Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent key lookup issues with sss_ssh_authorizedkeys after 1.14 upgrade, resent in 1.15.2 and 1.16. #4653

Closed
sssd-bot opened this issue May 2, 2020 · 0 comments
Closed

Inconsistent key lookup issues with sss_ssh_authorizedkeys after 1.14 upgrade, resent in 1.15.2 and 1.16. #4653

sssd-bot opened this issue May 2, 2020 · 0 comments
Assignees
@sumit-bose
Labels
Closed: Duplicate

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3632

  • Created at 2018-02-06 17:31:17 by sengelbert
  • Closed at 2018-03-22 10:44:04 as duplicate
  • Assigned to sbose

Issue exists and tested in versions 1.15.2 and a 1.16 build (1.16.0-4.el7.centos).

After upgrade from 1.14.1, we have noticed a weird pattern that is, honestly, not always consistent but looks like
this…

Login attempt 1

local
user@DOMAIN.AD(a)local: ~$ ssh server
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

on server
root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user

root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user(a)DOMAIN.AD

root@server: ~$ sss_cache -E
root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user(a)DOMAIN.AD

root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user

root@server: ~$ exit

Login attempt 2

local
user@DOMAIN.AD(a)local: ~$ ssh server
Last login: Fri Feb 2 16:31:23 2018 from local

user@server: ~$

on server
root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user

root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user(a)DOMAIN.AD

Login attempt 3

local
user@DOMAIN.AD(a)local: ~$ ssh server
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

on server
root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user

root@server: ~$ /usr/bin/sss_ssh_authorizedkeys user(a)DOMAIN.AD

It appears as though clearing the cache clears or resets the cache correctly and then a
successful login clears or resets the cache incorrectly.

Also here are our configs…

[sssd]
config_file_version = 2
#wmb - added ssh to the following line
services = ssh, nss, pam
domains = DOMAIN.AD
#wmb added next line
default_domain_suffix = DOMAIN.AD
debug_level = 0x3ff0

#wmb added the following line
[ssh]

[nss]
override_homedir = /users/%u
default_shell = /bin/bash
use_fully_qualified_names = True
fallback_homedir = /users/%u@%d
reconnection_retries = 3

[pam]
reconnection_retries = 3
#wmb added the following line - Keep user credentials in cache for 7 days
offline_credentials_expiration = 7

[domain/DOMAIN.AD]
#wmb - added next line
ad_domain = DOMAIN.AD
debug_level = 0x3ff0
enumerate = false
#wmb - Do not return group members for group lookups. Default false
#ignore_group_members = true
id_provider = ad
chpass_provider = ad
auth_provider = ad
access_provider = simple
#simple_allow_groups = hadoop_admins, hadoop_users
ad_server = ADSERVER1.DOMAIN.AD
#wmb activated next line
ad_backup_server = ADSERVER2.DOMAIN.AD
ldap_schema = ad
ldap_user_principal = sAMAccountName
#wmb added the next 2 lines for SSH keys
ldap_user_extra_attrs = User-sshPublicKey:User-sshPublicKey
ldap_user_ssh_public_key = User-sshPublicKey
ldap_id_mapping = true
ldap_force_upper_case_realm = true
case_sensitive = false
krb5_realm = DOMAIN.AD
#wmb tags stored by the realmd configuration service for this domain
realmd_tags = manages-system joined-with-samba
#wmb Save user passwd if they log in offline. Do kinit when they com online
#krb5_store_password_if_offline = true
ldap_access_order = filter,expire
ldap_account_expire_policy = ad
cache_credentials = true
account_cache_expiration = 15
enum_cache_timeout = 120
entry_cache_nowait_percentage = 50
entry_cache_nowait_timeout = 28800
#wmb add if you want to restrict access to a certain group
ldap_group_search_base = DC=DOMAIN,DC=AD
ldap_sasl_authid = host/server(a)DOMAIN.AD
#wmb - enable AD client to update its DNS record
dyndns_update = True
dyndns_update_ptr = True
dyndns_refresh_interval = 43200
dyndns_ttl = 3600

Here are logs...

