On 06/25/2015 05:44 PM, Sumit Bose wrote: > On Thu, Jun 25, 2015 at 04:29:37PM +0200, Giorgio Biacchi wrote: >> On 06/25/2015 02:10 PM, Sumit Bose wrote: >>> On Thu, Jun 25, 2015 at 01:06:22PM +0200, Giorgio Biacchi wrote: >>>> On 06/25/2015 12:56 PM, Sumit Bose wrote: >>>>> On Thu, Jun 25, 2015 at 12:22:16PM +0200, Giorgio Biacchi wrote: >>>>>> On 06/24/2015 06:45 PM, Sumit Bose wrote: >>>>>>> On Wed, Jun 24, 2015 at 05:11:07PM +0200, Giorgio Biacchi wrote: >>>>>>>> Hi everybody, >>>>>>>> I established a bidirectional trust between an IPA server (version >>>>>>>> 4.1.0 on >>>>>>>> CentOS 7.1), ipa.mydomain.local and an AD (Windows 2012 r2), >>>>>>>> mydomain.local. >>>>>>>> Everything is working fine, and I'm able to authenticate and logon on >>>>>>>> a linux >>>>>>>> host joined to IPA server using AD credentials >>>>>>>> (username@mydomain.local). >>>>>>>> But active directory is configured with two more UPN suffixes >>>>>>>> (otherdomain.com >>>>>>>> and sub.otherdomain.com), and I cannot logon with credentials using >>>>>>>> alternative >>>>>>>> UPN (example: john....@otherdomain.com). >>>>>>>> >>>>>>>> How can I make this possible? Another trust (ipa trust-add) with the >>>>>>>> same AD? >>>>>>>> Manual configuration of krb5 and/or sssd? >>>>>>> >>>>>>> Have you tried to login to an IPA client or the server? Please try with >>>>>>> an IPA server first. If this does not work it would be nice if you can >>>>>>> send the SSSD log files from the IPA server which are generated during >>>>>>> the logon attempt. Please call 'sss_cache -E' before to invalidate all >>>>>>> cached entries so that the logs will contain all needed calls to AD. >>>>>>> >>>>>>> Using UPN suffixes were added to the AD provider some time ago and the >>>>>>> code is available in the IPA provider as well, but I guess no one has >>>>>>> actually tried this before. >>>>>>> >>>>>>> bye, >>>>>>> Sumit >>>>>> >>>>>> First of all let me say that i feel like I'm missing some config >>>>>> somewhere.. >>>>>> Changes tried in krb5.conf to support UPN suffixes didn't helped. >>>>>> I can only access the server vi ssh so I've attached the logs for a >>>>>> successful >>>>>> login for account1@mydomain.local and an unsuccessful login for >>>>>> accou...@otherdomain.com done via ssh. >>>>>> >>>>>> Bye and thanks for your help >>>>>> >>>>> >>>>> It looks like the request is not properly propagated to sub-domains (the >>>>> trusted AD domain) but only send to the IPA domain. >>>>> >>>>> Would it be possible for you to run a test build of SSSD which might fix >>>>> this? If yes, which version of SSSD are you currently using? Then I can >>>>> prepare a test build with the patch on top of this version. >>>>> >>>>> bye, >>>>> Sumit >>>>> >>>> >>>> Hi, >>>> I'm using sssd 1.12.2 (sssd --version) on CentOS 7.1.1503 and I'm >>>> available for >>>> any test. >>>> >>>> Here's the packages version for sssd: >>>> >>>> sssd-common-1.12.2-58.el7_1.6.x86_64 >>>> sssd-krb5-1.12.2-58.el7_1.6.x86_64 >>>> python-sssdconfig-1.12.2-58.el7_1.6.noarch >>>> sssd-krb5-common-1.12.2-58.el7_1.6.x86_64 >>>> sssd-ipa-1.12.2-58.el7_1.6.x86_64 >>>> sssd-1.12.2-58.el7_1.6.x86_64 >>>> sssd-libwbclient-1.12.2-58.el7_1.6.x86_64 >>>> sssd-ad-1.12.2-58.el7_1.6.x86_64 >>>> sssd-ldap-1.12.2-58.el7_1.6.x86_64 >>>> sssd-common-pac-1.12.2-58.el7_1.6.x86_64 >>>> sssd-proxy-1.12.2-58.el7_1.6.x86_64 >>>> sssd-client-1.12.2-58.el7_1.6.x86_64 >>> >>> Please try the packages at >>> http://koji.fedoraproject.org/koji/taskinfo?taskID=10210844 . >>> >>> bye, >>> Sumit >> >> Hi, >> I've installed the new RPMs, now if I run on the server: >> >> id account1@mydomain.local >> id accou...@otherdomain.com >> id accou...@sub.otherdomain.com >> >> all the users are found but I'm still unable to log in via ssh with the >> accounts >> @otherdomain.com and @sub.otherdomain.com. >> >> In attachment the logs for unsuccessful login for user >> accou...@otherdomain.com. > > Bother, I forgot to add the fix to the pam responder as well, please try > new packages from > http://koji.fedoraproject.org/koji/taskinfo?taskID=10212212 . > > bye, > Sumit >
Hi, I've updated all the packages but still no login. Logs follows. Thanks again -- gb PGP Key: http://pgp.mit.edu/ Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
(Thu Jun 25 18:49:44 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [accou...@otherdomain.com], fail! (Thu Jun 25 18:49:44 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:49:44 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [accou...@otherdomain.com]. (Thu Jun 25 18:49:44 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:49:44 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 18:49:44 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:49:44 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [accou...@otherdomain.com] does not exist in [ipa.mydomain.local]! (negative cache) (Thu Jun 25 18:49:44 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [accou...