Sequence:
login into MATE or Plasma suspend to ram wait until krbtgt expires wakeup computer unlock screen klist will show the old expired ticket.
lock/unlock screen again(well after networking is up) klist still shows the old ticket.
No SSO/NFS possible until manually doing a kinit to get a fresh ticket
Anyone else see this?
Jocke
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server.
Can you paste your sssd.conf also?
On 05/18/2017 10:58 AM, Joakim Tjernlund wrote:
Sequence:
login into MATE or Plasma suspend to ram wait until krbtgt expires wakeup computer unlock screen klist will show the old expired ticket.
lock/unlock screen again(well after networking is up) klist still shows the old ticket.
No SSO/NFS possible until manually doing a kinit to get a fresh ticket
Anyone else see this?
Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Thu, May 18, 2017 at 11:40:18AM -0400, Striker Leggette wrote:
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server.
Can you paste your sssd.conf also?
In addition, one more question: - when you unlock after wakeup, is the Kerberos server reachable or do you e.g. first need to connect to a VPN to be able to reach the server?
On 05/18/2017 10:58 AM, Joakim Tjernlund wrote:
Sequence:
login into MATE or Plasma suspend to ram wait until krbtgt expires wakeup computer unlock screen klist will show the old expired ticket.
lock/unlock screen again(well after networking is up) klist still shows the old ticket.
No SSO/NFS possible until manually doing a kinit to get a fresh ticket
Anyone else see this?
Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. Can you paste your sssd.conf also?
I not using a VPN, local ethernet (got wifi too bu in this case eth is connected)
[sssd] config_file_version = 2 domains = infinera.com services = nss, pam debug_level = 0xffff
[nss] fallback_homedir = /home/%u default_shell = /bin/bash debug_level = 0xffff enum_cache_timeout = 3600 entry_negative_timeout = 300
[pam] debug_level = 0xffff
[domain/infinera.com] #debug_level = 0xffff
ignore_group_members = false ldap_id_mapping = false cache_credentials = true enumerate = false ldap_enumeration_refresh_timeout = 1800 entry_cache_timeout = 3600 refresh_expired_interval = 2700
id_provider = ad auth_provider = ad access_provider = permit chpass_provider = ad
ad_server = se-dc01.infinera.com,se-dc02.infinera.com ad_backup_server = sv-dc01.infinera.com,sv-dc02.infinera.com
dyndns_iface = vpn0, wlan0, eth0 dyndns_update = true dyndns_refresh_interval = 600 dyndns_update_ptr = true dyndns_ttl = 3600 case_sensitive = false
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
krb5_realm = INFINERA.COM krb5_canonicalize = true krb5_store_password_if_offline = true krb5_use_kdcinfo = False krb5_renewable_lifetime = 7d krb5_lifetime = 24h krb5_renew_interval = 4h
Here is an excerpt from the log:
(Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_ptask_execute] (0x0400): Back end is offline (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_ptask_execute] (0x0400): Task [Check if online (periodic)]: executing task, timeout 60 seconds (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_reset_services] (0x1000): Resetting all servers in all services (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): DP Request [Online Check #48]: New request. Flags [0000]. (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'se-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_ptask_done] (0x0400): Task [Check if online (periodic)]: finished successfully (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 84 seconds from last execution time [1495189632] (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_ptask_execute] (0x0400): Back end is offline (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Refresh Records]: scheduling task 2700 seconds from now [1495192248] (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (se-dc01.infinera.com), resolver returned [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'se-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'se-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-dc02.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (se-dc02.infinera.com), resolver returned [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc01.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (sv-dc01.infinera.com), resolver returned [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (sv-dc02.infinera.com), resolver returned [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_req_done] (0x0400): DP Request [Online Check #48]: Request handler finished [0]: Success (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [_dp_req_recv] (0x0400): DP Request [Online Check #48]: Receiving request data. (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): DP Request [Online Check #48]: Request removed. (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_check_online_done] (0x0400): Error during online check [0]: Success (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_reset_services] (0x1000): Resetting all servers in all services (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [reactivate_subdoms] (0x1000): Resetting all subdomains (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain transmode.se is Active (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain transmode.se is Active (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [Check if online (periodic)]: disabling task (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4294967295] (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): DP Request [Account #49]: New request. Flags [0x0001]. (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'se-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (se-dc01.infinera.com), resolver returned [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'se-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'se-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-dc02.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (se-dc02.infinera.com), resolver returned [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc01.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc01.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (sv-dc01.infinera.com), resolver returned [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'neutral' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'resolving name' (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc02.infinera.com' in files (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in DNS (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers
....
On 05/18/2017 10:58 AM, Joakim Tjernlund wrote:
Sequence:
login into MATE or Plasma suspend to ram wait until krbtgt expires wakeup computer unlock screen klist will show the old expired ticket.
lock/unlock screen again(well after networking is up) klist still shows the old ticket.
No SSO/NFS possible until manually doing a kinit to get a fresh ticket
Anyone else see this?
Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On (19/05/17 10:37), Joakim Tjernlund wrote:
On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. Can you paste your sssd.conf also?
I not using a VPN, local ethernet (got wifi too bu in this case eth is connected)
And log file says there are problem with resolution of DNS names.
e.g. [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers
Therefore sssd works in offline mode and therefore cannot renew a ticket.
LS
[sssd] config_file_version = 2 domains = infinera.com services = nss, pam debug_level = 0xffff
[nss] fallback_homedir = /home/%u default_shell = /bin/bash debug_level = 0xffff enum_cache_timeout = 3600 entry_negative_timeout = 300
[pam] debug_level = 0xffff
[domain/infinera.com] #debug_level = 0xffff
ignore_group_members = false ldap_id_mapping = false cache_credentials = true enumerate = false ldap_enumeration_refresh_timeout = 1800 entry_cache_timeout = 3600 refresh_expired_interval = 2700
id_provider = ad auth_provider = ad access_provider = permit chpass_provider = ad
ad_server = se-dc01.infinera.com,se-dc02.infinera.com ad_backup_server = sv-dc01.infinera.com,sv-dc02.infinera.com
dyndns_iface = vpn0, wlan0, eth0 dyndns_update = true dyndns_refresh_interval = 600 dyndns_update_ptr = true dyndns_ttl = 3600 case_sensitive = false
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
krb5_realm = INFINERA.COM krb5_canonicalize = true krb5_store_password_if_offline = true krb5_use_kdcinfo = False krb5_renewable_lifetime = 7d krb5_lifetime = 24h krb5_renew_interval = 4h
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
On (19/05/17 10:37), Joakim Tjernlund wrote:
On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. Can you paste your sssd.conf also?