/usr/bin/sss_ssh_authorizedkeys user
Returns keys

(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sbus_get_sender_id_send] (0x2000): Not a
sysbus message, quit
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_get_account_info_handler] (0x0200):
Got request for [0x1][BE_REQ_USER][name=user(a)DOMAIN.ad]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): DP Request
[Account #1403]: New request. Flags [0x0001].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): Number of
active DP request: 1
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_next_base] (0x0400):
Searching for users with base [DC=DOMAIN,DC=AD]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
170.0.0.2:389
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(sAMAccountName=user)(objectclass=user)(sAMAccountName=)(objectSID=))][DC=DOMAIN,DC=AD].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixUserPassword]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uidNumber]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gecos]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixHomeDirectory]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [loginShell]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [name]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectGUID]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectSID]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [primaryGroupID]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [whenChanged]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uSNChanged]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [accountExpires]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userAccountControl]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userCertificate;binary]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [mail]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 12
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 12
timeout 6
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7eb7160], connected[1], ops[0x5622d7ebef10], ldap[0x5622d6c9a790]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[CN=Simon Engelbert,OU=Non-VIP,OU=Users,OU=Accounts,OU=Corp,DC=DOMAIN,DC=AD].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [whenChanged]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [uSNChanged]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [name]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectGUID]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [userAccountControl]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [primaryGroupID]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectSid]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [accountExpires]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [sAMAccountName]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [mail]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [shawUser-sshPublicKey]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7eb7160], connected[1], ops[0x5622d7ebef10], ldap[0x5622d6c9a790]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_add_references]
(0x1000): Additional References:
ldap://DomainDnsZones.DOMAIN.AD/DC=DomainDnsZones,DC=DOMAIN,DC=AD
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7eb7160], connected[1], ops[0x5622d7ebef10], ldap[0x5622d6c9a790]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
12 finished
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x0400):
Search for users, returned 1 results.
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x2000):
Retrieved total 1 users
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_save_user] (0x0400): Save user
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_primary_name] (0x0400):
Processing object user
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_save_user] (0x0400): Processing
user user(a)DOMAIN.ad
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_save_user] (0x1000): Mapping user
[user(a)DOMAIN.ad] objectSID [S-1-5-21-1916243804-2947104764-1996252313-179441] to unix ID
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_save_user] (0x2000): Adding
originalDN [CN=Simon Engelbert,OU=Non-VIP,OU=Users,OU=Accounts,OU=Corp,DC=DOMAIN,DC=AD] to
attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_save_user] (0x0400): Adding
original memberOf attributes to [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding original mod-Timestamp [20180122182213.0Z] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_save_user] (0x0400): Adding user
principal [user] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowLastChange is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowMin is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowMax is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowWarning is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowInactive is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowExpire is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowFlag is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
krbLastPwdChange is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
krbPasswordExpiration is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
pwdAttribute is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
authorizedService is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding adAccountExpires [9223372036854775807] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding adUserAccountControl [512] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
nsAccountLock is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
authorizedHost is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginDisabled is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginExpirationTime is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginAllowedTimeMap is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding sshPublicKey [] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding sshPublicKey [] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
authType is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
userCertificate is not available for [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding mail [Simon.Engelbert(a)DOMAIN.ca] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding shawUser-sshPublicKey [] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding shawUser-sshPublicKey [] to attributes of [user(a)DOMAIN.ad].
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sysdb_attrs_get_aliases] (0x2000):
Domain is case-insensitive; will add lowercased aliases
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_save_user] (0x0400): Storing info
for user user(a)DOMAIN.ad
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sysdb_search_by_name] (0x0400): No such
entry
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sysdb_store_user] (0x1000): User
user(a)DOMAIN.ad does not exist.
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sysdb_search_user_by_uid] (0x0400): No
such entry
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sysdb_ldb_msg_difference] (0x2000):
Added attr [objectSIDString] to entry
[name=user(a)DOMAIN.ad,cn=users,cn=DOMAIN.AD,cn=sysdb]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sysdb_set_entry_attr] (0x0200): Entry
[name=user(a)DOMAIN.ad,cn=users,cn=DOMAIN.AD,cn=sysdb] has set [cache, ts_cache] attrs.
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_req_done] (0x0400): DP Request
[Account #1403]: Request handler finished [0]: Success
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [_dp_req_recv] (0x0400): DP Request
[Account #1403]: Receiving request data.
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_list_success] (0x0400): DP
Request [Account #1403]: Finished. Success.
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_std] (0x1000): DP Request
[Account #1403]: Returning [Success]: 0,0,Success
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_table_value_destructor] (0x0400):
Removing [0:1:0x0001:1::DOMAIN.AD:name=user@DOMAIN.ad] from reply table
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): DP Request
[Account #1403]: Request removed.
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): Number of
active DP request: 0
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7eb7160], connected[1], ops[(nil)], ldap[0x5622d6c9a790]
(Wed Jan 31 18:26:46 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list