@otherdomain.com], fail! (Thu Jun 25 18:49:44 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:49:49 2015) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Thu Jun 25 18:53:07 2015) [sssd[nss]] [nss_clear_memcache] (0x0400): Clearing memory caches. (Thu Jun 25 18:53:07 2015) [sssd[nss]] [nss_orphan_netgroups] (0x0400): Removing netgroups from memory cache. (Thu Jun 25 18:53:12 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [accou...@otherdomain.com]. (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [accou...@otherdomain.com@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [accou...@otherdomain.com] found. (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335ce40:1:accou...@otherdomain.com:U@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa.mydomain.local][4097][1][name=accou...@otherdomain.com:U] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335ce40:1:accou...@otherdomain.com:U@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 0, Account info lookup failed Will try to return what we have in cache (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [accou...@otherdomain.com@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [accou...@otherdomain.com] found. (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa.mydomain.local/accou...@otherdomain.com] to negative cache (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [accou...@otherdomain.com@mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335ce40:1:accou...@otherdomain.com:U@mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [mydomain.local][4097][1][name=accou...@otherdomain.com:U] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335ce40:1:accou...@otherdomain.com:U@mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335ce40:1:accou...@otherdomain.com:U@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [accou...@otherdomain.com@mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [accou...@otherdomain.com@mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335ce40:1:accou...@otherdomain.com:U@mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [38] with input [nobody]. (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'nobody' matched without domain, user is nobody (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [nobody] from [<ALL>] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [nobody@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335ce40:3:nobody@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa.mydomain.local][4099][1][name=nobody] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335ce40:3:nobody@ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 0, Account info lookup failed Will try to return what we have in cache (Thu Jun 25 18:53:12 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335ce40:3:nobody@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [accou...@otherdomain.com]. (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [accou...@otherdomain.com] does not exist in [ipa.mydomain.local]! (negative cache) (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [accou...@otherdomain.com], fail! (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [accou...@otherdomain.com]. (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [accou...@otherdomain.com] does not exist in [ipa.mydomain.local]! (negative cache) (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [accou...@otherdomain.com], fail! (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [accou...@otherdomain.com]. (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [accou...@otherdomain.com] does not exist in [ipa.mydomain.local]! (negative cache) (Thu Jun 25 18:53:16 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [accou...@otherdomain.com], fail! (Thu Jun 25 18:53:16 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f2fd335e6b0:domains@ipa.mydomain.local] (Thu Jun 25 18:53:19 2015) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
(Thu Jun 25 18:49:40 2015) [sssd[be[ipa.mydomain.local]]] [find_ipa_ext_memberships] (0x0400): No external groupmemberships found. (Thu Jun 25 18:49:40 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Jun 25 18:49:44 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 18:49:44 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 18:49:44 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 18:49:44 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 18:49:44 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 18:49:44 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 18:49:54 2015) [sssd[be[ipa.mydomain.local]]] [sdap_id_conn_data_expire_handler] (0x0080): connection is about to expire, releasing it (Thu Jun 25 18:50:10 2015) [sssd[be[ipa.mydomain.local]]] [be_run_unconditional_online_cb] (0x0400): Running unconditional online callbacks. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_run_unconditional_online_cb] (0x0400): Running unconditional online callbacks. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [ipa_subdom_get_forest] (0x0400): 4th component is not 'trust', nothing to do. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=accou...@otherdomain.com:U] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa,dc=mydomain,dc=local] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(krbPrincipalName=accou...