > > SSS_PAM_ACCT_MGMT
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): domain:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): user:
> > > my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > service:
> > > login
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): tty:
> > tty4
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): authtok
> > > type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > > newauthtok type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > cli_pid:
> > > 70306
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): logon
> > > name: my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): flags:
> > 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_send] (0x0400): CR #13:
> > > New request 'Initgroups by name'
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_process_input]
> > (0x0400):
> > > CR #13: Parsing input name [my_username]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [sss_parse_name_for_domains]
> > > (0x0200): name 'my_username' matched without domain, user is
my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_set_name] (0x0400): CR
> > > #13: Setting name [my_username]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_select_domains]
> > (0x0400):
> > > CR #13: Performing a multi-domain search
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_domains]
> > (0x0400):
> > > CR #13: Search will check the cache and check the data provider
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_set_domain] (0x0400):
> > CR
> > > #13: Using domain [
domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_prepare_domain_data]
> > > (0x0400): CR #13: Preparing input data for domain [
domain.net] rules
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_send] (0x0400):
> > CR
> > > #13: Looking up my_username(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_ncache]
> > (0x0400):
> > > CR #13: Checking negative cache for [my_username(a)domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_ncache]
> > (0x0400):
> > > CR #13: [my_username(a)domain.net] is not present in negative cache
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_cache] (0x0400):
> > > CR #13: Looking up [my_username(a)domain.net] in cache
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_send] (0x0400):
> > CR
> > > #13: Returning [my_username(a)domain.net] from cache
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_search_ncache_filter]
> > > (0x0400): CR #13: This request type does not support filtering result by
> > > negative cache
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_create_and_add_result]
> > > (0x0400): CR #13: Found 4 entries in domain
domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [cache_req_done] (0x0400): CR #13:
> > > Finished: Success
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pd_set_primary_name] (0x0400):
> > > User's primary name is my_username(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_dp_send_req] (0x0100):
> > Sending
> > > request with the following data:
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > command:
> > > SSS_PAM_ACCT_MGMT
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): domain:
> > >
domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): user:
> > > my_username(a)domain.net
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > service:
> > > login
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): tty:
> > tty4
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> > > not set
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): authtok
> > > type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > > newauthtok type: 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100):
> > cli_pid:
> > > 70306
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): logon
> > > name: my_username
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_print_data] (0x0100): flags:
> > 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> > > pam_dp_send_req returned 0
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_dp_send_req_done] (0x0200):
> > > received: [4 (System
error)][domain.net]
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [filter_responses] (0x0100):
> > > [pam_response_filter] not available, not fatal.
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_reply] (0x0200): blen: 31
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [pam_reply] (0x0200): Returning
> > [4]:
> > > System error to the client
> > > (Fri May 8 15:10:10 2020) [sssd[pam]] [client_recv] (0x0200): Client
> > > disconnected!
> >
> > > _______________________________________________
> > > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> > > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> > > Fedora Code of Conduct:
> >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> >
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> > _______________________________________________
> > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
> >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> >
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
> >
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...