/usr/bin/sss_ssh_authorizedkeys user(a)DOMAIN.AD
Error looking up public keys

(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sbus_get_sender_id_send] (0x2000): Not a
sysbus message, quit
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_get_account_info_handler] (0x0200):
Got request for [0x1][BE_REQ_USER][name=user@DOMAIN.ad(a)DOMAIN.ad]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): DP Request
[Account #1409]: New request. Flags [0x0001].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): Number of
active DP request: 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 0 for server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server ADSERVER.DOMAIN.ad: [170.0.0.2] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_ldap_connect_callback_add]
(0x1000): New LDAP connection to [ldap://ADSERVER.DOMAIN.ad:389/??base] with fd [19].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
170.0.0.2:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=)][].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: []
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedFeatures]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [lastUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 1
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[0x5622d7ebef10], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [currentTime]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [subschemaSubentry]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dsServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [schemaNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [configurationNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [rootDomainNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPPolicies]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dnsHostName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ldapServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedCapabilities]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isSynchronized]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isGlobalCatalogReady]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [forestFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[0x5622d7ebef10], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
1 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000): Got
rootdse
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000):
Skipping auto-detection of match rule
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_server_opts_from_rootdse]
(0x0100): Setting AD compatibility level to [6]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_send] (0x0400): Attempting
kinit (default, host/server.DOMAIN.ad, DOMAIN.AD, 86400)
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_next_kdc] (0x1000): Resolving
next KDC for service AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 0 for server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server ADSERVER.DOMAIN.ad: [170.0.0.2] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
resolved, attempting to get TGT...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [create_tgt_req_send_buffer] (0x0400):
buffer size: 55
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Setting
up signal handler up for pid [19453]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [19453]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_tgt_child_timeout] (0x0400): Setting
6 seconds timeout for tgt child
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[(nil)], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [write_pipe_handler] (0x0400): All data
has been sent!
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [read_pipe_handler] (0x0400): EOF
received, client finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_tgt_recv] (0x0400): Child
responded: 0 [FILE:/var/lib/sss/db/ccache_DOMAIN.AD], expired on [1517459477]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x1000): the
connection will expire at 1517424377
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: gssapi, user: host/server.DOMAIN.ad
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x1000): Waiting for
child [19453].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x0100): child
[19453] finished successfully.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_connect_recv] (0x0400):
Connection established.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0100): Marking
port 0 of server 'ADSERVER.DOMAIN.ad' as 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'ADSERVER.DOMAIN.ad' as 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 0 of duplicate server 'ADSERVER.DOMAIN.ad' as 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_id_op_connect_done] (0x2000): Old
USN: 75028237, New USN: 75031468
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_next_base] (0x0400):
Searching for users with base [DC=DOMAIN,DC=AD]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
170.0.0.2:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(sAMAccountName=user@DOMAIN.ad)(objectclass=user)(sAMAccountName=)(objectSID=))][DC=DOMAIN,DC=AD].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixUserPassword]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uidNumber]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gecos]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixHomeDirectory]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [loginShell]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [name]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectGUID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectSID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [primaryGroupID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [whenChanged]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uSNChanged]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [accountExpires]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userAccountControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userCertificate;binary]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [mail]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 5
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 5
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[0x5622d7e96670], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_add_references]
(0x1000): Additional References:
ldap://DomainDnsZones.DOMAIN.AD/DC=DomainDnsZones,DC=DOMAIN,DC=AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[0x5622d7e96670], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
5 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x0400):
Search for users, returned 0 results.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x2000):
Retrieved total 0 users
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sysdb_search_by_name] (0x0400): No such
entry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sysdb_cache_search_groups] (0x2000):
Search groups with filter: (&(objectclass=group)(ghost=user@DOMAIN.ad(a)DOMAIN.ad))
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sysdb_cache_search_groups] (0x2000): No
such entry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sysdb_delete_user] (0x0400): Error: 2
(No such file or directory)
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_done] (0x0400): DP Request
[Account #1409]: Request handler finished [0]: Success
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [_dp_req_recv] (0x0400): DP Request
[Account #1409]: Receiving request data.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_list_success] (0x0400): DP
Request [Account #1409]: Finished. Success.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_std] (0x1000): DP Request
[Account #1409]: Returning [Success]: 0,0,Success
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_table_value_destructor] (0x0400):
Removing [0:1:0x0001:1::DOMAIN.AD:name=user@DOMAIN.ad@DOMAIN.ad] from reply table
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): DP Request
[Account #1409]: Request removed.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): Number of
active DP request: 0
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[(nil)], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sbus_get_sender_id_send] (0x2000): Not a
sysbus message, quit
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_get_account_info_handler] (0x0200):
Got request for [0x1][BE_REQ_USER][name=user(a)DOMAIN.AD]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): DP Request
[Account #1410]: New request. Flags [0x0001].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): Number of
active DP request: 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_next_base] (0x0400):
Searching for users with base [DC=DOMAIN,DC=AD]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
170.0.0.2:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(|(sAMAccountName=user@DOMAIN.AD)(mail=user@DOMAIN.AD)(sAMAccountName=user\@DOMAIN.AD@DOMAIN.AD))(objectclass=user)(sAMAccountName=)(objectSID=))][DC=DOMAIN,DC=AD].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixUserPassword]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uidNumber]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gecos]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixHomeDirectory]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [loginShell]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [name]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectGUID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectSID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [primaryGroupID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [whenChanged]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uSNChanged]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [accountExpires]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userAccountControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userCertificate;binary]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [mail]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 6
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[0x5622d7e96670], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_add_references]
(0x1000): Additional References:
ldap://DomainDnsZones.DOMAIN.AD/DC=DomainDnsZones,DC=DOMAIN,DC=AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[0x5622d7e96670], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
6 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x0400):
Search for users, returned 0 results.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x2000):
Retrieved total 0 users
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_done] (0x0400): DP Request
[Account #1410]: Request handler finished [0]: Success
