On Tue, Jan 07, 2014 at 12:00:56AM +0200, Genadi Postrilko wrote: > sssd_example.com.log after changing the debug level: > https://gist.github.com/anonymous/8290381#file-sssd_example-com-log
This info from the log: (Mon Jan 6 13:23:11 2014) [sssd[be[example.com]]] [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Operations error(1), (null) (Mon Jan 6 13:23:11 2014) [sssd[be[example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed Plus the wbinfo output below indicates that you are seeing a similar kind of error as the user in thread called "AD - Freeipa trust confusion". Would you mind getting the same debug information on the IPA server? In short, set "smbcontrol winbindd debug 10", run the testcase, then revert the debug level. Feel free to chek the other thread for some more details on debugging.. > > [genadi@ipaserver root]$ wbinfo -u > (no output) > > [genadi@ipaserver root]$ wbinfo -g > admins > editors > default smb group > ad_users > ad_admins > > [genadi@ipaserver root]$ wbinfo --trusted-domains > BUILTIN > EXAMPLE > ADDC > > [genadi@ipaserver root]$ wbinfo -i Administrator > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user Administrator > > [genadi@ipaserver root]$ wbinfo --domain-info ADDC.COM > Name : ADDC > Alt_Name : addc.com > SID : S-1-5-21-33789592-1708006097-2663368750 > Active Directory : No > Native : No > Primary : No > > > > > > 2014/1/6 Jakub Hrozek <jhro...@redhat.com> > > > On Fri, Jan 03, 2014 at 07:29:54PM +0200, Genadi Postrilko wrote: > > > Here are the other logs as well (ldap_child.log, sssd_pac.log, > > > sssd_ssh.log). > > > > > > https://gist.github.com/anonymous/8242061 > > > > > > I attempted to log in (as administra...@addc.com) at 9:04. > > > > > > Thanks for the help. > > > > > > > You need the *domain* log. According to the logs, your domain is called > > example.com, do you need to put debug_level=6 (or higher, but 6 should > > be enough) to the section called [domain/example.com] in sssd.conf, > > restart sssd, attempt the login and then attach > > /var/log/sssd/sssd_example.com.log > > > > Given that SSSD is complaining about not being able to find the user, I > > suspect a similar problem as in the other thread, that is, Winbind on > > the server not being able to talk to the AD. Does "wbinfo -u $user" work > > on the server? > > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