I not using a VPN, local ethernet (got wifi too bu in this case eth is connected)
And log file says there are problem with resolution of DNS names.
e.g. [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers
Therefore sssd works in offline mode and therefore cannot renew a ticket.
ping and nslookup work fine, I just did a new lock unlock and this is the log from this that action. I still did not get a new ticket.
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_execute] (0x0400): Back end is offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_execute] (0x0400): Task [Check if online (periodic)]: executing task, timeout 60 seconds (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_reset_services] (0x1000): Resetting all servers in all services (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): DP Request [Online Check #131]: New request. Flags [0000]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'se-dc01.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_done] (0x0400): Task [Check if online (periodic)]: finished successfully (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 69 seconds from last execution time [1495193157] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server se-dc01.infinera.com: [10.210.34.21] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://se-dc01.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://se-dc01.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://se-dc01.infinera.com:389/??base] with fd [23]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_parse_entry] (0x1000): OriginalDN: []. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, SE-JOCKE-LX$, INFINERA.COM, 86400) (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service AD (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server se-dc01.infinera.com: [10.210.34.21] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT... (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 48 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15426]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15426] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_INFINERA.COM], expired on [1495229088] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_cli_auth_step] (0x1000): the connection will expire at 1495193988 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: SE-JOCKE-LX$ (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_cli_connect_recv] (0x0400): Connection established. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [dp_req_done] (0x0400): DP Request [Online Check #131]: Request handler finished [0]: Success (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [_dp_req_recv] (0x0400): DP Request [Online Check #131]: Receiving request data. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): DP Request [Online Check #131]: Request removed. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_check_online_done] (0x0400): Error during online check [0]: Success (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_reset_services] (0x1000): Resetting all servers in all services (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [reactivate_subdoms] (0x1000): Resetting all subdomains (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain transmode.se is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain transmode.se is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [Check if online (periodic)]: disabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_online_cb] (0x0400): Back end is online (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0400): Task [Subdomains Refresh]: enabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Subdomains Refresh]: scheduling task 0 seconds from now [1495193088] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_execute] (0x0400): Task [Subdomains Refresh]: executing task, timeout 14400 seconds (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'se-dc01.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-dc01.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server se-dc01.infinera.com: [10.210.34.21] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://se-dc01.infinera.com:389/??base] with fd [23]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_parse_entry] (0x1000): OriginalDN: []. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, SE-JOCKE-LX$, INFINERA.COM, 86400) (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service AD (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server se-dc01.infinera.com: [10.210.34.21] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT... (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 48 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15427]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15427] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_INFINERA.COM], expired on [1495229088] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_cli_auth_step] (0x1000): the connection will expire at 1495193988 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: SE-JOCKE-LX$ (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_cli_connect_recv] (0x0400): Connection established. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc01.infinera.com' as 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=domain][DC=infinera,DC=com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_parse_entry] (0x1000): OriginalDN: [DC=infinera,DC=com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_master_domain_next_done] (0x0400): Found SID [S-1-5-21-1757981266-1085031214-682003330]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=infinera.com)(NtVer=\14\00\00\00))][]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [netlogon] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_parse_entry] (0x1000): OriginalDN: []. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_master_domain_netlogon_done] (0x0400): Found flat name [INFINERA]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_master_domain_netlogon_done] (0x0400): Found site [Sweden]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_master_domain_netlogon_done] (0x0400): Found forest [infinera.com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_search_bases_ex_next_base] (0x0400): Issuing LDAP lookup with base [DC=infinera,DC=com] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=trustedDomain)(trustType=2)(!(msDS-TrustForestTrustInfo=*)))][DC=infinera,DC=com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [flatName] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustPartner] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [securityIdentifier] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustType] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustAttributes] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://DomainDnsZones.infinera.com/DC=DomainDnsZones,DC=infinera,DC=com (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://ForestDnsZones.infinera.com/DC=ForestDnsZones,DC=infinera,DC=com (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://infinera.com/CN=Configuration,DC=infinera,DC=com (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [DC=infinera,DC=com] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain transmode.se is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_get_slave_domain_done] (0x1000): There are no changes (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_subdomains_refresh_done] (0x0400): Subdomains refreshed. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_done] (0x0400): Task [Subdomains Refresh]: finished successfully (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Subdomains Refresh]: scheduling task 14400 seconds from last execution time [1495207488] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_handler] (0x1000): Adding new renew timer. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_send] (0x1000): Wait queue of user [jocke@infinera.com] is empty, running request [0xefec10] immediately. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server se-dc01.infinera.com: [10.210.34.21] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15428]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15428] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc01.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc01.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'se-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'se-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-dc02.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'se-dc02.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server se-dc02.infinera.com: [10.210.34.22] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://se-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://se-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15429]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15429] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'se-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'se-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc01.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc01.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc01.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc01.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server sv-dc01.infinera.com: [10.100.98.21] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://sv-dc01.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://sv-dc01.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15430]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15430] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc01.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc01.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server sv-dc02.infinera.com: [10.100.98.22] TTL 3600 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_primary_server_timeout_activate] (0x0400): The primary server reconnection is already scheduled (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [authenticate_stored_users] (0x0020): User [jocke@infinera.com] is still logged in, trying online authentication. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15431]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15431] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_send] (0x1000): Request [0xefd900] successfully added to wait queue of user [jocke@infinera.com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_mark_dom_offline] (0x1000): Marking back end offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 81 seconds from now [1495193169] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x0020): message too short. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_done] (0x0040): Could not parse child response [22]: Invalid argument (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_done] (0x0040): krb5_auth_recv failed with: 22 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0020): krb5_auth request failed. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0200): Giving back pam data. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15432]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0020): child [15432] failed with status [255]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_mark_dom_offline] (0x1000): Marking back end offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0080): Task [Check if online (periodic)]: already enabled (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x1000): child response [0][3][33]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sysdb_set_entry_attr] (0x0200): Entry [name=jocke@infinera.com,cn=users,cn=infinera.com,cn=sysdb] has set [ts_cache] attrs. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sysdb_cache_auth] (0x0100): Hashes do match! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [check_wait_queue] (0x1000): Wait queue for user [jocke@infinera.com] is empty. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_finish] (0x1000): krb5_auth_queue request [0xefd900] done. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [authenticate_user_done] (0x0020): Failed to authenticate user [jocke@infinera.com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15433]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15433] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_online_cb] (0x0400): Back end is online (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0400): Task [AD machine account password renewal]: enabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [AD machine account password renewal]: scheduling task 0 seconds from now [1495193088] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_execute] (0x0400): Back end is offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [AD machine account password renewal]: disabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_offline_cb] (0x0400): Back end is offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [Subdomains Refresh]: disabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_offline_cb] (0x0400): Back end is offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [Subdomains Refresh]: disabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_timer_schedule] (0x0200): Timer already scheduled (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_dyndns_update_send] (0x0400): Performing update (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_iface_addr_list_get] (0x0400): No IPs usable for DNS was found for interface: vpn0. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_ifaces_addrs] (0x0400): Cannot get interface vpn0 or there are no addresses bind to it. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_iface_addr_list_get] (0x0400): No IPs usable for DNS was found for interface: wlan0. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_ifaces_addrs] (0x0400): Cannot get interface wlan0 or there are no addresses bind to it. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_iface_addr_list_get] (0x0400): No IPs usable for DNS was found for interface: usb0. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_ifaces_addrs] (0x0400): Cannot get interface usb0 or there are no addresses bind to it. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [check_ipv6_addr] (0x0200): Link local IPv6 address fe80::ac13:5f50:a098:9f8c (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'se-jocke-lx.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record of 'se-jocke-lx.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.INFINERA.COM], [2][No such file or directory] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.INFINERA.COM], [2][No such file or directory] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_msg_create_common] (0x0200): Creating update message for auto-discovered realm. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_create_fwd_msg] (0x0400): -- Begin nsupdate message --
update delete se-jocke-lx.infinera.com. in A update add se-jocke-lx.infinera.com. 3600 in A 10.210.73.109 send update delete se-jocke-lx.infinera.com. in AAAA send -- End nsupdate message -- (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.INFINERA.COM], [2][No such file or directory] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.INFINERA.COM], [2][No such file or directory] Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52265 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;se-jocke-lx.infinera.com. IN SOA
;; AUTHORITY SECTION: infinera.com. 3600 IN SOA se-dc01.infinera.com. admin. 27243814 900 600 86400 900
;; ADDITIONAL SECTION: se-dc01.infinera.com. 3600 IN A 10.210.34.21
Found zone name: infinera.com The master is: se-dc01.infinera.com start_gssrequest Found realm from ticket: INFINERA.COM send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36208 ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;870629040.sig-se-dc01.infinera.com. ANY TKEY
;; ANSWER SECTION: 870629040.sig-se-dc01.infinera.com. 0 ANY TKEY gss-tsig. 1495193088 1495279488 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv0FGA/M5B/xj+ RV8DiIMdgPkwGh4ngeoKiDJOjxTKqowytSK4oEZCYuUx39ymtK+aBnCX HoTYQQ8sN7jpQAeD4bVTtwHrJ38veHpagx1GyDhwH2GX1GUVjluahREf Gv2+CvjkZYleeVlAV7GdBcHg 0
;; TSIG PSEUDOSECTION: 870629040.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 36000 28 BAQF//////8AAAAAYpIlwXuOBw0Zp1GyxDCywA== 36208 NOERROR 0
Sending update to 10.210.34.21#53 ; TSIG error with server: tsig verify failure
Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 45804 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1 ;; ZONE SECTION: ;infinera.com. IN SOA
;; UPDATE SECTION: se-jocke-lx.infinera.com. 0 ANY A se-jocke-lx.infinera.com. 3600 IN A 10.210.73.109
;; TSIG PSEUDOSECTION: 870629040.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 300 28 BAQE//////8AAAAABZaCFl5w3ffemUPeLI5+hQ== 45804 NOERROR 0
Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18100 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;se-jocke-lx.infinera.com. IN SOA
;; AUTHORITY SECTION: infinera.com. 3600 IN SOA se-dc01.infinera.com. admin. 27243814 900 600 86400 900
;; ADDITIONAL SECTION: se-dc01.infinera.com. 3600 IN A 10.210.34.21
Found zone name: infinera.com The master is: se-dc01.infinera.com start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22761 ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;360959771.sig-se-dc01.infinera.com. ANY TKEY
;; ANSWER SECTION: 360959771.sig-se-dc01.infinera.com. 0 ANY TKEY gss-tsig. 1495193088 1495279488 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvSDg1c4Ec9goA 8+KiUbtMwIs/rjAlcX46JrxAEALsUgFM1Qes70qxEo52C/OlJCjfPZcc Eb1hV7aANm/GW9J6cJT0yWY+j/pwAnJqhPx3S7ApgKZthloK3RtX0CVm W02SeUUGDkcsgMKAkSHAiM2z 0
;; TSIG PSEUDOSECTION: 360959771.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 36000 28 BAQF//////8AAAAAYpIl0ZVBt3aVkg/A2Vsi+w== 22761 NOERROR 0
Sending update to 10.210.34.21#53 ; TSIG error with server: tsig verify failure
Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 63431 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;infinera.com. IN SOA
;; UPDATE SECTION: se-jocke-lx.infinera.com. 0 ANY AAAA
;; TSIG PSEUDOSECTION: 360959771.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 300 28 BAQE//////8AAAAAGZBT9UOJMzU6grSsHypr/A== 63431 NOERROR 0
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15434]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0020): child [15434] failed with status [2]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158238]: Dynamic DNS update failed (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_msg_create_common] (0x0200): Creating update message for realm [INFINERA.COM]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_create_fwd_msg] (0x0400): -- Begin nsupdate message -- realm INFINERA.COM update delete se-jocke-lx.infinera.com. in A update add se-jocke-lx.infinera.com. 3600 in A 10.210.73.109 send update delete se-jocke-lx.infinera.com. in AAAA send -- End nsupdate message -- (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_online_cb] (0x0400): The AD provider is online Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25429 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;se-jocke-lx.infinera.com. IN SOA
;; AUTHORITY SECTION: infinera.com. 3600 IN SOA se-dc01.infinera.com. admin. 27243814 900 600 86400 900
;; ADDITIONAL SECTION: se-dc01.infinera.com. 3600 IN A 10.210.34.21
Found zone name: infinera.com The master is: se-dc01.infinera.com start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44745 ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;1011211137.sig-se-dc01.infinera.com. ANY TKEY
;; ANSWER SECTION: 1011211137.sig-se-dc01.infinera.com. 0 ANY TKEY gss-tsig. 1495193088 1495279488 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvoL0XO7OfcGg1 qGCBD9XEcTMsqLRftrY8b5W5Rw5S4pFC2jWHUhM47ySacg2bdwDZURwd 5dp+5M8hJfU7K7wHhgtloPW2OyWQ5VRjqbDTccW8mmwsSOG4CprYA5Rj 8RjZSkKYfhyTnB/7F2AKn93h 0
;; TSIG PSEUDOSECTION: 1011211137.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 36000 28 BAQF//////8AAAAAYpRHAXP82gJvJvBcfjz7Kw== 44745 NOERROR 0
Sending update to 10.210.34.21#53 ; TSIG error with server: tsig verify failure
Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 26388 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1 ;; ZONE SECTION: ;infinera.com. IN SOA
;; UPDATE SECTION: se-jocke-lx.infinera.com. 0 ANY A se-jocke-lx.infinera.com. 3600 IN A 10.210.73.109
;; TSIG PSEUDOSECTION: 1011211137.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 300 28 BAQE//////8AAAAAEtBiksI+/zxPqqywdYEWzg== 26388 NOERROR 0
Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12218 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;se-jocke-lx.infinera.com. IN SOA
;; AUTHORITY SECTION: infinera.com. 3600 IN SOA se-dc01.infinera.com. admin. 27243814 900 600 86400 900
;; ADDITIONAL SECTION: se-dc01.infinera.com. 3600 IN A 10.210.34.21
Found zone name: infinera.com The master is: se-dc01.infinera.com start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33787 ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;3035863943.sig-se-dc01.infinera.com. ANY TKEY
;; ANSWER SECTION: 3035863943.sig-se-dc01.infinera.com. 0 ANY TKEY gss-tsig. 1495193088 1495279488 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvxwrrR0t0EHDe EAp8AeSlsbDEkK+8lTCiV2s0mk7TKthCj8qXMlNEtU0zjQupyQGyetr0 WrpezIsuWK306j9MlSGRfrs6n1u+SIRE3LTgOYzs5Y8RRXinepKDTO65 OuTHgSgFIiuzO4ZA2tZNjAPU 0
;; TSIG PSEUDOSECTION: 3035863943.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 36000 28 BAQF//////8AAAAAYpbmsc7pgA3DFHIFkstdEg== 33787 NOERROR 0
Sending update to 10.210.34.21#53 ; TSIG error with server: tsig verify failure
Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52270 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;infinera.com. IN SOA
;; UPDATE SECTION: se-jocke-lx.infinera.com. 0 ANY AAAA
;; TSIG PSEUDOSECTION: 3035863943.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 300 28 BAQE//////8AAAAAE+xD9trKPQtN08xgRRnIoQ== 52270 NOERROR 0
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15438]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0020): child [15438] failed with status [2]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158238]: Dynamic DNS update failed (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_msg_create_common] (0x0200): Creating update message for realm [INFINERA.COM]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_create_ptr_msg] (0x0400): -- Begin nsupdate message -- realm INFINERA.COM update delete 109.73.210.10.in-addr.arpa. in PTR send -- End nsupdate message -- (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_offline_cb] (0x0400): Back end is offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [AD machine account password renewal]: disabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_offline_cb] (0x0400): Back end is offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [AD machine account password renewal]: disabling task Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33426 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;109.73.210.10.in-addr.arpa. IN SOA
;; AUTHORITY SECTION: 73.210.10.in-addr.arpa. 3600 IN SOA se-dc01.infinera.com. hostmaster.infinera.com. 285432 900 600 86400 3600
;; ADDITIONAL SECTION: se-dc01.infinera.com. 3600 IN A 10.210.34.21
Found zone name: 73.210.10.in-addr.arpa The master is: se-dc01.infinera.com start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7289 ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;1201552791.sig-se-dc01.infinera.com. ANY TKEY
;; ANSWER SECTION: 1201552791.sig-se-dc01.infinera.com. 0 ANY TKEY gss-tsig. 1495193088 1495279488 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvSfJhPq1SiUbO stJ1+S1edK+UiJJTDUzoqi+WQMZmG4s1djYR9wO2M3bk/nieVQ80Rvo8 EnFVv/KHToLyW5ueIIbLZdK79AiBurVuXT3FMiie3Z+7qebO4Q4Z40n/ x18QGFUbNmwNvTHgkjtDQv2H 0
;; TSIG PSEUDOSECTION: 1201552791.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 36000 28 BAQF//////8AAAAAYpsJoeEnYSa7CnwniyDx+A== 7289 NOERROR 0
Sending update to 10.210.34.21#53 ; TSIG error with server: tsig verify failure
Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 14368 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;73.210.10.in-addr.arpa. IN SOA
;; UPDATE SECTION: 109.73.210.10.in-addr.arpa. 0 ANY PTR
;; TSIG PSEUDOSECTION: 1201552791.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 300 28 BAQE//////8AAAAABU1Olw2VniNzDsssAcdXjg== 14368 NOERROR 0
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15442]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0020): child [15442] failed with status [2]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158238]: Dynamic DNS update failed (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_msg_create_common] (0x0200): Creating update message for auto-discovered realm. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_create_ptr_msg] (0x0400): -- Begin nsupdate message --
update add 109.73.210.10.in-addr.arpa. 3600 in PTR se-jocke-lx.infinera.com. send -- End nsupdate message -- (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 180 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;109.73.210.10.in-addr.arpa. IN SOA
;; AUTHORITY SECTION: 73.210.10.in-addr.arpa. 3600 IN SOA se-dc01.infinera.com. hostmaster.infinera.com. 285433 900 600 86400 3600
;; ADDITIONAL SECTION: se-dc01.infinera.com. 3600 IN A 10.210.34.21
Found zone name: 73.210.10.in-addr.arpa The master is: se-dc01.infinera.com start_gssrequest Found realm from ticket: INFINERA.COM send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7473 ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;4265557268.sig-se-dc01.infinera.com. ANY TKEY
;; ANSWER SECTION: 4265557268.sig-se-dc01.infinera.com. 0 ANY TKEY gss-tsig. 1495193088 1495279488 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvViYj+9b4zaYv TaxtEeImHGuLwaY4Jab8OSwkW4q2S1hfdP/q7fUqybVVj7TcHJRSS3Sx C/vwBV6Ifzr+A0esoi3stjSYf8JAtzktQGRAmpqBnBNb5dmFYYwmjkk9 Z4sqFPZHMs8VCKNP6Vtskgfy 0
;; TSIG PSEUDOSECTION: 4265557268.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 36000 28 BAQF//////8AAAAAYp/K8Vr8Qf6B21mhvGlryg== 7473 NOERROR 0
Sending update to 10.210.34.21#53 ; TSIG error with server: tsig verify failure
Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 19383 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;73.210.10.in-addr.arpa. IN SOA
;; UPDATE SECTION: 109.73.210.10.in-addr.arpa. 3600 IN PTR se-jocke-lx.infinera.com.
;; TSIG PSEUDOSECTION: 4265557268.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 300 28 BAQE//////8AAAAAEBlc6bn1tBhS59ipBq7ULg== 19383 NOERROR 0
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15446]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0020): child [15446] failed with status [2]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158238]: Dynamic DNS update failed (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sdap_dyndns_update_ptr_done] (0x0080): nsupdate failed, retrying (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_msg_create_common] (0x0200): Creating update message for realm [INFINERA.COM]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_create_ptr_msg] (0x0400): -- Begin nsupdate message -- realm INFINERA.COM update add 109.73.210.10.in-addr.arpa. 3600 in PTR se-jocke-lx.infinera.com. send -- End nsupdate message -- (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_args] (0x0200): nsupdate auth type: GSS-TSIG Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14821 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;109.73.210.10.in-addr.arpa. IN SOA
;; AUTHORITY SECTION: 73.210.10.in-addr.arpa. 3600 IN SOA se-dc01.infinera.com. hostmaster.infinera.com. 285434 900 600 86400 3600
;; ADDITIONAL SECTION: se-dc01.infinera.com. 3600 IN A 10.210.34.21
Found zone name: 73.210.10.in-addr.arpa The master is: se-dc01.infinera.com start_gssrequest send_gssrequest recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25752 ;; flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;4264939891.sig-se-dc01.infinera.com. ANY TKEY
;; ANSWER SECTION: 4264939891.sig-se-dc01.infinera.com. 0 ANY TKEY gss-tsig. 1495193088 1495279488 3 NOERROR 186 oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIB AgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvg+o5A/Pj0Fk7 nut14COTBH2nzGOqAZWI9Kdy4/QmCxUebLIEYTdWYv7enRPp30xL3sIi 3jfV1ozjPlqKKjp7SdqTWcSRRIea6wpG+HyJxWfuGJx849GCfTQN1iwa ag02etfgBqpDiESRMwRX8iFH 0
;; TSIG PSEUDOSECTION: 4264939891.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 36000 28 BAQF//////8AAAAAYqBse8ZyUILYfmkbZu5WQA== 25752 NOERROR 0
Sending update to 10.210.34.21#53 ; TSIG error with server: tsig verify failure
Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52865 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;73.210.10.in-addr.arpa. IN SOA
;; UPDATE SECTION: 109.73.210.10.in-addr.arpa. 3600 IN PTR se-jocke-lx.infinera.com.