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [_dp_req_recv] (0x0400): DP Request
[Account #1410]: Receiving request data.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_list_success] (0x0400): DP
Request [Account #1410]: Finished. Success.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_std] (0x1000): DP Request
[Account #1410]: Returning [Success]: 0,0,Success
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_table_value_destructor] (0x0400):
Removing [0:1:0x0001:1:U:DOMAIN.AD:name=user@DOMAIN.AD] from reply table
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): DP Request
[Account #1410]: Request removed.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): Number of
active DP request: 0
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e94550], connected[1], ops[(nil)], ldap[0x5622d6c9a790]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sbus_get_sender_id_send] (0x2000): Not a
sysbus message, quit
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_get_account_info_handler] (0x0200):
Got request for [0x1][BE_REQ_USER][name=user(a)DOMAIN.AD]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): DP Request
[Account #1411]: New request. Flags [0x0001].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_attach_req] (0x0400): Number of
active DP request: 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
PRD.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
DOMAIN.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
PRD.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_domain_get_state] (0x1000): Domain
PRD.AD is Active
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'AD_GC'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 0 for server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server ADSERVER.DOMAIN.ad: [170.0.0.2] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://ADSERVER.DOMAIN.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://ADSERVER.DOMAIN.ad:3268'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_ldap_connect_callback_add]
(0x1000): New LDAP connection to [ldap://ADSERVER.DOMAIN.ad:3268/??base] with fd [25].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
170.0.0.2:3268
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=)][].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: []
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedFeatures]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [lastUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 1
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e7a9a0], connected[1], ops[0x5622d7d32e90], ldap[0x5622d7d76f00]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [currentTime]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [subschemaSubentry]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dsServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [schemaNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [configurationNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [rootDomainNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPPolicies]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dnsHostName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ldapServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedCapabilities]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isSynchronized]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isGlobalCatalogReady]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [forestFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e7a9a0], connected[1], ops[0x5622d7d32e90], ldap[0x5622d7d76f00]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
1 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000): Got
rootdse
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000):
Skipping auto-detection of match rule
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_server_opts_from_rootdse]
(0x0100): Setting AD compatibility level to [6]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_send] (0x0400): Attempting
kinit (default, host/server.DOMAIN.ad, DOMAIN.AD, 86400)
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_next_kdc] (0x1000): Resolving
next KDC for service AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 0 for server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'ADSERVER.DOMAIN.ad' is 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server ADSERVER.DOMAIN.ad: [170.0.0.2] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://ADSERVER.DOMAIN.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://ADSERVER.DOMAIN.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [unique_filename_destructor] (0x2000):
Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_IYm1jO]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [unlink_dbg] (0x2000): File already
removed: [/var/lib/sss/pubconf/.krb5info_dummy_IYm1jO]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
resolved, attempting to get TGT...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [create_tgt_req_send_buffer] (0x0400):
buffer size: 55
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Setting
up signal handler up for pid [19454]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [19454]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_tgt_child_timeout] (0x0400): Setting
6 seconds timeout for tgt child
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e7a9a0], connected[1], ops[(nil)], ldap[0x5622d7d76f00]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [write_pipe_handler] (0x0400): All data
has been sent!
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x1000): Waiting for
child [19454].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x0100): child
[19454] finished successfully.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [read_pipe_handler] (0x0400): EOF
received, client finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_tgt_recv] (0x0400): Child
responded: 0 [FILE:/var/lib/sss/db/ccache_DOMAIN.AD], expired on [1517459477]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x1000): the
connection will expire at 1517424377
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: gssapi, user: host/server.DOMAIN.ad
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_connect_recv] (0x0400):
Connection established.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0100): Marking
port 0 of server 'ADSERVER.DOMAIN.ad' as 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'ADSERVER.DOMAIN.ad' as 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 0 of duplicate server 'ADSERVER.DOMAIN.ad' as 'working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_id_op_connect_done] (0x2000): Old
USN: 75028237, New USN: 75031469
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_next_base] (0x0400):
Searching for users with base [dc=prd,dc=ad]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
170.0.0.2:3268
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(|(sAMAccountName=user@DOMAIN.AD)(mail=user@DOMAIN.AD)(sAMAccountName=user\@DOMAIN.AD@DOMAIN.AD))(objectclass=user)(sAMAccountName=)(objectSID=))][dc=prd,dc=ad].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixUserPassword]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uidNumber]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gecos]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixHomeDirectory]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [loginShell]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [name]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectGUID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectSID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [primaryGroupID]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [whenChanged]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uSNChanged]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [accountExpires]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userAccountControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userCertificate;binary]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [mail]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shawUser-sshPublicKey]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 5
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 5
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e7a9a0], connected[1], ops[0x5622d7e96670], ldap[0x5622d7d76f00]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
5 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x0400):
Search for users, returned 0 results.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_search_user_process] (0x2000):
Retrieved total 0 users
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x0100): Hostname
resolution expired, resetting the server status of 'dc02.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc02.PRD.AD' as 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is expired
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [collapse_srv_lookup] (0x0100): Need to
refresh SRV lookup for domain AWS._sites.PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_srv_plugin_send] (0x0400): About to
find domain controllers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_get_dc_servers_send] (0x0400):
Looking up domain controllers in domain PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_discover_srv_next_domain]
(0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain
'PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_getsrv_send] (0x0100): Trying to
resolve SRV record of '_ldap._tcp.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7e7a9a0], connected[1], ops[(nil)], ldap[0x5622d7d76f00]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_getsrv_done] (0x1000): Using TTL
[600]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_srv_done] (0x0400): Got
answer. Processing...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_srv_done] (0x0400): Got 7
servers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_get_dc_servers_done] (0x0400): Found
7 domain controllers in domain PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_srv_plugin_dcs_done] (0x0400): About
to locate suitable site
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_connect_host_send] (0x0400):
Resolving host dc02.prd.ad
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'dc02.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'dc02.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_next] (0x0200): No
more address families to retry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'dc02.prd.ad' in DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_parse]
(0x1000): Parsing an A reply
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_connect_host_resolv_done] (0x0400):