@otherdomain.com)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_users_done] (0x0040): Failed to retrieve users (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=accou...@otherdomain.com:U] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=accou...@otherdomain.com))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'mydomain.local' (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_resolve_server_process] (0x0200): Found address for server dc02.mydomain.local: [172.21.251.12] TTL 3600 (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [6] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, host/idc01.ipa.mydomain.local, IPA.MYDOMAIN.LOCAL, 86400) (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'mydomain.local' (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_resolve_server_process] (0x0200): Found address for server dc02.mydomain.local: [172.21.251.12] TTL 3600 (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 87 (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [write_pipe_handler] (0x0400): All data has been sent! (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [child_sig_handler] (0x0100): child [1874] finished successfully. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [read_pipe_handler] (0x0400): EOF received, client finished (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_IPA.MYDOMAIN.LOCAL], expired on [1435337592] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: host/idc01.ipa.mydomain.local (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'dc02.mydomain.local' as 'working' (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [set_server_common_status] (0x0100): Marking server 'dc02.mydomain.local' as 'working' (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'dc02.mydomain.local' as 'working' (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [dc=mydomain,dc=local] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(userPrincipalName=accou...@otherdomain.com)(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=mydomain,dc=local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_run_unconditional_online_cb] (0x0400): Running unconditional online callbacks. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 1 results. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Save user (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_primary_name] (0x0400): Processing object account2@mydomain.local (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Processing user account2@mydomain.local (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Original memberOf is not available for [account2@mydomain.local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Adding user principal [accou...@otherdomain.com] to attributes of [account2@mydomain.local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Storing info for user account2@mydomain.local (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [ipa_get_ad_acct_ad_part_done] (0x0080): Object not found, ending request (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1003][1][name=nobody] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [ipa.mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa,dc=mydomain,dc=local] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=nobody)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1][1][name=account2] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [mydomain.local] (Thu Jun 25 18:53:12 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=account2))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [dc=mydomain,dc=local] (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=account2)(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=mydomain,dc=local]. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 1 results. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Save user (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_primary_name] (0x0400): Processing object account2@mydomain.local (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Processing user account2@mydomain.local (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Original memberOf is not available for [account2@mydomain.local]. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Adding user principal [accou...@otherdomain.com] to attributes of [account2@mydomain.local]. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Storing info for user account2@mydomain.local (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-1710311407-3537505305-1030735119-11202))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectClass=ipaexternalgroup][dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [ipa_get_ext_groups_done] (0x0400): [0] external groups found. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [find_ipa_ext_memberships] (0x0400): No external groupmemberships found. (Thu Jun 25 18:53:13 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [ipa_subdom_get_forest] (0x0400): 4th component is not 'trust', nothing to do. (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 18:53:16 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
