On Fri, Jan 03, 2014 at 12:29:11PM +0100, Jakub Hrozek wrote: > On Thu, Jan 02, 2014 at 08:06:31PM +0000, Andrew Holway wrote: > > /var/log/sssd/* > > this is using bob@host (prattle.com is the windows domain) > > https://gist.github.com/anonymous/ff817a251948ff58bdb1 > > > > this is using b...@prattle.com@host (prattle.com is the windows domain) > > Thanks, these logs have somewhat more info than those in the other > thread. > > It seems that Winbind on the IPA server has trouble talking to the AD > server: > > (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [fo_set_port_status] > (0x0100): Marking port 0 of server 'ipa.wibble.com' as 'working' > (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] > [set_server_common_status] (0x0100): Marking server 'ipa.wibble.com' as > 'working' > (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [ipa_s2n_get_user_done] > (0x0040): s2n exop request failed. > > (The s2n exop does a special LDAP call to IPA which in turn calls > winbind on the server). > > To generate the winbind logs on the server, can you do 'smbcontrol winbindd > debug 100', then request the trusted user. The winbind logs would be at > /var/log/samba/log.w* > > I'd advise to restart SSSD on the client before the test to get rid of > the negative cache and make sure the request actually hits the server. >
Oh and after you gather the info, you should also re-set the debug logs back: smbcontrol winbindd debug 1 Running with a verbose log level would flood your disk soon. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