Connecting to ldap://dc02.prd.ad:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_ldap_connect_callback_add]
(0x1000): New LDAP connection to [ldap://dc02.prd.ad:389/??base] with fd [27].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_connect_host_done] (0x0400):
Successful connection to ldap://dc02.prd.ad:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
10.0.0.2:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(&(DnsDomain=PRD.AD)(NtVer=\14\00\00\00))][].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [netlogon]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 1
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7ece270], ldap[0x5622d7cebd40]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [netlogon]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7ece270], ldap[0x5622d7cebd40]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
1 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_handle_release] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d7cebd40], destructor_lock[0],
release_memory[0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_get_client_site_done] (0x0400): Found
site: AWS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_get_client_site_done] (0x0400): Found
forest: PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_srv_plugin_site_done] (0x0400): About
to discover primary and backup servers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_servers_send] (0x0400):
Looking up primary servers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_discover_srv_next_domain]
(0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain
'AWS._sites.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_getsrv_send] (0x0100): Trying to
resolve SRV record of '_ldap._tcp.AWS._sites.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_getsrv_done] (0x1000): Using TTL
[600]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_srv_done] (0x0400): Got
answer. Processing...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_srv_done] (0x0400): Got 6
servers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_servers_primary_done]
(0x0400): Looking up backup servers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_discover_srv_next_domain]
(0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain
'PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_getsrv_send] (0x0100): Trying to
resolve SRV record of '_ldap._tcp.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_getsrv_done] (0x1000): Using TTL
[600]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_srv_done] (0x0400): Got
answer. Processing...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_discover_srv_done] (0x0400): Got 7
servers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_srv_plugin_servers_done] (0x0400):
Got 6 primary and 7 backup servers
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400):
Inserted primary server 'dc02.PRD.AD:389' to service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400):
Inserted primary server 'dc11.PRD.AD:389' to service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400):
Inserted primary server 'dc11.PRD.AD:389' to service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400):
Inserted primary server 'dc02.PRD.AD:389' to service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400):
Inserted primary server 'dc05.prd.ad:389' to service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400):
Inserted primary server 'dc06.prd.ad:389' to service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400): Server
'dc02.PRD.AD:389' for service 'sd_PRD.AD' is already present
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400): Server
'dc11.PRD.AD:389' for service 'sd_PRD.AD' is already present
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400): Server
'dc05.prd.ad:389' for service 'sd_PRD.AD' is already present
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400): Server
'dc11.PRD.AD:389' for service 'sd_PRD.AD' is already present
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400): Server
'dc02.PRD.AD:389' for service 'sd_PRD.AD' is already present
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400): Server
'dc06.prd.ad:389' for service 'sd_PRD.AD' is already present
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_add_server_to_list] (0x0400):
Inserted backup server 'dc07.prd.ad:389' to service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_srv_data_status] (0x0100): Marking
SRV lookup of service 'sd_PRD.AD' as 'resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'dc02.PRD.AD' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc02.PRD.AD' as 'resolving name'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'dc02.PRD.AD' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_next] (0x0200): No
more address families to retry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'dc02.PRD.AD' in DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_parse]
(0x1000): Parsing an A reply
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc02.PRD.AD' as 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc02.PRD.AD: [10.0.0.2] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://dc02.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://dc02.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_ldap_connect_callback_add]
(0x1000): New LDAP connection to [ldap://dc02.PRD.AD:389/??base] with fd [26].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
10.0.0.2:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=)][].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: []
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedFeatures]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [lastUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 1
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e8ae00], ldap[0x5622d7cebd40]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [currentTime]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [subschemaSubentry]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dsServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [schemaNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [configurationNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [rootDomainNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPPolicies]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dnsHostName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ldapServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedCapabilities]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isSynchronized]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isGlobalCatalogReady]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [forestFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e8ae00], ldap[0x5622d7cebd40]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
1 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000): Got
rootdse
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000):
Skipping auto-detection of match rule
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_server_opts_from_rootdse]
(0x0100): Setting AD compatibility level to [6]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_send] (0x0400): Attempting
kinit (default, server$, DOMAIN.AD, 86400)
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_next_kdc] (0x1000): Resolving
next KDC for service sd_PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc02.PRD.AD: [10.0.0.2] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
resolved, attempting to get TGT...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [create_tgt_req_send_buffer] (0x0400):
buffer size: 43
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Setting
up signal handler up for pid [19455]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [19455]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_tgt_child_timeout] (0x0400): Setting
6 seconds timeout for tgt child
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d7cebd40]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [write_pipe_handler] (0x0400): All data
has been sent!
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [read_pipe_handler] (0x0400): EOF
received, client finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_tgt_recv] (0x0400): Child
responded: 0 [FILE:/var/lib/sss/db/ccache_DOMAIN.AD], expired on [1517459477]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x1000): the
connection will expire at 1517424377
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: gssapi, user: server$
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_sasl_log] (0x0040): SASL: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information (Cannot find KDC
for realm "PRD.AD")
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0020): ldap_sasl_bind
failed (-2)[Local error]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0080): Extended
failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Cannot find KDC for realm "PRD.AD")]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x1000): Waiting for
child [19455].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x0100): child
[19455] finished successfully.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_connect_recv] (0x0040): Unable
to establish connection [1432158226]: Authentication Failed
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0100): Marking
port 389 of server 'dc02.PRD.AD' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'dc02.PRD.AD' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'dc02.PRD.AD' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_handle_release] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d7cebd40], destructor_lock[0],
release_memory[0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x0100): Hostname
resolution expired, resetting the server status of 'dc11.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc11.PRD.AD' as 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc11.PRD.AD' is 'neutral'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'dc11.PRD.AD' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc11.PRD.AD' as 'resolving name'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'dc11.PRD.AD' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_next] (0x0200): No
more address families to retry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'dc11.PRD.AD' in DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_parse]
(0x1000): Parsing an A reply
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc11.PRD.AD' as 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc11.PRD.AD: [10.0.0.3] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://dc11.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://dc11.PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_ldap_connect_callback_add]