;; TSIG PSEUDOSECTION: 4264939891.sig-se-dc01.infinera.com. 0 ANY TSIG gss-tsig. 1495193088 300 28 BAQE//////8AAAAAPhK3MrTsvTr7J4VxMmkTiw== 52865 NOERROR 0
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15450]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0020): child [15450] failed with status [2]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158238]: Dynamic DNS update failed (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=jocke@infinera.com] (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): DP Request [Initgroups #132]: New request. Flags [0x0001]. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [_dp_req_recv] (0x0400): DP Request [Initgroups #132]: Receiving request data. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_reply_gen_error] (0x0080): DP Request [Initgroups #132]: Finished. Backend is currently offline. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::infinera.com:name=jocke@infinera.com] from reply table (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): DP Request [Initgroups #132]: Request removed. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_pam_handler] (0x0100): Got request with the following data (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): domain: infinera.com (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): user: jocke@infinera.com (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): service: mate-screensaver (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): tty: :0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): ruser: (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): rhost: (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): authtok type: 1 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): priv: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): cli_pid: 15407 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): logon name: not set (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): DP Request [PAM Authenticate #133]: New request. Flags [0000]. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_send] (0x1000): Wait queue of user [jocke@infinera.com] is empty, running request [0xefba00] immediately. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'not working' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_mark_dom_offline] (0x1000): Marking back end offline (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0080): Task [Check if online (periodic)]: already enabled (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15454]. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15454] finished successfully. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x1000): child response [0][3][33]. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [sysdb_set_entry_attr] (0x0200): Entry [name=jocke@infinera.com,cn=users,cn=infinera.com,cn=sysdb] has set [ts_cache] attrs. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [sysdb_cache_auth] (0x0100): Hashes do match! (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [check_wait_queue] (0x1000): Wait queue for user [jocke@infinera.com] is empty. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0xefba00] done. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_done] (0x0400): DP Request [PAM Authenticate #133]: Request handler finished [0]: Success (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #133]: Receiving request data. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #133]: Request removed. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_method_enabled] (0x0400): Target selinux is not configured (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_pam_reply] (0x1000): DP Request [PAM Authenticate #133]: Sending result [9][infinera.com] (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=jocke@infinera.com] (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): DP Request [Initgroups #134]: New request. Flags [0x0001]. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [_dp_req_recv] (0x0400): DP Request [Initgroups #134]: Receiving request data. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_reply_gen_error] (0x0080): DP Request [Initgroups #134]: Finished. Backend is currently offline. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::infinera.com:name=jocke@infinera.com] from reply table (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): DP Request [Initgroups #134]: Request removed. (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_pam_handler] (0x0100): Got request with the following data (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): command: SSS_PAM_SETCRED (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): domain: infinera.com (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): user: jocke@infinera.com (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): service: mate-screensaver (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): tty: :0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): ruser: (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): rhost: (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): authtok type: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): priv: 0 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): cli_pid: 15407 (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [pam_print_data] (0x0100): logon name: not set (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [dp_pam_reply] (0x1000): DP Request [PAM Set Credentials]: Sending result [0][infinera.com] (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_ptask_offline_cb] (0x0400): Back end is offline (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [Subdomains Refresh]: disabling task (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.INFINERA.COM], [2][No such file or directory] (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.INFINERA.COM], [2][No such file or directory] (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_ptask_offline_cb] (0x0400): Back end is offline (Fri May 19 13:24:50 2017) [sssd[be[infinera.com]]] [be_ptask_disable] (0x0400): Task [AD machine account password renewal]: disabling task
LS
[sssd] config_file_version = 2 domains = infinera.com services = nss, pam debug_level = 0xffff
[nss] fallback_homedir = /home/%u default_shell = /bin/bash debug_level = 0xffff enum_cache_timeout = 3600 entry_negative_timeout = 300
[pam] debug_level = 0xffff
[domain/infinera.com] #debug_level = 0xffff
ignore_group_members = false ldap_id_mapping = false cache_credentials = true enumerate = false ldap_enumeration_refresh_timeout = 1800 entry_cache_timeout = 3600 refresh_expired_interval = 2700
id_provider = ad auth_provider = ad access_provider = permit chpass_provider = ad
ad_server = se-dc01.infinera.com,se-dc02.infinera.com ad_backup_server = sv-dc01.infinera.com,sv-dc02.infinera.com
dyndns_iface = vpn0, wlan0, eth0 dyndns_update = true dyndns_refresh_interval = 600 dyndns_update_ptr = true dyndns_ttl = 3600 case_sensitive = false
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
krb5_realm = INFINERA.COM krb5_canonicalize = true krb5_store_password_if_offline = true krb5_use_kdcinfo = False krb5_renewable_lifetime = 7d krb5_lifetime = 24h krb5_renew_interval = 4h
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On (19/05/17 11:31), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
On (19/05/17 10:37), Joakim Tjernlund wrote:
On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. Can you paste your sssd.conf also?
I not using a VPN, local ethernet (got wifi too bu in this case eth is connected)
And log file says there are problem with resolution of DNS names.
e.g. [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers
Therefore sssd works in offline mode and therefore cannot renew a ticket.
ping and nslookup work fine, I just did a new lock unlock and this is the log from this that action. I still did not get a new ticket.
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server sv-dc02.infinera.com: [10.100.98.22] TTL 3600
looks like name was properly resolved here
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_primary_server_timeout_activate] (0x0400): The primary server reconnection is already scheduled (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [authenticate_stored_users] (0x0020): User [jocke@infinera.com] is still logged in, trying online authentication.
SSSD tried to authenticate online here.
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15431]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15431] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_send] (0x1000): Request [0xefd900] successfully added to wait queue of user [jocke@infinera.com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_mark_dom_offline] (0x1000): Marking back end offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 81 seconds from now [1495193169] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x0020): message too short. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_done] (0x0040): Could not parse child response [22]: Invalid argument (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_done] (0x0040): krb5_auth_recv failed with: 22 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0020): krb5_auth request failed. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0200): Giving back pam data.
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) Then try to reproduce one more time and provide not only domain log file but also *child log files. Attachments or pastebin are usually better then direct inclusion of log into mail.
LS
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote:
On (19/05/17 11:31), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
On (19/05/17 10:37), Joakim Tjernlund wrote:
On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. Can you paste your sssd.conf also?
I not using a VPN, local ethernet (got wifi too bu in this case eth is connected)
And log file says there are problem with resolution of DNS names.
e.g. [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers
Therefore sssd works in offline mode and therefore cannot renew a ticket.
ping and nslookup work fine, I just did a new lock unlock and this is the log from this that action. I still did not get a new ticket.
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server sv-dc02.infinera.com: [10.100.98.22] TTL 3600
looks like name was properly resolved here
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_primary_server_timeout_activate] (0x0400): The primary server reconnection is already scheduled (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [authenticate_stored_users] (0x0020): User [jocke@infinera.com] is still logged in, trying online authentication.
SSSD tried to authenticate online here.
