On Tue, Feb 23, 2016 at 03:14:20PM -0500, Jester wrote: > Recent events from ldap_child. > > > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400): > ldap_child started. > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000): > context initialized > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x1000): total buffer size: 52 > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x1000): realm_str size: 9 > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x1000): got realm_str: MRJESTER.NET > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x1000): princ_str size: 19 > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x1000): got princ_str: host/nuc0.mrjester.net > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x1000): keytab_name size: 0 > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x1000): lifetime: 86400 > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer] > (0x0200): Will run as [0][0]. > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [privileged_krb5_setup] (0x2000): Kerberos context initialized > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000): > Kerberos context initialized > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user] > (0x0200): Trying to become user [0][0]. > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user] > (0x0200): Already user [0]. > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000): > Running as [0][0]. > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000): > getting TGT sync > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET] > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [ldap_child_get_tgt_sync] (0x0100): Principal name is: > [host/nuc0.mrjester....@mrjester.net] > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [ldap_child_get_tgt_sync] (0x0100): Using keytab > [MEMORY:/etc/krb5.keytab] > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: > Decrypt integrity check failed > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [ldap_child_get_tgt_sync] (0x2000): Unlinking > [/var/lib/sss/db/ccache_MRJESTER.NET_GsnnAd] > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0020): > ldap_child_get_tgt_sync failed. > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] > [prepare_response] (0x0400): Building response for result > [-1765328353] > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer] > (0x2000): response size: 50 > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer] > (0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt > integrity check failed]
Here authenticating with the keytab failed.. > (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400): > ldap_child completed successfully > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400): > ldap_child started. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000): > context initialized > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x1000): total buffer size: 52 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x1000): realm_str size: 9 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x1000): got realm_str: MRJESTER.NET > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x1000): princ_str size: 19 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x1000): got princ_str: host/nuc0.mrjester.net > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x1000): keytab_name size: 0 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x1000): lifetime: 86400 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer] > (0x0200): Will run as [0][0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [privileged_krb5_setup] (0x2000): Kerberos context initialized > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000): > Kerberos context initialized > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user] > (0x0200): Trying to become user [0][0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user] > (0x0200): Already user [0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000): > Running as [0][0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000): > getting TGT sync > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [ldap_child_get_tgt_sync] (0x0100): Principal name is: > [host/nuc0.mrjester....@mrjester.net] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [ldap_child_get_tgt_sync] (0x0100): Using keytab > [MEMORY:/etc/krb5.keytab] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: > Decrypt integrity check failed > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [ldap_child_get_tgt_sync] (0x2000): Unlinking > [/var/lib/sss/db/ccache_MRJESTER.NET_2fcAih] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0020): > ldap_child_get_tgt_sync failed. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] > [prepare_response] (0x0400): Building response for result > [-1765328353] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer] > (0x2000): response size: 50 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer] > (0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt > integrity check failed] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400): > ldap_child completed successfully > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400): > ldap_child started. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000): > context initialized > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x1000): total buffer size: 52 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x1000): realm_str size: 9 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x1000): got realm_str: MRJESTER.NET > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x1000): princ_str size: 19 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x1000): got princ_str: host/nuc0.mrjester.net > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x1000): keytab_name size: 0 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x1000): lifetime: 86400 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer] > (0x0200): Will run as [0][0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [privileged_krb5_setup] (0x2000): Kerberos context initialized > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000): > Kerberos context initialized > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user] > (0x0200): Trying to become user [0][0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user] > (0x0200): Already user [0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000): > Running as [0][0]. > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000): > getting TGT sync > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x0100): Principal name is: > [host/nuc0.mrjester....