(0x1000): New LDAP connection to [ldap://dc11.PRD.AD:389/??base] with fd [26].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
10.0.0.3:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=)][].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: []
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedFeatures]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [lastUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 1
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e96670], ldap[0x5622d7e7b5c0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [currentTime]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [subschemaSubentry]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dsServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [schemaNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [configurationNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [rootDomainNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPPolicies]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dnsHostName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ldapServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedCapabilities]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isSynchronized]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isGlobalCatalogReady]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [forestFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e96670], ldap[0x5622d7e7b5c0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
1 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000): Got
rootdse
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000):
Skipping auto-detection of match rule
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_server_opts_from_rootdse]
(0x0100): Setting AD compatibility level to [7]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_send] (0x0400): Attempting
kinit (default, server$, DOMAIN.AD, 86400)
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_next_kdc] (0x1000): Resolving
next KDC for service sd_PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc11.PRD.AD: [10.0.0.3] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
resolved, attempting to get TGT...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [create_tgt_req_send_buffer] (0x0400):
buffer size: 43
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Setting
up signal handler up for pid [19456]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [19456]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_tgt_child_timeout] (0x0400): Setting
6 seconds timeout for tgt child
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d7e7b5c0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [write_pipe_handler] (0x0400): All data
has been sent!
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [read_pipe_handler] (0x0400): EOF
received, client finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_tgt_recv] (0x0400): Child
responded: 0 [FILE:/var/lib/sss/db/ccache_DOMAIN.AD], expired on [1517459477]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x1000): the
connection will expire at 1517424377
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: gssapi, user: server$
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_sasl_log] (0x0040): SASL: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information (Cannot find KDC
for realm "PRD.AD")
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0020): ldap_sasl_bind
failed (-2)[Local error]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0080): Extended
failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Cannot find KDC for realm "PRD.AD")]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x1000): Waiting for
child [19456].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x0100): child
[19456] finished successfully.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_connect_recv] (0x0040): Unable
to establish connection [1432158226]: Authentication Failed
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0100): Marking
port 389 of server 'dc11.PRD.AD' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'dc11.PRD.AD' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'dc11.PRD.AD' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_handle_release] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d7e7b5c0], destructor_lock[0],
release_memory[0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc11.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc02.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc05.prd.ad' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc05.prd.ad' is 'neutral'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc05.prd.ad' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'dc05.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc05.prd.ad' as 'resolving name'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'dc05.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_next] (0x0200): No
more address families to retry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'dc05.prd.ad' in DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_parse]
(0x1000): Parsing an A reply
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc05.prd.ad' as 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc05.prd.ad: [10.0.0.1] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://dc05.prd.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://dc05.prd.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_ldap_connect_callback_add]
(0x1000): New LDAP connection to [ldap://dc05.prd.ad:389/??base] with fd [26].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
10.0.0.1:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=)][].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: []
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedFeatures]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [lastUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 1
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e96670], ldap[0x5622d8cb2600]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e96670], ldap[0x5622d8cb2600]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [currentTime]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [subschemaSubentry]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dsServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [schemaNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [configurationNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [rootDomainNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPPolicies]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dnsHostName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ldapServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedCapabilities]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isSynchronized]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isGlobalCatalogReady]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [forestFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e96670], ldap[0x5622d8cb2600]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
1 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000): Got
rootdse
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000):
Skipping auto-detection of match rule
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_server_opts_from_rootdse]
(0x0100): Setting AD compatibility level to [6]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_send] (0x0400): Attempting
kinit (default, server$, DOMAIN.AD, 86400)
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_next_kdc] (0x1000): Resolving
next KDC for service sd_PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc05.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc05.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc05.prd.ad: [10.0.0.1] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
resolved, attempting to get TGT...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [create_tgt_req_send_buffer] (0x0400):
buffer size: 43
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Setting
up signal handler up for pid [19457]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [19457]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_tgt_child_timeout] (0x0400): Setting
6 seconds timeout for tgt child
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d8cb2600]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [write_pipe_handler] (0x0400): All data
has been sent!
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [read_pipe_handler] (0x0400): EOF
received, client finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_tgt_recv] (0x0400): Child
responded: 0 [FILE:/var/lib/sss/db/ccache_DOMAIN.AD], expired on [1517459477]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x1000): the
connection will expire at 1517424377
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: gssapi, user: server$
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_sasl_log] (0x0040): SASL: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information (Cannot find KDC
for realm "PRD.AD")
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0020): ldap_sasl_bind
failed (-2)[Local error]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0080): Extended
failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Cannot find KDC for realm "PRD.AD")]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x1000): Waiting for
child [19457].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x0100): child
[19457] finished successfully.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_connect_recv] (0x0040): Unable
to establish connection [1432158226]: Authentication Failed
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0100): Marking
port 389 of server 'dc05.prd.ad' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'dc05.prd.ad' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_handle_release] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d8cb2600], destructor_lock[0],
release_memory[0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc06.prd.ad' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc06.prd.ad' is 'neutral'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc06.prd.ad' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'dc06.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc06.prd.ad' as 'resolving name'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'dc06.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_next] (0x0200): No
more address families to retry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'dc06.prd.ad' in DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_parse]
(0x1000): Parsing an A reply