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15431]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15431] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_send] (0x1000): Request [0xefd900] successfully added to wait queue of user [jocke@infinera.com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_mark_dom_offline] (0x1000): Marking back end offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 81 seconds from now [1495193169] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x0020): message too short. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_done] (0x0040): Could not parse child response [22]: Invalid argument (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_done] (0x0040): krb5_auth_recv failed with: 22 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0020): krb5_auth request failed. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0200): Giving back pam data.
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) Then try to reproduce one more time and provide not only domain log file but also *child log files.
Did that but I did not get a child log file at all.
Attachments or pastebin are usually better then direct inclusion of log into mail.
Sure, will attach next time
On (19/05/17 12:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote:
On (19/05/17 11:31), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
On (19/05/17 10:37), Joakim Tjernlund wrote:
On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. Can you paste your sssd.conf also?
I not using a VPN, local ethernet (got wifi too bu in this case eth is connected)
And log file says there are problem with resolution of DNS names.
e.g. [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'se-dc02.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc01.infinera.com': Could not contact DNS servers [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers
Therefore sssd works in offline mode and therefore cannot renew a ticket.
ping and nslookup work fine, I just did a new lock unlock and this is the log from this that action. I still did not get a new ticket.
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'neutral' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name not resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'resolving name' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'sv-dc02.infinera.com' in files (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'sv-dc02.infinera.com' in DNS (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [set_server_common_status] (0x0100): Marking server 'sv-dc02.infinera.com' as 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_process] (0x0200): Found address for server sv-dc02.infinera.com: [10.100.98.22] TTL 3600
looks like name was properly resolved here
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://sv-dc02.infinera.com' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_primary_server_timeout_activate] (0x0400): The primary server reconnection is already scheduled (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [sss_domain_get_state] (0x1000): Domain infinera.com is Active (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [authenticate_stored_users] (0x0020): User [jocke@infinera.com] is still logged in, trying online authentication.
SSSD tried to authenticate online here.
(Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x1000): Waiting for child [15431]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [child_sig_handler] (0x0100): child [15431] finished successfully. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_send] (0x1000): Request [0xefd900] successfully added to wait queue of user [jocke@infinera.com]. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'sv-dc02.infinera.com' as 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc01.infinera.com' is 'working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'se-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'se-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc01.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc01.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_server_status] (0x1000): Status of server 'sv-dc02.infinera.com' is 'name resolved' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x1000): Port status of port 0 for server 'sv-dc02.infinera.com' is 'not working' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_mark_dom_offline] (0x1000): Marking back end offline (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_enable] (0x0400): Task [Check if online (periodic)]: enabling task (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 81 seconds from now [1495193169] (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x0020): message too short. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_done] (0x0040): Could not parse child response [22]: Invalid argument (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [krb5_auth_queue_done] (0x0040): krb5_auth_recv failed with: 22 (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0020): krb5_auth request failed. (Fri May 19 13:24:48 2017) [sssd[be[infinera.com]]] [renew_tgt_done] (0x0200): Giving back pam data.
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) Then try to reproduce one more time and provide not only domain log file but also *child log files.
Did that but I did not get a child log file at all.
If you can see debug messages from following functions write_pipe_handler read_pipe_handler parse_krb5_child_response Then krb5_child was executed. And there will be non-empty file /var/log/sssd/krb5_child.log.
Attachments or pastebin are usually better then direct inclusion of log into mail.
Sure, will attach next time
Looking forward to new log files :-)
LS
On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote:
On (19/05/17 11:31), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
On (19/05/17 10:37), Joakim Tjernlund wrote:
On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote: > I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. > Can you paste your sssd.conf also?
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) Then try to reproduce one more time and provide not only domain log file but also *child log files.
Did that but I did not get a child log file at all.
If you can see debug messages from following functions write_pipe_handler read_pipe_handler parse_krb5_child_response Then krb5_child was executed. And there will be non-empty file /var/log/sssd/krb5_child.log.
I can see:
se-jocke-lx sssds # grep write_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! se-jocke-lx sssds # grep read_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished se-jocke-lx sssds # grep parse_krb5_child_response * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x1000): child response [0][3][33].
but only these files: ls ./ ../ sssd_infinera.com.log sssd.log sssd_nss.log sssd_pam.log
to start debug logging I did a: # > sss_debuglevel 7 should I do something more?
Attachments or pastebin are usually better then direct inclusion of log into mail.
Sure, will attach next time
Looking forward to new log files :-)
Yes, but ATM I don't have anything new to add :(
On (19/05/17 12:50), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote:
On (19/05/17 11:31), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
On (19/05/17 10:37), Joakim Tjernlund wrote: > On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote: > > I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. > > Can you paste your sssd.conf also? >
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) Then try to reproduce one more time and provide not only domain log file but also *child log files.
Did that but I did not get a child log file at all.
If you can see debug messages from following functions write_pipe_handler read_pipe_handler parse_krb5_child_response Then krb5_child was executed. And there will be non-empty file /var/log/sssd/krb5_child.log.
I can see:
se-jocke-lx sssds # grep write_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! se-jocke-lx sssds # grep read_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished se-jocke-lx sssds # grep parse_krb5_child_response * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x1000): child response [0][3][33].
but only these files: ls ./ ../ sssd_infinera.com.log sssd.log sssd_nss.log sssd_pam.log
to start debug logging I did a: # > sss_debuglevel 7 should I do something more?
That's weird. Is there something in journald from that time
If not then I would recommend to stop sssd; clena log file rm -f /var/log/sssd/* * set debug_level = 9 in domain section * start sssd * reproduce bug
And then there should be *child log files
Please also provide an output of following command rpm -V sssd-common sssd-krb5-common
LS
On Fri, 2017-05-19 at 15:24 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:50), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote:
On (19/05/17 11:31), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote: > On (19/05/17 10:37), Joakim Tjernlund wrote: > > On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote: > > > I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. > > > Can you paste your sssd.conf also?
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) Then try to reproduce one more time and provide not only domain log file but also *child log files.
Did that but I did not get a child log file at all.
