<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<blockquote>
<div><i>Diky Jakube,</i><i><br>
</i></div>
<i>in domain log below I can see that rules were found properly:</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_service_attrs_to_rule] (0x1000): Processing PAM services
for rule [Unixari na test servery]</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [login] to
rule [Unixari na test servery]</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sshd] to
rule [Unixari na test servery]</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo] to
rule [Unixari na test servery]</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo-i] to
rule [Unixari na test servery]</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su] to
rule [Unixari na test servery]</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su-l] to
rule [Unixari na test servery]</i><i><br>
</i><i>(Wed Jul 13 12:05:21 2016) [sssd[be[</i><i><a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a></i><i>]]]
[hbac_thost_attrs_to_rule] (0x1000): Processing target hosts for
rule [Unixari na test servery]</i><i><br>
</i>
<div class="moz-cite-prefix"><i>On 07/13/2016 06:44 AM, Tomas
Simecek wrote:<br>
<br>
</i></div>
</blockquote>
These logs are related to HBAC rules, not sudo rule retrieval from
IPA. In the domain log you want to look for log messages similar to:<br>
<br>
<pre class="wiki">[sdap_sudo_refresh_load_done] (0x0400): Received $num-rules rules
</pre>
<pre class="wiki">[sssd[be[LDAP.PB]]] [sysdb_save_sudorule] (0x0400): Adding sudo rule $rule-name<strong></strong>
</pre>
<pre class="wiki">[sdap_sudo_refresh_load_done] (0x0400): Sudoers is successfuly stored in cache
</pre>
<br>
You can check if the expected sudo rule is stored in the sssd cache
file with the following command:<br>
<br>
# ldbsearch -H /var/lib/sss/db/cache_<domain>.ldb
objectclass=sudorule<br>
<br>
If it is not there, then likely the problem is in the domain log
because sssd is not retrieving the sudo rule from the IPA server
correctly<br>
<br>
Kind regards,<br>
Justin Stephenson<br>
<div class="moz-cite-prefix"><br>
</div>
<blockquote
cite="mid:CAHnWimLKJTBWx=HReiC+nQNhwkzvj-ndf5jiXYaBf=UQE6QTfQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Diky Jakube,<br>
</div>
in domain log below I can see that rules were found properly:<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x1000): Processing PAM services
for rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [login]
to rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sshd] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo-i]
to rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su-l] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_thost_attrs_to_rule] (0x1000): Processing target hosts
for rule [Unixari na test servery]<br>
<br>
</div>
It also matches the rule and says "Access granted":<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_host_attrs_to_rule] (0x1000): [fqdn=<a
moz-do-not-send="true"
href="http://spcss-2t-www.linuxdomain.cz">spcss-2t-www.linuxdomain.cz</a>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
does not map to either a host or hostgroup. Skipping<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_host_attrs_to_rule] (0x2000): Added host [<a
moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz">zp-cml-test.linuxdomain.cz</a>]
to rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled,
setting ALL<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_eval_user_element] (0x1000): [1] groups for [<a
moz-do-not-send="true" href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_eval_user_element] (0x1000): Added group [grpunixadmins]
for user [<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule
[Unixari na test servery]<br>
<div><br>
</div>
<div>It also mentiones SELinux, but I know it is disabled.<br>
<br>
</div>
<div>Any idea what to check next please? <br>
</div>
<div>Full part of the log follows:<br>
<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_get_account_info] (0x0100): Got request for
[3][1][name=simecek.tomas]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_req_set_domain] (0x0400): Changing request domain from [<a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a>]
to [<a moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_get_subdom_acct_send] (0x0400): Initgroups requests are
not handled by the IPA provider but are resolved by the
responder directly from the cache.<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[acctinfo_callback] (0x0100): Request processed. Returned
3,95,Account info lookup failed<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_req_set_domain] (0x0400): Changing request domain from [<a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a>]
to [<a moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler] (0x0100): Got request with the following data<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): command: PAM_AUTHENTICATE<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): domain: <a moz-do-not-send="true"
href="http://sd-stc.cz">sd-stc.cz</a><br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): user: <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a><br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): service: sudo<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): tty: /dev/pts/0<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): ruser: <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a><br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): rhost: <br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): authtok type: 1<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): newauthtok type: 0<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): priv: 0<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): cli_pid: 27305<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[switch_creds] (0x0200): Switch user to
[988604700][988604700].<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or
expired.<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[switch_creds] (0x0200): Switch user to [0][0].<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service
'IPA'<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[get_server_status] (0x1000): Status of server '<a
moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>'
is 'working'<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[get_port_status] (0x1000): Port status of port 0 for server '<a
moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>'
is 'working'<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve
timeout set to 6 seconds<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[get_server_status] (0x1000): Status of server '<a
moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>'
is 'working'<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_resolve_server_process] (0x1000): Saving the first
resolved server<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_resolve_server_process] (0x0200): Found address for server
<a moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>:
[10.1.123.103] TTL 601<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_resolve_callback] (0x0400): Constructed uri '<a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a
moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>'<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[child_handler_setup] (0x2000): Setting up signal handler up
for pid [27310]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[child_handler_setup] (0x2000): Signal handler set up for pid
[27310]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[write_pipe_handler] (0x0400): All data has been sent!<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_get_subdomains] (0x0400): Got get subdomains
[forced][SD-STC]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[objectclass=ipaIDRange][cn=ranges,cn=etc,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[objectClass]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaBaseID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaBaseRID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSecondaryBaseRID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaIDRangeSize]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTTrustedDomainSID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaRangeType]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 21<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f1f060], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectClass]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaBaseRID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaSecondaryBaseRID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaIDRangeSize]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaRangeType]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f1f060], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectClass]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaBaseRID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaIDRangeSize]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaNTTrustedDomainSID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaRangeType]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f1f060], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[objectclass=ipaNTTrustedDomain][cn=trusts,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTFlatName]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTTrustedDomainSID]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 22<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f123f0], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:20 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f123f0], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaNTFlatName]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaNTTrustedDomainSID]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f123f0], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_subdom_get_forest] (0x0400): 4th component is not
'trust', nothing to do.<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTFlatName]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTSecurityIdentifier]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 23<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f60480], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f60480], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaNTFlatName]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaNTSecurityIdentifier]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f60480], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[get_subdomains_callback] (0x0400): Backend returned: (0, 0,
<NULL>) [Success]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[(nil)], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[child_sig_handler] (0x1000): Waiting for child [27310].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[child_sig_handler] (0x0100): child [27310] finished
successfully.<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[read_pipe_handler] (0x0400): EOF received, client finished<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[parse_krb5_child_response] (0x1000): child response
[0][3][45].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[parse_krb5_child_response] (0x1000): child response
[0][-1073741822][24].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[parse_krb5_child_response] (0x1000): child response
[0][-1073741823][32].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[parse_krb5_child_response] (0x1000): TGT times are
[1468404320][1468404320][1468440320][1468490720].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[parse_krb5_child_response] (0x1000): child response
[0][6][8].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[fo_set_port_status] (0x0100): Marking port 0 of server '<a
moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>'
as 'working'<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[set_server_common_status] (0x0100): Marking server '<a
moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>'
as 'working'<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[fo_set_port_status] (0x0400): Marking port 0 of duplicate
server '<a moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz">svlxxipap.linuxdomain.cz</a>'
as 'working'<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[switch_creds] (0x0200): Switch user to
[988604700][988604700].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sss_krb5_check_ccache_princ] (0x2000): Searching for [<a
moz-do-not-send="true" href="mailto:simecek.tomas@SD-STC.CZ"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@SD-STC.CZ">simecek.tomas@SD-STC.CZ</a></a>]
in cache of type [FILE]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[switch_creds] (0x0200): Switch user to [0][0].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[safe_remove_old_ccache_file] (0x0400): New and old ccache
file are the same, none will be deleted.<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
<NULL>) [Success]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler_callback] (0x0100): Sending result [0][<a
moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler_callback] (0x0100): Sent result [0][<a
moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_get_account_info] (0x0100): Got request for
[3][1][name=simecek.tomas]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_req_set_domain] (0x0400): Changing request domain from [<a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a>]
to [<a moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_get_subdom_acct_send] (0x0400): Initgroups requests are
not handled by the IPA provider but are resolved by the
responder directly from the cache.<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[acctinfo_callback] (0x0100): Request processed. Returned
3,95,Account info lookup failed<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_req_set_domain] (0x0400): Changing request domain from [<a
moz-do-not-send="true" href="http://linuxdomain.cz">linuxdomain.cz</a>]
to [<a moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler] (0x0100): Got request with the following data<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): command: PAM_ACCT_MGMT<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): domain: <a moz-do-not-send="true"
href="http://sd-stc.cz">sd-stc.cz</a><br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): user: <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a><br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): service: sudo<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): tty: /dev/pts/0<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): ruser: <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a><br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): rhost: <br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): authtok type: 0<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): newauthtok type: 0<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): priv: 0<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[pam_print_data] (0x0100): cli_pid: 27305<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_access_send] (0x0400): Performing access check for user
[<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_account_expired_rhds] (0x0400): Performing RHDS access
check for user [<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with [(&(objectClass=ipaHost)(fqdn=<a
moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz">zp-cml-test.linuxdomain.cz</a>))][cn=accounts,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[objectClass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [fqdn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[serverHostname]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSshPubKey]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaUniqueID]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 24<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f39290], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectClass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[serverHostname]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaSshPubKey]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaUniqueID]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f39290], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x2000): Total count [0]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_has_deref_support] (0x0400): The server supports deref
method OpenLDAP<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_deref_search_send] (0x2000): Server supports OpenLDAP
deref<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_x_deref_search_send] (0x0400): Dereferencing entry
[fqdn=<a moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz">zp-cml-test.linuxdomain.cz</a>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
using OpenLDAP deref<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with [no filter][fqdn=<a moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz">zp-cml-test.linuxdomain.cz</a>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[objectClass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaUniqueID]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 25<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f39290], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f39290], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_x_deref_parse_entry] (0x0400): Got deref control<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_x_deref_parse_entry] (0x0400): All deref results from a
single control parsed<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f39290], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x2000): Total count [0]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_hostgroup_info_done] (0x0200): No host groups were
dereferenced<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_hbac_service_info_next] (0x0400): Sending request for
next search base:
[cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACService)]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[(objectClass=ipaHBACService)][cn=hbac,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[member]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 26<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x2000): Total count [0]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_hbac_servicegroup_info_next] (0x0400): Sending request
for next search base:
[cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACServiceGroup)]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[member]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberOf]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 27<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f1fc00], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f1fc00], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [member]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f1fc00], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [member]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f1fc00], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x2000): Total count [0]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_hbac_rule_info_next] (0x0400): Sending request for next
search base:
[cn=hbac,dc=linuxdomain,dc=cz][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=<a
moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz">zp-cml-test.linuxdomain.cz</a>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=<a
moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz">zp-cml-test.linuxdomain.cz</a>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))][cn=hbac,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaenabledflag]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[accessRuleType]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberUser]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userCategory]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberService]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[serviceCategory]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[sourceHost]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[sourceHostCategory]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[externalHost]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberHost]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[hostCategory]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 28<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[objectclass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipauniqueid]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaenabledflag]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[accessRuleType]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[memberUser]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[memberService]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[memberHost]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x2000): Total count [0]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_attrs_to_rule] (0x1000): Processing rule [Unixari na
test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_user_attrs_to_rule] (0x1000): Processing users for rule
[Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sysdb_search_users] (0x2000): Search users with filter:
(&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sysdb_search_users] (0x2000): No such entry<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_user_attrs_to_rule] (0x2000): Added POSIX group
[grpunixadmins] to rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x1000): Processing PAM services
for rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [login]
to rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sshd] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo-i]
to rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su-l] to
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_thost_attrs_to_rule] (0x1000): Processing target hosts
for rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_host_attrs_to_rule] (0x1000): [fqdn=<a
moz-do-not-send="true"
href="http://spcss-2t-www.linuxdomain.cz">spcss-2t-www.linuxdomain.cz</a>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
does not map to either a host or hostgroup. Skipping<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_host_attrs_to_rule] (0x2000): Added host [<a
moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz">zp-cml-test.linuxdomain.cz</a>]
to rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_shost_attrs_to_rule] (0x0400): Processing source hosts
for rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled,
setting ALL<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_eval_user_element] (0x1000): [1] groups for [<a
moz-do-not-send="true" href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[hbac_eval_user_element] (0x1000): Added group [grpunixadmins]
for user [<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC
rule [Unixari na test servery]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
<NULL>) [Success]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[(nil)], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_get_selinux_send] (0x0400): Retrieving SELinux user
mapping<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_get_selinux_send] (0x2000): Connection status is
[online].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaMigrationEnabled]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSELinuxUserMapDefault]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSELinuxUserMapOrder]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 29<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaMigrationEnabled]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaSELinuxUserMapDefault]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaSELinuxUserMapOrder]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1ee6830], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_selinux_get_maps_next] (0x0400): Trying to fetch SELinux
maps with following parameters:
[2][(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=linuxdomain,dc=cz]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext
with
[(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=linuxdomain,dc=cz].<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[objectClass]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberUser]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[memberHost]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[seeAlso]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSELinuxUser]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaEnabledFlag]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userCategory]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[hostCategory]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaUniqueID]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called,
msgid = 30<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f0d0b0], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[0x1f0d0b0], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x0400): Search result:
Success(0), no errmsg set<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_get_generic_ext_done] (0x2000): Total count [0]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[ipa_selinux_get_maps_done] (0x0400): No SELinux user maps
found!<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
Success) [Success]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler_callback] (0x0100): Sending result [0][<a
moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[be_pam_handler_callback] (0x0100): Sent result [0][<a
moz-do-not-send="true" href="http://sd-stc.cz">sd-stc.cz</a>]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1f0e150],
connected[1], ops[(nil)], ldap[0x1f03170]<br>
(Wed Jul 13 12:05:21 2016) [sssd[be[<a moz-do-not-send="true"
href="http://linuxdomain.cz">linuxdomain.cz</a>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found
nothing!<br>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Tomas Simecek<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-07-13 11:50 GMT+02:00 Jakub
Hrozek <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jhrozek@redhat.com" target="_blank">jhrozek@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div class="">
<div class="h5">On Wed, Jul 13, 2016 at 11:18:21AM
+0200, Tomas Simecek wrote:<br>
> Dear freeIPA gurus,<br>
> in previous thread (<br>
> <a moz-do-not-send="true"
href="https://www.redhat.com/archives/freeipa-users/2016-July/msg00046.html"
rel="noreferrer" target="_blank">https://www.redhat.com/archives/freeipa-users/2016-July/msg00046.html</a>)
you<br>
> helped me make sudo working for AD users on
Centos 7.0 (<br>
> <a moz-do-not-send="true"
href="http://spcss-2t-www.linuxdomain.cz"
rel="noreferrer" target="_blank">spcss-2t-www.linuxdomain.cz</a>).<br>
> It was caused by not knowing sudo needs to be
enabled in HBAC rules.<br>
> Now it works properly on Centos 7.0 client.<br>
> But it does not work on Centos 6.5 (<a
moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz"
rel="noreferrer" target="_blank">zp-cml-test.linuxdomain.cz</a>)
with the<br>
> same sssd.conf setup.<br>
> Error message is always:<br>
><br>
> [<a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz@zp-cml-test">simecek.tomas@sd-stc.cz@zp-cml-test</a> ~]$ sudo
cat /etc/nsswitch.conf<br>
> [sudo] password for <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>:<br>
> <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>
is not allowed to run sudo on zp-cml-test. This<br>
> incident will be reported.<br>
><br>
> Here are my HBAC rules, the second one should
apply. It definitely applies<br>
> for Centos 7.0 server:<br>
> [root@svlxxipap ~]# ipa hbacrule-find<br>
> --------------------<br>
> 2 HBAC rules matched<br>
> --------------------<br>
> Rule name: allow_all<br>
> User category: all<br>
> Host category: all<br>
> Service category: all<br>
> Description: Allow all users to access any
host from any host<br>
> Enabled: FALSE<br>
><br>
> Rule name: Unixari na test servery<br>
> Enabled: TRUE<br>
> User Groups: grpunixadmins<br>
> Hosts: <a moz-do-not-send="true"
href="http://spcss-2t-www.linuxdomain.cz"
rel="noreferrer" target="_blank">spcss-2t-www.linuxdomain.cz</a>,
<a moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz"
rel="noreferrer" target="_blank">zp-cml-test.linuxdomain.cz</a><br>
> Services: login, sshd, sudo, sudo-i, su, su-l<br>
> ----------------------------<br>
> Number of entries returned 2<br>
> ----------------------------<br>
><br>
> This is my /etc/sssd/sssd.conf. It the same
like on Centos 7.0 server, just<br>
> with proper server name of course:<br>
><br>
> [root@zp-cml-test sssd]# cat
/etc/sssd/sssd.conf<br>
> [domain/<a moz-do-not-send="true"
href="http://linuxdomain.cz" rel="noreferrer"
target="_blank">linuxdomain.cz</a>]<br>
> cache_credentials = True<br>
> krb5_store_password_if_offline = True<br>
> ipa_domain = <a moz-do-not-send="true"
href="http://linuxdomain.cz" rel="noreferrer"
target="_blank">linuxdomain.cz</a><br>
> id_provider = ipa<br>
> krb5_realm = <a moz-do-not-send="true"
href="http://LINUXDOMAIN.CZ" rel="noreferrer"
target="_blank">LINUXDOMAIN.CZ</a><br>
> auth_provider = ipa<br>
> access_provider = ipa<br>
> ipa_hostname = <a moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz"
rel="noreferrer" target="_blank">zp-cml-test.linuxdomain.cz</a><br>
> chpass_provider = ipa<br>
> ipa_server = <a moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz"
rel="noreferrer" target="_blank">svlxxipap.linuxdomain.cz</a><br>
> ldap_tls_cacert = /etc/ipa/ca.crt<br>
> override_shell = /bin/bash<br>
> sudo_provider = ldap<br>
> ldap_uri = <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><a moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz"
rel="noreferrer" target="_blank">svlxxipap.linuxdomain.cz</a><br>
> ldap_sudo_search_base =
ou=sudoers,dc=linuxdomain,dc=cz<br>
> ldap_sasl_mech = GSSAPI<br>
> #ldap_sasl_authid = host/<a
moz-do-not-send="true"
href="mailto:zp-cml-test.linuxdomain.cz@LINUXDOMAIN.CZ"><a class="moz-txt-link-abbreviated" href="mailto:zp-cml-test.linuxdomain.cz@LINUXDOMAIN.CZ">zp-cml-test.linuxdomain.cz@LINUXDOMAIN.CZ</a></a><br>
> ldap_sasl_authid = host/<a
moz-do-not-send="true"
href="http://zp-cml-test.linuxdomain.cz"
rel="noreferrer" target="_blank">zp-cml-test.linuxdomain.cz</a><br>
> ldap_sasl_realm = <a moz-do-not-send="true"
href="http://LINUXDOMAIN.CZ" rel="noreferrer"
target="_blank">LINUXDOMAIN.CZ</a><br>
> krb5_server = <a moz-do-not-send="true"
href="http://svlxxipap.linuxdomain.cz"
rel="noreferrer" target="_blank">svlxxipap.linuxdomain.cz</a><br>
><br>
> [sssd]<br>
> services = nss, sudo, pam, ssh<br>
> config_file_version = 2<br>
> debug_level = 0x3ff0<br>
> domains = <a moz-do-not-send="true"
href="http://linuxdomain.cz" rel="noreferrer"
target="_blank">linuxdomain.cz</a><br>
> [nss]<br>
> homedir_substring = /home<br>
><br>
> [pam]<br>
> [sudo]<br>
> debug_level = 0x3ff0<br>
> [autofs]<br>
> [ssh]<br>
> [pac]<br>
> [ifp]<br>
><br>
> This is output from sssd_sudo.log:<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[accept_fd_handler] (0x0400):<br>
> Client connected!<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sss_cmd_get_version] (0x0200):<br>
> Received client version [1].<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sss_cmd_get_version] (0x0200):<br>
> Offered version [1].<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_cmd] (0x2000): Using<br>
> protocol version [1]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sss_parse_name_for_domains]<br>
> (0x0200): name '<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>'
matched expression for domain '<br>
> <a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>', user is
simecek.tomas<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sss_parse_name_for_domains]<br>
> (0x0200): name '<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>'
matched expression for domain '<br>
> <a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>', user is
simecek.tomas<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_cmd_parse_query_done]<br>
> (0x0200): Requesting default options for
[simecek.tomas] from [<a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_user] (0x0200):<br>
> Requesting info about [<a
moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_user] (0x0400):<br>
> Returning info for user [<a
moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_rules] (0x0400):<br>
> Retrieving default options for [<a
moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]
from [<a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sysdb_search_group_by_gid]<br>
> (0x0400): No such entry<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache]<br>
> (0x0200): Searching sysdb with<br>
>
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<br>
> <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>)(sudoUser=#988604700)(sudoUser=%domain<br>
> <a moz-do-not-send="true"
href="mailto:users@sd-stc.cz">users@sd-stc.cz</a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:unixadmins@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:unixadmins@sd-stc.cz">unixadmins@sd-stc.cz</a></a>)(sudoUser=%<br>
> <a moz-do-not-send="true"
href="mailto:mfcr_mfg@sd-stc.cz">mfcr_mfg@sd-stc.cz</a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:account@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:account@sd-stc.cz">account@sd-stc.cz</a></a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:wifi@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:wifi@sd-stc.cz">wifi@sd-stc.cz</a></a><br>
>
)(sudoUser=%grpunixadmins)(sudoUser=+*))(&(dataExpireTimestamp<=1468393118)))]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_rules] (0x2000): About<br>
> to get sudo rules from cache<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache]<br>
> (0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(name=defaults)))]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_sudorules_from_cache]<br>
> (0x0400): Returning 0 rules for [<default
options>@<a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_cmd] (0x2000): Using<br>
> protocol version [1]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sss_parse_name_for_domains]<br>
> (0x0200): name '<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>'
matched expression for domain '<br>
> <a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>', user is
simecek.tomas<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sss_parse_name_for_domains]<br>
> (0x0200): name '<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>'
matched expression for domain '<br>
> <a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>', user is
simecek.tomas<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_cmd_parse_query_done]<br>
> (0x0200): Requesting rules for [simecek.tomas]
from [<a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_user] (0x0200):<br>
> Requesting info about [<a
moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_user] (0x0400):<br>
> Returning info for user [<a
moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_rules] (0x0400):<br>
> Retrieving rules for [<a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>]
from [<a moz-do-not-send="true"
href="http://sd-stc.cz" rel="noreferrer"
target="_blank">sd-stc.cz</a>]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sysdb_search_group_by_gid]<br>
> (0x0400): No such entry<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache]<br>
> (0x0200): Searching sysdb with<br>
>
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<br>
> <a moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a>)(sudoUser=#988604700)(sudoUser=%domain<br>
> <a moz-do-not-send="true"
href="mailto:users@sd-stc.cz">users@sd-stc.cz</a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:unixadmins@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:unixadmins@sd-stc.cz">unixadmins@sd-stc.cz</a></a>)(sudoUser=%<br>
> <a moz-do-not-send="true"
href="mailto:mfcr_mfg@sd-stc.cz">mfcr_mfg@sd-stc.cz</a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:account@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:account@sd-stc.cz">account@sd-stc.cz</a></a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:wifi@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:wifi@sd-stc.cz">wifi@sd-stc.cz</a></a><br>
>
)(sudoUser=%grpunixadmins)(sudoUser=+*))(&(dataExpireTimestamp<=1468393118)))]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_rules] (0x2000): About<br>
> to get sudo rules from cache<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sysdb_search_group_by_gid]<br>
> (0x0400): No such entry<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_sudorules_query_cache]<br>
> (0x0200): Searching sysdb with<br>
>
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=<a
moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>)(sudoUser=#988604700)(sudoUser=%domain<br>
> <a moz-do-not-send="true"
href="mailto:users@sd-stc.cz">users@sd-stc.cz</a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:unixadmins@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:unixadmins@sd-stc.cz">unixadmins@sd-stc.cz</a></a>)(sudoUser=%<br>
> <a moz-do-not-send="true"
href="mailto:mfcr_mfg@sd-stc.cz">mfcr_mfg@sd-stc.cz</a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:account@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:account@sd-stc.cz">account@sd-stc.cz</a></a>)(sudoUser=%<a
moz-do-not-send="true"
href="mailto:wifi@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:wifi@sd-stc.cz">wifi@sd-stc.cz</a></a><br>
> )(sudoUser=%grpunixadmins)(sudoUser=+*)))]<br>
> (Wed Jul 13 08:58:38 2016) [sssd[sudo]]
[sudosrv_get_sudorules_from_cache]<br>
> (0x0400): Returning 0 rules for [<a
moz-do-not-send="true"
href="mailto:simecek.tomas@sd-stc.cz"><a class="moz-txt-link-abbreviated" href="mailto:simecek.tomas@sd-stc.cz">simecek.tomas@sd-stc.cz</a></a>]<br>
> (Wed Jul 13 08:58:42 2016) [sssd[sudo]]
[client_recv] (0x0200): Client<br>
> disconnected!<br>
> (Wed Jul 13 08:58:42 2016) [sssd[sudo]]
[client_destructor] (0x2000):<br>
> Terminated client [0x1330300][18]<br>
<br>
</div>
</div>
When you look into the domain logs, do they show some
rules being<br>
fetched?<br>
<br>
You can also install ldbsearch and then check what rules
got stored in<br>
the cache:<br>
ldbsearch -H /var/lib/sss/db/cache_$domain.ldb<br>
<span class=""><font color="#888888"><br>
--<br>
Manage your subscription for the Freeipa-users
mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true"
href="http://freeipa.org" rel="noreferrer"
target="_blank">http://freeipa.org</a> for more
info on the project<br>
</font></span></blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>