@mrjester.net] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x0100): Using keytab > [MEMORY:/etc/krb5.keytab] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x2000): credentials initialized > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x2000): keytab ccname: > [FILE:/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x2000): credentials stored > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [ldap_child_get_tgt_sync] (0x2000): Renaming > [/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng] to > [/var/lib/sss/db/ccache_MRJESTER.NET] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] > [prepare_response] (0x0400): Building response for result [0] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer] > (0x2000): response size: 57 > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer] > (0x1000): result [0] krberr [0] msgsize [37] msg > [FILE:/var/lib/sss/db/ccache_MRJESTER.NET] > (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400): > ldap_child completed successfully > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400): > ldap_child started. > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000): > context initialized > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x1000): total buffer size: 52 > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x1000): realm_str size: 9 > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x1000): got realm_str: MRJESTER.NET > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x1000): princ_str size: 19 > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x1000): got princ_str: host/nuc0.mrjester.net > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x1000): keytab_name size: 0 > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x1000): lifetime: 86400 > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer] > (0x0200): Will run as [0][0]. > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [privileged_krb5_setup] (0x2000): Kerberos context initialized > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000): > Kerberos context initialized > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user] > (0x0200): Trying to become user [0][0]. > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user] > (0x0200): Already user [0]. > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000): > Running as [0][0]. > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000): > getting TGT sync > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET] > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x0100): Principal name is: > [host/nuc0.mrjester....@mrjester.net] > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x0100): Using keytab > [MEMORY:/etc/krb5.keytab] > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x2000): credentials initialized > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x2000): keytab ccname: > [FILE:/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c] > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x2000): credentials stored > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [ldap_child_get_tgt_sync] (0x2000): Renaming > [/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c] to > [/var/lib/sss/db/ccache_MRJESTER.NET] ...but here it succeeded...with the same principal.. did you maybe change the keytab in the meantime? Or, if you crank up the debug_level even higher, you should see the IP address of the KDC you're talking to. I wonder if it's always the one you'd expect.. > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] > [prepare_response] (0x0400): Building response for result [0] > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer] > (0x2000): response size: 57 > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer] > (0x1000): result [0] krberr [0] msgsize [37] msg > [FILE:/var/lib/sss/db/ccache_MRJESTER.NET] > (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400): > ldap_child completed successfully > > > > On Tue, Feb 23, 2016 at 2:54 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > > On Tue, Feb 23, 2016 at 01:32:11PM -0500, Jester wrote: > >> New IPA install of Fedora 23 with FreeIPA 4.2.3. Client is Ubuntu > >> Desktop 15.10 (nuc) with IPA client 4.1.4. > >> > >> ipa-client-install was successful. Host object created, DNS updated, etc. > >> > >> I am not able to log into the Ubuntu client with any user aside from > >> Admin. I get inconsistent password prompting behavior. It doesn't > >> always prompt. Most of the time, it just gives the client not found > >> message. kinit works with all users on the IPA server directly. > >> > >> root@nuc0:/var/lib/sss# kinit admin > >> Password for ad...@mrjester.net: > >> root@nuc0:/var/lib/sss# kinit jon > >> kinit: Client 'j...@mrjester.net' not found in Kerberos database while > >> getting initial credentials > >> root@nuc0:/var/lib/sss# kinit jon-test > >> Password for jon-t...@mrjester.net: > >> Password expired. You must change it now. > >> Enter new password: > >> Enter it again: > >> kinit: Password change failed while getting initial credentials > >> root@nuc0:/var/lib/sss# kinit jon-test > >> kinit: Client 'jon-t...@mrjester.net' not found in Kerberos database > >> while getting initial credentials > >> root@nuc0:/var/lib/sss# > >> > >> I am able to do GSSAPI auth from the client. > >> > >> /usr/bin/ldapsearch -LLL -H ldap://dir0.mrjester.net/ -Y GSSAPI -N -b > >> "dc=mrjester,dc=net" cn > >> > >> Some various messages I see that stand out as possibly related. SSSD > >> debug level 8 > >> > >> [parse_krb5_map_user] (0x0200): Warning: krb5_map_user is empty! > >> > >> > >> [sssd[be[mrjester.net]]] [sdap_get_tgt_recv] (0x0400): Child > >> responded: 14 [Decrypt integrity check failed], expired on [0] > > > > Please look into ldap_child with high debug level, it looks like sssd > > has some issues authenticating to the directory. > > > >> > >> > >> [sssd[be[mrjester.net]]] [sdap_kinit_done] (0x0100): Could not get > >> TGT: 14 [Bad address] > >> [sssd[be[mrjester.net]]] [sdap_cli_kinit_done] (0x0400): Cannot get a > >> TGT: ret [1432158219](Authentication Failed) > >> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0100): Marking port > >> 389 of server 'dir0.mrjester.net' as 'not working' > >> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0400): Marking port > >> 389 of duplicate server 'dir0.mrjester.net' as 'not working' > >> > >> > >> [sssd[be[mrjester.net]]] [sbus_get_sender_id_send] (0x2000): Not a > >> sysbus message, quit > >> [sssd[be[mrjester.net]]] [be_get_account_info] (0x0200): Got request > >> for [0x1001][1][name=*] > >> [sssd[be[mrjester.net]]] [be_req_set_domain] (0x0400): Changing > >> request domain from [mrjester.net] to [mrjester.net] > >> [sssd[be[mrjester.net]]] [sdap_idmap_domain_has_algorithmic_mapping] > >> (0x0080): Could not parse domain SID from [(null)] > >> [sssd[be[mrjester.net]]] [sdap_search_user_next_base] (0x0400): > >> Searching for users with base [cn=accounts,dc=mrjester,dc=net] > >> [sssd[be[mrjester.net]]] [sdap_print_server] (0x2000): Searching 10.8.10.40 > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x0400): calling > >> ldap_search_ext with > >> [(&(uid=\2a)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=mrjester,dc=net]. > > > > Do you use enumerate=true? > > > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [objectClass] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [uid] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [userPassword] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [uidNumber] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [gidNumber] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [gecos] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [homeDirectory] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [loginShell] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [krbPrincipalName] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [cn] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [memberOf] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [ipaUniqueID] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [ipaNTSecurityIdentifier] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [modifyTimestamp] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [entryUSN] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [shadowLastChange] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [shadowMin] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [shadowMax] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [shadowWarning] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [shadowInactive] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [shadowExpire] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [shadowFlag] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [krbLastPwdChange] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [krbPasswordExpiration] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [pwdAttribute] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [authorizedService] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [accountExpires] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [userAccountControl] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [nsAccountLock] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [host] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [loginDisabled] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [loginExpirationTime] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [loginAllowedTimeMap] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [ipaSshPubKey] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000): > >> Requesting attrs: [ipaUserAuthType] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x2000): > >> ldap_search_ext called, msgid = 12 > >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace: > >> sh[0x1b6d100], connected[1], ops[0x1b6e810], ldap[0x1b7a970] > >> [sssd[be[mrjester.net]]] [sdap_get_generic_op_finished] (0x0400): > >> Search result: Success(0), no errmsg set > >> [sssd[be[mrjester.net]]] [sdap_search_user_process] (0x0400): Search > >> for users, returned 0 results. > >> [sssd[be[mrjester.net]]] [sdap_get_users_done] (0x0040): Failed to > >> retrieve users > >> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry > >> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): Search groups > >> with filter: (&(objectclass=group)(ghost=\2a)) > >> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): No such entry > >> [sssd[be[mrjester.net]]] [sysdb_delete_user] (0x0400): Error: 2 (No > >> such file or directory) > >> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry > >> [sssd[be[mrjester.net]]] [ipa_id_get_account_info_orig_done] (0x0080): > >> Object not found, ending request > >> [sssd[be[mrjester.net]]] [acctinfo_callback] (0x0100): Request > >> processed. Returned 3,0,Account info lookup failed > >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace: > >> sh[0x1b6d100], connected[1], ops[(nil)], ldap[0x1b7a970] > >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace: > >> ldap_result found nothing! > >> > >> > >> > >> What additional information can I provide or things I can try? > >> > >> Thanks > >> > >> -- > >> Manage your subscription for the Freeipa-users mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-users > >> Go to http://freeipa.org for more info on the project > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project