If you can see debug messages from following functions write_pipe_handler read_pipe_handler parse_krb5_child_response Then krb5_child was executed. And there will be non-empty file /var/log/sssd/krb5_child.log.
I can see:
se-jocke-lx sssds # grep write_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! se-jocke-lx sssds # grep read_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished se-jocke-lx sssds # grep parse_krb5_child_response * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x1000): child response [0][3][33].
but only these files: ls ./ ../ sssd_infinera.com.log sssd.log sssd_nss.log sssd_pam.log
to start debug logging I did a: # > sss_debuglevel 7 should I do something more?
That's weird. Is there something in journald from that time
If not then I would recommend to stop sssd; clena log file rm -f /var/log/sssd/*
- set debug_level = 9 in domain section
- start sssd
- reproduce bug
And then there should be *child log files
Will do over the week end
Please also provide an output of following command rpm -V sssd-common sssd-krb5-common
That is a bit hard as this is Gentoo :) I have tried both 1.15.2 and git master(using that ATM)
On (19/05/17 14:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 15:24 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:50), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote:
On (19/05/17 11:31), Joakim Tjernlund wrote: > On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote: > > On (19/05/17 10:37), Joakim Tjernlund wrote: > > > On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote: > > > > I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. > > > > Can you paste your sssd.conf also?
But renew failed and sssd went offline.
Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) Then try to reproduce one more time and provide not only domain log file but also *child log files.
Did that but I did not get a child log file at all.
If you can see debug messages from following functions write_pipe_handler read_pipe_handler parse_krb5_child_response Then krb5_child was executed. And there will be non-empty file /var/log/sssd/krb5_child.log.
I can see:
se-jocke-lx sssds # grep write_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! se-jocke-lx sssds # grep read_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished se-jocke-lx sssds # grep parse_krb5_child_response * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x1000): child response [0][3][33].
but only these files: ls ./ ../ sssd_infinera.com.log sssd.log sssd_nss.log sssd_pam.log
to start debug logging I did a: # > sss_debuglevel 7 should I do something more?
That's weird. Is there something in journald from that time
If not then I would recommend to stop sssd; clena log file rm -f /var/log/sssd/*
- set debug_level = 9 in domain section
- start sssd
- reproduce bug
And then there should be *child log files
Will do over the week end
Please also provide an output of following command rpm -V sssd-common sssd-krb5-common
That is a bit hard as this is Gentoo :)
Ahh sorry;
I cannot see 1.15.2 in portage. Which arguments did you pass to configure?
LS
On Fri, 2017-05-19 at 16:34 +0200, Lukas Slebodnik wrote:
On (19/05/17 14:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 15:24 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:50), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:07), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote: > On (19/05/17 11:31), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 10:37), Joakim Tjernlund wrote: > > > > On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote: > > > > > I can understand the first unlock from waking up from sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen. You should be able to see if it is using cached creds or actively trying to parse the domain server. > > > > > Can you paste your sssd.conf also? > > But renew failed and sssd went offline. > > Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*) > Then try to reproduce one more time and provide not only domain log file but > also *child log files.
Did that but I did not get a child log file at all.
If you can see debug messages from following functions write_pipe_handler read_pipe_handler parse_krb5_child_response Then krb5_child was executed. And there will be non-empty file /var/log/sssd/krb5_child.log.
I can see:
se-jocke-lx sssds # grep write_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [write_pipe_handler] (0x0400): All data has been sent! se-jocke-lx sssds # grep read_pipe_handler * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [read_pipe_handler] (0x0400): EOF received, client finished se-jocke-lx sssds # grep parse_krb5_child_response * sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]] [parse_krb5_child_response] (0x1000): child response [0][3][33].
but only these files: ls ./ ../ sssd_infinera.com.log sssd.log sssd_nss.log sssd_pam.log
to start debug logging I did a: # > sss_debuglevel 7 should I do something more?
That's weird. Is there something in journald from that time
If not then I would recommend to stop sssd; clena log file rm -f /var/log/sssd/*
- set debug_level = 9 in domain section
- start sssd
- reproduce bug
And then there should be *child log files
Will do over the week end
Please also provide an output of following command rpm -V sssd-common sssd-krb5-common
That is a bit hard as this is Gentoo :)
Ahh sorry;
I cannot see 1.15.2 in portage. Which arguments did you pass to configure?
Sending the ebuilds I use, made by myself as upstream is lagging behind.
On (19/05/17 14:41), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 16:34 +0200, Lukas Slebodnik wrote:
On (19/05/17 14:07), Joakim Tjernlund wrote:
Will do over the week end
Please also provide an output of following command rpm -V sssd-common sssd-krb5-common
That is a bit hard as this is Gentoo :)
Ahh sorry;
I cannot see 1.15.2 in portage. Which arguments did you pass to configure?
Sending the ebuilds I use, made by myself as upstream is lagging behind.
Logging to journald is not enabled enabled. So I do not think you fwill find anything in journald :-)
sssd is not compiled with non-privileged user therefore it should not cause problems.
We will not be able to move it forward without *child log files.
LS
On Fri, 2017-05-19 at 16:59 +0200, Lukas Slebodnik wrote:
On (19/05/17 14:41), Joakim Tjernlund wrote:
On Fri, 2017-05-19 at 16:34 +0200, Lukas Slebodnik wrote:
On (19/05/17 14:07), Joakim Tjernlund wrote:
Will do over the week end
Please also provide an output of following command rpm -V sssd-common sssd-krb5-common
That is a bit hard as this is Gentoo :)
Ahh sorry;
I cannot see 1.15.2 in portage. Which arguments did you pass to configure?
Sending the ebuilds I use, made by myself as upstream is lagging behind.
Logging to journald is not enabled enabled. So I do not think you fwill find anything in journald :-)
Sure, I am on openrc :)
sssd is not compiled with non-privileged user therefore it should not cause problems.
We will not be able to move it forward without *child log files.
I think I messed up log file handling, possibly by rm -f * while sssd running.
Jocke
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Joakim Tjernlund -
Lukas Slebodnik -
Striker Leggette