Am 28.08.2014 16:44, schrieb Rowland Penny:
On 28/08/14 15:41, Stefan Schäfer wrote:
> Am 28.08.2014 16:18, schrieb Lukas Slebodnik:
>> >Could you put debug_level = 7 into domain section (in
>> /etc/sssd/sssd.conf)
>> >then restart sssd; login as samba user;
>> >
>> >You should find a reason in sssd_invis-ad.loc.log file (/var/log/sssd)
>> >why sssd returned 4 (System error)
> I increased the debug_level to 7, but in the sssd_invis-ad.loc.log
> didn't appear a single entry.
>
> The same is to the other log files sssd_pam.log and sssd_nss.log. The
> only log are these in /var/log/messages.
>
> Seems that for sssd everything is ok and pam causes the problem?
>
> Stefan
>
You need to put the debug level into each section of the sssd.conf,
not just once.
Rowland
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, look better ;-)
Here's the log extract:
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[be_get_account_info] (0x0100): Got request for [4097][1][name=hbecker]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain]
(0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_search_user_next_base] (0x0400): Searching for users with base
[DC=invis-ad,DC=loc]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(sAMAccountName=hbecker)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry]
(0x1000): OriginalDN: [CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_search_user_process] (0x0400): Search for users, returned 1 results.
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Save user
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_primary_name] (0x0400): Processing object hbecker
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Processing user hbecker
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Original memberOf is not available for [hbecker].
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Adding user principal [hbecker(a)INVIS-AD.LOC] to attributes of
[hbecker].
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Storing info for user hbecker
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[be_get_account_info] (0x0100): Got request for [3][1][name=hbecker]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain]
(0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_initgr_next_base] (0x0400): Searching for users with base
[DC=invis-ad,DC=loc]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(sAMAccountName=hbecker)(objectclass=user)(&(uidNumber=*)(!(uidNumber=0))))][DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry]
(0x1000): OriginalDN: [CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Save user
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_primary_name] (0x0400): Processing object hbecker
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Processing user hbecker
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Original memberOf is not available for [hbecker].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Adding user principal [hbecker(a)INVIS-AD.LOC] to attributes of
[hbecker].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user]
(0x0400): Storing info for user hbecker
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
filter][CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [tokenGroups]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry]
(0x1000): OriginalDN: [CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_ad_tokengroups_initgr_posix_tg_done] (0x1000): Processing
membership SID [S-1-5-21-2977797608-3586008738-4122126317-513]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_ad_tokengroups_initgr_posix_tg_done] (0x1000): Processing
membership SID [S-1-5-32-545]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found
for SID S-1-5-32-545
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_ad_tokengroups_update_members] (0x1000): Updating memberships for
[hbecker]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_groups_next_base] (0x0400): Searching for groups with base
[DC=invis-ad,DC=loc]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(gidNumber=10000)(objectclass=group)(name=*)(&(gidNumber=*)(!(gidNumber=0))))][DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [groupType]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry]
(0x1000): OriginalDN: [CN=Domain Users,CN=Users,DC=invis-ad,DC=loc].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_has_deref_support] (0x0400): The server supports deref method ASQ
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_nested_group_recv] (0x0400): 0 users found in the hash table
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_nested_group_recv] (0x0400): 1 groups found in the hash table
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_primary_name] (0x0400): Processing object Domain Users
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_group]
(0x0400): Processing group Domain Users
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_process_ghost_members] (0x0400): The group has 0 members
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_process_ghost_members] (0x0400): Group has 0 members
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_group]
(0x0400): Storing info for group Domain Users
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_primary_name] (0x0400): Processing object Domain Users
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_grpmem]
(0x0400): Processing group Domain Users
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_grpmem]
(0x0400): Adding member users to group [Domain Users]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain]
(0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc]
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler]
(0x0100): Got request with the following data
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): command: PAM_AUTHENTICATE
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): domain: invis-ad.loc
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): user: hbecker
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): service: login
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): tty: tty2
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): ruser:
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): rhost:
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): authtok type: 1
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): priv: 1
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): cli_pid: 18269
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [krb5_pam_handler]
(0x1000): Wait queue of user [hbecker] is empty, running request
immediately.
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [switch_creds]
(0x0200): Switch user to [10000][10000].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [get_server_status]
(0x1000): Status of server 'invisad.invis-ad.loc' is 'working'
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [get_port_status]
(0x1000): Port status of port 0 for server 'invisad.invis-ad.loc' is
'working'
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [get_server_status]
(0x1000): Status of server 'invisad.invis-ad.loc' is 'working'
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]]
[be_resolve_server_process] (0x0200): Found address for server
invisad.invis-ad.loc: [192.168.201.10] TTL 7200
(Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [check_wait_queue]
(0x1000): Wait queue for user [hbecker] is empty.
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>)
[Success]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[be_pam_handler_callback] (0x0100): Sending result [4][invis-ad.loc]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[be_pam_handler_callback] (0x0100): Sent result [4][invis-ad.loc]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain]
(0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler]
(0x0100): Got request with the following data
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): command: PAM_ACCT_MGMT
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): domain: invis-ad.loc
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): user: hbecker
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): service: login
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): tty: tty2
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): ruser:
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): rhost:
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): authtok type: 0
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): priv: 1
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data]
(0x0100): cli_pid: 18269
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [sdap_access_send]
(0x0400): Performing access check for user [hbecker]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[sdap_account_expired_ad] (0x0400): Performing AD access check for user
[hbecker]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[ad_gpo_connect_done] (0x0400): sam_account_name is invisad.invis-ad.loc$
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectclass=user)(sAMAccountName=invisad.invis-ad.loc$))][dc=invis-ad,dc=loc].
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [distinguishedName]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[ad_gpo_target_dn_retrieval_done] (0x0040): No DN retrieved for policy
target.
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [ad_gpo_access_done]
(0x0040): GPO-based access control failed.
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[be_pam_handler_callback] (0x0100): Backend returned: (3, 4, No such
file or directory) [Internal Error (System error)]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[be_pam_handler_callback] (0x0100): Sending result [4][invis-ad.loc]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]]
[be_pam_handler_callback] (0x0100): Sent result [4][invis-ad.loc]
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [child_sig_handler]
(0x1000): Waiting for child [18288].
(Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [child_sig_handler]
(0x0100): child [18288] finished successfully.
Seems that there is a problem with Group-Policies. I haven’t set any
Group-Policies.
Any Idea how to get this working?
Stefan
--
www.invis-server.org
Stefan Schäfer
Ludwigstr. 1-3
63679 Schotten