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc06.prd.ad' as 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc06.prd.ad: [10.0.0.4] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://dc06.prd.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://dc06.prd.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_ldap_connect_callback_add]
(0x1000): New LDAP connection to [ldap://dc06.prd.ad:389/??base] with fd [26].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_print_server] (0x2000): Searching
10.0.0.4:389
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=)][].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: []
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedFeatures]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [lastUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 1
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_add] (0x2000): New operation 1
timeout 6
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e96670], ldap[0x5622d8cc07b0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [currentTime]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [subschemaSubentry]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dsServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [defaultNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [schemaNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [configurationNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [rootDomainNamingContext]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedControl]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPVersion]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedLDAPPolicies]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [highestCommittedUSN]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedSASLMechanisms]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [dnsHostName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ldapServiceName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverName]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedCapabilities]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isSynchronized]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [isGlobalCatalogReady]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [forestFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_parse_range] (0x2000): No
sub-attributes for [domainControllerFunctionality]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[0x5622d7e96670], ldap[0x5622d8cc07b0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_op_destructor] (0x2000): Operation
1 finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000): Got
rootdse
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_rootdse_done] (0x2000):
Skipping auto-detection of match rule
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_server_opts_from_rootdse]
(0x0100): Setting AD compatibility level to [6]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_send] (0x0400): Attempting
kinit (default, server$, DOMAIN.AD, 86400)
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_next_kdc] (0x1000): Resolving
next KDC for service sd_PRD.AD
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc06.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc06.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc06.prd.ad: [10.0.0.4] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
resolved, attempting to get TGT...
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [create_tgt_req_send_buffer] (0x0400):
buffer size: 43
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Setting
up signal handler up for pid [19458]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [19458]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_tgt_child_timeout] (0x0400): Setting
6 seconds timeout for tgt child
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d8cc07b0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_process_result] (0x2000): Trace:
end of ldap_result list
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [write_pipe_handler] (0x0400): All data
has been sent!
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [read_pipe_handler] (0x0400): EOF
received, client finished
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_get_tgt_recv] (0x0400): Child
responded: 0 [FILE:/var/lib/sss/db/ccache_DOMAIN.AD], expired on [1517459477]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_auth_step] (0x1000): the
connection will expire at 1517424377
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0100): Executing sasl
bind mech: gssapi, user: server$
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_sasl_log] (0x0040): SASL: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information (Cannot find KDC
for realm "PRD.AD")
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0020): ldap_sasl_bind
failed (-2)[Local error]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sasl_bind_send] (0x0080): Extended
failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Cannot find KDC for realm "PRD.AD")]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x1000): Waiting for
child [19458].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [child_sig_handler] (0x0100): child
[19458] finished successfully.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_cli_connect_recv] (0x0040): Unable
to establish connection [1432158226]: Authentication Failed
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0100): Marking
port 389 of server 'dc06.prd.ad' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'dc06.prd.ad' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_handle_release] (0x2000): Trace:
sh[0x5622d7edd820], connected[1], ops[(nil)], ldap[0x5622d8cc07b0], destructor_lock[0],
release_memory[0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc02.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc11.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc11.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc02.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc05.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc05.prd.ad' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc06.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc06.prd.ad' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc07.prd.ad' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc07.prd.ad' is 'neutral'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is resolved
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc07.prd.ad' is 'name not resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'dc07.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc07.prd.ad' as 'resolving name'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'dc07.prd.ad' in files
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_next] (0x0200): No
more address families to retry
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'dc07.prd.ad' in DNS
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [resolv_gethostbyname_dns_parse]
(0x1000): Parsing an A reply
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [set_server_common_status] (0x0100):
Marking server 'dc07.prd.ad' as 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_process] (0x0200):
Found address for server dc07.prd.ad: [10.200.80.12] TTL 3600
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed uri 'ldap://dc07.prd.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [ad_resolve_callback] (0x0100):
Constructed GC uri 'ldap://dc07.prd.ad'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_primary_server_timeout_activate]
(0x2000): Primary server reactivation timeout set to 31 seconds
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_connect_done] (0x0020):
connect failed [113][No route to host].
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_init_done] (0x0020):
sdap_async_sys_connect request failed: [113]: No route to host.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sssd_async_socket_state_destructor]
(0x0400): closing socket [26]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sss_ldap_init_sys_connect_done]
(0x0020): sssd_async_socket_init request failed: [113]: No route to host.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_sys_connect_done] (0x0020):
sdap_async_connect_call request failed: [113]: No route to host.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_handle_release] (0x2000): Trace:
sh[0x5622d7edd820], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0],
release_memory[0]
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0100): Marking
port 389 of server 'dc07.prd.ad' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'dc07.prd.ad' as 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc02.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc11.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc11.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc11.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc02.PRD.AD' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc02.PRD.AD' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc05.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc05.prd.ad' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc06.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc06.prd.ad' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_server_status] (0x1000): Status of
server 'dc07.prd.ad' is 'name resolved'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x1000): Port status
of port 389 for server 'dc07.prd.ad' is 'not working'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [fo_resolve_service_send] (0x0020): No
available servers for service 'sd_PRD.AD'
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [be_resolve_server_done] (0x1000): Server
resolution failed: [5]: Input/output error
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [sdap_id_op_connect_done] (0x0400):
Failed to connect to server, but ignore mark offline is enabled.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_done] (0x0400): DP Request
[Account #1411]: Request handler finished [0]: Success
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [_dp_req_recv] (0x0400): DP Request
[Account #1411]: Receiving request data.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_list_success] (0x0400): DP
Request [Account #1411]: Finished. Success.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_reply_std] (0x1000): DP Request
[Account #1411]: Returning [Internal Error]: 3,1432158272,User lookup failed
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_table_value_destructor] (0x0400):
Removing [0:1:0x0001:1:U:PRD.AD:name=user@DOMAIN.AD] from reply table
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): DP Request
[Account #1411]: Request removed.
(Wed Jan 31 18:31:17 2018) [sssd[be[DOMAIN.AD]]] [dp_req_destructor] (0x0400): Number of
active DP request: 0

Comments

Comment from jhrozek at 2018-02-14 22:47:47

Sumit agreed on our Feb-8 meeting he'd take a look.

Comment from jhrozek at 2018-02-14 22:47:48

Metadata Update from @jhrozek:

  • Issue assigned to sbose

Comment from sbose at 2018-02-15 13:24:14

Can you try if the results are more reliable if you remove 'ldap_user_extra_attrs = User-sshPublicKey:User-sshPublicKey' from sssd.conf?

If this does not help please attach a new domain log file and the sssd_ssh.log as files.

Comment from sengelbert at 2018-02-20 21:23:22

Removing that line did not change the results or logs

Comment from sengelbert at 2018-02-21 22:46:40

Fixed this on our end by adding...

~~~~
[sssd]
#Added this so that sshd doesn't get confused by @SJRB.AD returned
#by sssd versions >= 1.14
full_name_format = %1$s
[domain/SJRB.AD]
#Added this to allow /usr/bin/sss_ssh_authorizedkeys to get public keys
#from AD in sssd versions >= 1.14
ldap_use_tokengroups = True
#Added this so that sssd does cache lookups properly.
#SSSD is connecting to the Global Catalog for some lookups
#but not others, which yields the POSIX attributes as 'removed' when SSSD
#looks up the info in GC and effectivelly removes them from the cache.
#This is again for sssd versions >= 1.14
ad_enable_gc = False
~~~~

Comment from jhrozek at 2018-03-15 11:27:51

The global catalog issue is a known one and planned for future versions with issue #3538. The full name format can be also adjusted by disabling the use_fully_qualified_names option instead of changing the full_name_format option, I think that's even a cleaner approach.

With all this in mind, I would prefer to close this ticket as a duplicate of #3538. Please let me know if you disagree.

Comment from jhrozek at 2018-03-22 10:43:36

Looks like nobody disagrees, therefore I consider this ticket a duplicate of #3538.

Comment from jhrozek at 2018-03-22 10:44:07

Metadata Update from @jhrozek:

  • Issue close_status updated to: duplicate
  • Issue status updated to: Closed (was: Open)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sumit-bose sumit-bose

Labels
Closed: Duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sumit-bose @sssd-bot