Am Wed, Jun 30, 2021 at 12:13:54PM +0200 schrieb Ronald Wimmer via FreeIPA-users: > Today I set up an IPA test web application in our IPA test environment. I > figured out that my AD user was resolved but the user of my colleague was > not. (getent passwd userA/userB) > > I stopped SSSD, cleared the cache with 'rm -rf /var/lib/sss/db/*' and > started SSSD again. After that I could not resolve any AD user. The sssd > logs showed an Network I/O error: > > ==> /var/log/sssd/sssd_ipatest.mydomain.at.log <== > (2021-06-30 11:46:14): [be[ipatest.mydomain.at]] [ipa_s2n_exop_done] > (0x0040): ldap_extended_operation result: Operations error(1), Failed to > handle the request. > . > (2021-06-30 11:46:14): [be[ipatest.mydomain.at]] [ipa_s2n_exop_done] > (0x0040): ldap_extended_operation failed, server logs might contain more > details.
Hi, you should check on the IPA servers if the users and all the group-memberships can be resolved properly, i.e. 'id aduser@AD.DOMAIN' should display the user and all its groups with both name and ID. If some groups are only listed by GID you should check why the IPA server cannot resolve the name. HTH bye, Sumit > (2021-06-30 11:46:14): [be[ipatest.mydomain.at]] [ipa_s2n_get_user_done] > (0x0040): s2n exop request failed. > (2021-06-30 11:46:14): [be[ipatest.mydomain.at]] > [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: > [1432158230]: Network I/O Error. > > ==> /var/log/sssd/sssd_nss.log <== > (2021-06-30 11:46:14): [nss] [cache_req_common_process_dp_reply] (0x0040): > CR #197: Data Provider Error: 3, 1432158230, Network I/O Error > (2021-06-30 11:46:14): [nss] [cache_req_common_process_dp_reply] (0x0400): > CR #197: Due to an error we will return cached data > (2021-06-30 11:46:14): [nss] [cache_req_search_cache] (0x0400): CR #197: > Looking up [aduser...@org.mydomain.at] in cache > (2021-06-30 11:46:14): [nss] [cache_req_search_cache] (0x0400): CR #197: > Object [aduser...@org.mydomain.at] was not found in cache > (2021-06-30 11:46:14): [nss] [cache_req_process_result] (0x0400): CR #197: > Finished: Not found > (2021-06-30 11:46:14): [nss] [client_recv] (0x0200): Client disconnected! > > What the hell is going on here? Any hints would be highly appreciated! > > Cheers, > Ronald > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
