On Wed, Aug 18, 2010 at 02:37:10PM +0200, Andy Kannberg wrote: > Stephen, > > Below is the log. I see messages with 'principal' and 'ssl'. Is that the > Kerberos principal which is referred to ?
Yes, but but the reason for the error is that your client cannot verify the SSL certificate of the server. Please try ldap_tls_reqcert = never in sssd.conf. This disables the verification of the server certificate but will still use SSL for authentication. Another (and better solution) is to install the CA certificate locally and use ldap_tls_cacert or ldap_tls_cacertdir to tell sssd where to find the CA certificate. bye, Sumit > > > (Wed Aug 18 14:29:04 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42C1C70 > (Wed Aug 18 14:29:04 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:04 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [ping] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42D4160 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [getAccountInfo] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_get_account_info] (4): Got > request for [3][1][name=nxp21358] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_send] (9): > Retrieving info for initgroups call > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): > calling ldap_search_ext with > [(&(uid=nxp21358)(objectclass=NxpUserAuxClass))][ou=TS > T_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [objectClass] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [uid] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [userPassword] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [uidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gecos] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [homeDirectory] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [loginShell] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbPrincipalName] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [cn] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [modifyTimestamp] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowLastChange] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowMin] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowMax] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowWarning] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowInactive] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowExpire] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowFlag] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbLastPwdChange] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbPasswordExpiration] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [pwdAttribute] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (8): > ldap_search_ext called, msgid = 18 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x4314e30], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (9): > OriginalDN: [cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x4314e30], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): > Search result: Success(0), > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_user] (9): > Receiving info for the user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[(nil)], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: ldap_result found nothing! > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction > (nesting: 0) > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_store] (9): > Storing the user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (9): Save > user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): > Adding original DN [cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP] to > attributes of > [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): > Original memberOf is not available for [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): User > principal is not available for [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (6): > Storing info for user nxp21358 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_commit] (9): > Commit change > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [ldb] (9): commit ldb > transaction (nesting: 0) > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_process] (9): > Process user's groups > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): > calling ldap_search_ext with > [(&(memberuid=nxp21358)(objectclass=NxpGroupAuxClass)) > ][ou=TST_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [objectClass] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [cn] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [userPassword] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [memberuid] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [modifyTimestamp] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (8): > ldap_search_ext called, msgid = 19 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x4316c00], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): > Search result: Success(0), > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_done] (9): > Initgroups done > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [acctinfo_callback] (4): Request > processed. Returned 0,0,Success > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[(nil)], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: ldap_result found nothing! > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42D4160 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [pamHandler] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler] (4): Got > request with the following data > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): command: > PAM_AUTHENTICATE > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): domain: > LDAP > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): user: > nxp21358 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): service: > sshd > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): tty: ssh > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): ruser: > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): rhost: > acc3044.nxdi.nl-cdc01.nxp.com > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > type: 1 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > size: 12 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > type: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > size: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): priv: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): cli_pid: > 4989 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [fo_resolve_service_send] (4): > Trying to resolve service 'LDAP' > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [get_server_status] (7): Status > of server 'dtcxxx.xxx.xxx' is 'working' > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [get_port_status] (7): Port > status of port 389 for server 'dtcxxx.xxx.xxx' is 'not working' > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [get_port_status] (4): Reseting > the status of port 389 for server 'dtcxxx.xxx.xxx' > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [get_server_status] (7): Status > of server 'dtcxxx.xxx.xxx' is 'working' > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_resolve_server_done] (4): > Found address for server dtcxxx.xxx.xxx: [xxx.xxx.xxx.xxx] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] > [setup_ldap_connection_callbacks] (9): LDAP connection callbacks are not > supported. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_connect_send] (4): > Executing START TLS > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_install_ldap_callbacks] > (8): Trace: sh[0x42e8e20], connected[1], ops[(nil)], fde[0x43033a0], > ldap[0x42e092 > 0] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42e8e20], connected[1], ops[0x4303450], ldap[0x42e0920] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_connect_done] (3): START > TLS result: Success(0), > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_connect_done] (3): > ldap_install_tls failed: [Connect error] [error:14090086:SSL > routines:SSL3_GET_SERVER_C > ERTIFICATE:certificate verify failed] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_handle_release] (8): > Trace: sh[0x42e8e20], connected[1], ops[(nil)], ldap[0x42e0920], > destructor_lock[0],r > elease_memory[0] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [fo_set_port_status] (4): > Marking port 389 of server 'dtcxxx.xxx.xxx' as 'not working' > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): > Backend returned: (3, 4, <NULL>) [Internal Error (Interrupted system call)] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): > Sending result [4][LDAP] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): > Sent result [4][LDAP] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42D4160 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [getAccountInfo] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_get_account_info] (4): Got > request for [3][1][name=nxp21358] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_send] (9): > Retrieving info for initgroups call > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): > calling ldap_search_ext with > [(&(uid=nxp21358)(objectclass=NxpUserAuxClass))][ou=TS > T_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [objectClass] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [uid] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [userPassword] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [uidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gecos] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [homeDirectory] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [loginShell] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbPrincipalName] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [cn] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [modifyTimestamp] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowLastChange] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowMin] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowMax] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowWarning] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowInactive] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowExpire] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowFlag] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbLastPwdChange] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbPasswordExpiration] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [pwdAttribute] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (8): > ldap_search_ext called, msgid = 20 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x42e8ed0], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (9): > OriginalDN: [cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x42e8ed0], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): > Search result: Success(0), > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_user] (9): > Receiving info for the user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[(nil)], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: ldap_result found nothing! > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction > (nesting: 0) > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_store] (9): > Storing the user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (9): Save > user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): > Adding original DN [cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP] to > attributes of > [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): > Original memberOf is not available for [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): User > principal is not available for [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (6): > Storing info for user nxp21358 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_commit] (9): > Commit change > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [ldb] (9): commit ldb > transaction (nesting: 0) > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_process] (9): > Process user's groups > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): > calling ldap_search_ext with > [(&(memberuid=nxp21358)(objectclass=NxpGroupAuxClass)) > ][ou=TST_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [objectClass] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [cn] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [userPassword] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [memberuid] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [modifyTimestamp] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (8): > ldap_search_ext called, msgid = 21 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x4316d10], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): > Search result: Success(0), > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_done] (9): > Initgroups done > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [acctinfo_callback] (4): Request > processed. Returned 0,0,Success > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[(nil)], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: ldap_result found nothing! > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42D4160 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [pamHandler] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler] (4): Got > request with the following data > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): command: > PAM_SETCRED > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): domain: > LDAP > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): user: > nxp21358 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): service: > sshd > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): tty: ssh > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): ruser: > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): rhost: > accxxx.xxx.xxx.com > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > type: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > size: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > type: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > size: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): priv: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): cli_pid: > 4989 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler] (4): Sending > result [0][LDAP] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42D4160 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [pamHandler] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler] (4): Got > request with the following data > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): command: > PAM_OPEN_SESSION > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): domain: > LDAP > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): user: > nxp21358 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): service: > sshd > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): tty: ssh > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): ruser: > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): rhost: > acc3044.nxdi.nl-cdc01.nxp.com > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > type: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > size: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > type: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > size: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): priv: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): cli_pid: > 4989 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler] (4): Sending > result [0][LDAP] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42D4160 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [getAccountInfo] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_get_account_info] (4): Got > request for [3][1][name=nxp21358] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_send] (9): > Retrieving info for initgroups call > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): > calling ldap_search_ext with > [(&(uid=nxp21358)(objectclass=NxpUserAuxClass))][ou=TS > T_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [objectClass] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [uid] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [userPassword] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [uidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gecos] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [homeDirectory] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [loginShell] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbPrincipalName] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [cn] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [modifyTimestamp] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowLastChange] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowMin] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowMax] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowWarning] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowInactive] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowExpire] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [shadowFlag] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbLastPwdChange] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [krbPasswordExpiration] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [pwdAttribute] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (8): > ldap_search_ext called, msgid = 22 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x42d7850], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (9): > OriginalDN: [cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x42d7850], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): > Search result: Success(0), > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_user] (9): > Receiving info for the user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[(nil)], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: ldap_result found nothing! > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction > (nesting: 0) > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_store] (9): > Storing the user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (9): Save > user > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): > Adding original DN [cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP] to > attributes of > [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): > Original memberOf is not available for [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (7): User > principal is not available for [nxp21358]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_save_user_send] (6): > Storing info for user nxp21358 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_commit] (9): > Commit change > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [ldb] (9): commit ldb > transaction (nesting: 0) > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_process] (9): > Process user's groups > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): > calling ldap_search_ext with > [(&(memberuid=nxp21358)(objectclass=NxpGroupAuxClass)) > ][ou=TST_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP]. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [objectClass] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [cn] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [userPassword] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [gidNumber] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [memberuid] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): > Requesting attrs: [modifyTimestamp] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (8): > ldap_search_ext called, msgid = 23 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[0x42e0a00], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): > Search result: Success(0), > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_get_initgr_done] (9): > Initgroups done > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [acctinfo_callback] (4): Request > processed. Returned 0,0,Success > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: sh[0x42d7d70], connected[1], ops[(nil)], ldap[0x42d7f30] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): > Trace: ldap_result found nothing! > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42D4160 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [pamHandler] > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler] (4): Got > request with the following data > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): command: > PAM_SETCRED > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): domain: > LDAP > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): user: > nxp21358 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): service: > sshd > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): tty: ssh > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): ruser: > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): rhost: > acc3044.nxdi.nl-cdc01.nxp.com > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > type: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): authtok > size: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > type: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): newauthtok > size: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): priv: 0 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [pam_print_data] (4): cli_pid: > 4991 > (Wed Aug 18 14:29:11 2010) [sssd[be[LDAP]]] [be_pam_handler] (4): Sending > result [0][LDAP] > (Wed Aug 18 14:29:14 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42C1C70 > (Wed Aug 18 14:29:14 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:14 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [ping] > (Wed Aug 18 14:29:23 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: > 42C1C70 > (Wed Aug 18 14:29:23 2010) [sssd[be[LDAP]]] [sbus_dispatch] (9): > Dispatching. > (Wed Aug 18 14:29:23 2010) [sssd[be[LDAP]]] [sbus_message_handler] (9): > Received SBUS method [ping] > > > > > > > 2010/8/18 Stephen Gallagher <sgall...@redhat.com> > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 08/18/2010 07:53 AM, Andy Kannberg wrote: > > > > > <http://acc3044.nxdi.nl-cdc01.nxp.com> user=nxp21358 > > > Aug 18 13:52:12 hpdw0001 sshd[8774]: pam_sss(sshd:auth): received for > > > user nxp21358: 4 (System error) > > > > Hmm, System error seems to imply a bug. Can you investigate the SSSD > > logs like before to see if anything stands out? > > > > - -- > > Stephen Gallagher > > RHCE 804006346421761 > > > > Delivering value year after year. > > Red Hat ranks #1 in value among software vendors. > > http://www.redhat.com/promo/vendor/ > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2.0.14 (GNU/Linux) > > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > > > iEYEARECAAYFAkxr0PIACgkQeiVVYja6o6NvfACfemu9P4yoebTySoGrsk5SFoWZ > > 4PoAoKWfrOoRWDXR+IJY4sd8gqVm4pST > > =OqPe > > -----END PGP SIGNATURE----- > > > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel