[Freeipa-users] Issue IPA: AD Users and IPA Users when using SSS/LDAP with SUDO
Jakub Hrozek
jhrozek at redhat.com
Wed Apr 24 18:51:45 UTC 2013
On Wed, Apr 24, 2013 at 01:20:15PM -0400, Aly Khimji wrote:
> Hey,
>
> Thanks for the quick reply.
>
> See below
>
> Client
>
Hi Aly,
I no longer remember the details, but according to the git history, we
did some fixes for trusted AD users:
https://fedorahosted.org/sssd/ticket/1616
I'm adding Pavel Brezina who wrote that support to chime in.
> login as: btest at corpnonprd
> btest at corpnonprd@10.137.216.163's password:
> Your password will expire in 8908 day(s).
> Last login: Wed Apr 24 11:13:47 2013 from 10.110.124.80
> Could not chdir to home directory /home/CorpNonPrd.xxxx.com/btest: No such
> file or directory
>
> -sh-4.1$ id
> uid=59401108(btest at corpnonprd.xxxx.com) gid=59401108(
> btest at corpnonprd.xxxx.com)
> groups=59401108(btest at corpnonprd.xxxx.com),59400512(domain
> admins at corpnonprd.xxxx.com),59400513(domain users at corpnonprd.xxxx.com
> ),59401113(seca at corpnonprd.xxxx.com),818800006(ad_admins)
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
> -sh-4.1$ sudo -l
> [sudo] password for btest at corpnonprd.xxxx.com:
> Your password will expire in 8908 day(s).
> User btest at corpnonprd.xxxx.com is not allowed to run sudo on rhidmclient.
> -sh-4.1$
>
>
> Logs
> (I cleared the logs so the logs below are only the the above actions -
> login, id, sudo -l)
>
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [4097][1][name=btest]
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_resolve_server_process] (0x0200): Found address for server
> didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_resolve_server_process] (0x0200): Found address for server
> didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sdap_cli_auth_step] (0x0100): expire timeout is 900
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: host/
> rhidmclient.nix.corpnonprd.xxxx.com
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [child_sig_handler] (0x0100): child [6032] finished successfully.
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [fo_set_port_status] (0x0100): Marking port 389 of server '
> didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [set_server_common_status] (0x0100): Marking server '
> didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
> (Wed Apr 24 13:07:15 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): user: btest at CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): service: sshd
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): tty: ssh
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): ruser:
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): rhost: 10.110.124.80
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok type: 1
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok size: 11
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok size: 0
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): priv: 1
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): cli_pid: 6030
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [check_for_valid_tgt] (0x0020): krb5_cc_retrieve_cred failed.
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_resolve_server_process] (0x0200): Found address for server
> didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200
> (Wed Apr 24 13:07:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [krb5_find_ccache_step] (0x0080): Saved ccache
> FILE:/tmp/krb5cc_59401108_Qv9FNY if of different type than ccache in
> configuration file, reusing the old ccache
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [fo_set_port_status] (0x0100): Marking port 389 of server '
> didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [set_server_common_status] (0x0100): Marking server '
> didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [child_sig_handler] (0x0100): child [6033] finished successfully.
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): command: PAM_ACCT_MGMT
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): user: btest at CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): service: sshd
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): tty: ssh
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): ruser:
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): rhost: 10.110.124.80
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): priv: 1
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): cli_pid: 6030
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [test_HBAC]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sss_selinux_extract_user] (0x0040): sysdb_search_user_by_name failed.
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [ipa_selinux_handler] (0x0040): Cannot create op context
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>)
> [Internal Error (System error)]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [4099][1][name=btest]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): command: PAM_SETCRED
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): user: btest at CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): service: sshd
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): tty: ssh
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): ruser:
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): rhost: 10.110.124.80
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): priv: 1
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): cli_pid: 6030
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): command: PAM_OPEN_SESSION
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): user: btest at CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): service: sshd
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): tty: ssh
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): ruser:
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): rhost: 10.110.124.80
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): priv: 1
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): cli_pid: 6030
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [4099][1][name=btest]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): command: PAM_SETCRED
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): user: btest at CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): service: sshd
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): tty: ssh
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): ruser:
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): rhost: 10.110.124.80
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok size: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): priv: 0
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): cli_pid: 6035
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [4098][1][idnumber=59401108]
> (Wed Apr 24 13:07:19 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [4098][1][idnumber=59400512]
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [4098][1][idnumber=59400513]
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [4098][1][idnumber=59401113]
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for
> [4098][1][idnumber=818800006]
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sdap_nested_get_user_send] (0x0080): Couldn't parse out user information
> based on DN (null), falling back to an LDAP lookup
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sdap_save_grpmem] (0x0040): Failed to save user ad_admins
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sdap_save_groups] (0x0040): Failed to store group 0 members.
> (Wed Apr 24 13:07:20 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
> (Wed Apr 24 13:07:32 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:32 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:32 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:32 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): user: btest at CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): service: sudo
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): tty: /dev/pts/5
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): ruser: btest at corpnonprd.xxxx.com
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): rhost:
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok type: 1
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok size: 11
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok size: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): priv: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): cli_pid: 6061
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [check_for_valid_tgt] (0x0020): krb5_cc_retrieve_cred failed.
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_resolve_server_process] (0x0200): Found address for server
> didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [krb5_find_ccache_step] (0x0080): Saved ccache
> FILE:/tmp/krb5cc_59401108_Qv9FNY if of different type than ccache in
> configuration file, reusing the old ccache
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [fo_set_port_status] (0x0100): Marking port 389 of server '
> didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [set_server_common_status] (0x0100): Marking server '
> didmsvrua01.nix.corpnonprd.xxxx.com' as 'working'
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [child_sig_handler] (0x0100): child [6062] finished successfully.
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): command: PAM_ACCT_MGMT
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): user: btest at CorpNonPrd.xxxx.com
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): service: sudo
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): tty: /dev/pts/5
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): ruser: btest at corpnonprd.xxxx.com
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): rhost:
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok type: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): authtok size: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): newauthtok size: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): priv: 0
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [pam_print_data] (0x0100): cli_pid: 6061
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [test_HBAC]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sss_selinux_extract_user] (0x0040): sysdb_search_user_by_name failed.
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [ipa_selinux_handler] (0x0040): Cannot create op context
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>)
> [Internal Error (System error)]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_get_account_info] (0x0100): Got request for [3][1][name=btest]
> (Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup
> failed
> (Wed Apr 24 13:07:48 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [sbus_dispatch] (0x0080): Connection is not open for dispatching.
> (Wed Apr 24 13:07:48 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [be_client_destructor] (0x0020): Unknown client removed ...
> (Wed Apr 24 13:07:48 2013) [sssd[be[nix.corpnonprd.xxxx.com]]]
> [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/
> kpasswdinfo.NIX.CORPNONPRD.xxxx.COM], [2][No such file or directory]
>
>
> Thx
>
> Aly
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list