From ryan.cunningham.xyzzy at gmail.com Sun Jun 2 19:49:02 2013 From: ryan.cunningham.xyzzy at gmail.com (Ryan Cunningham) Date: Sun, 2 Jun 2013 15:49:02 -0400 Subject: [Freeipa-users] SSSD/SSH authentication issues on some hosts Message-ID: Hello, I've been evaluating FreeIPA in a lab environment prior to possibly rolling it out in our enterprise but have been having issues with a few hosts rejecting SSH logins for users authenticated against the FreeIPA server via SSSD. All systems are running CentOS 6.4 with FreeIPA client/server 3.0.0 installed from the base repo. The default RBAC rule to allow all users access to all hosts is in effect, the only Kerberos/LDAP/SSSD/PAM configuration changes that have been made on client machines (apart from enabling debug logging) were done with `ipa-client-install --mkhomedir`. I enabled debug logging for SSSD and have included relevant bits from the log files here: https://gist.github.com/arg0sy/5694537 I can get a Kerberos ticket for the admin user on the ovz2 host and connect ssh into the test host as the admin user afterward without any problems. I assume that there's something I'm missing, but I haven't had much luck Googling, any insight into the issue anyone could provide would be very welcome. Best Regards, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: From natxo.asenjo at gmail.com Sun Jun 2 20:33:43 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Sun, 2 Jun 2013 22:33:43 +0200 Subject: [Freeipa-users] SSSD/SSH authentication issues on some hosts In-Reply-To: References: Message-ID: On Sun, Jun 2, 2013 at 9:49 PM, Ryan Cunningham wrote: > Hello, > > I've been evaluating FreeIPA in a lab environment prior to possibly rolling > it out in our enterprise but have been having issues with a few hosts > rejecting SSH logins for users authenticated against the FreeIPA server via > SSSD. > > All systems are running CentOS 6.4 with FreeIPA client/server 3.0.0 > installed from the base repo. The default RBAC rule to allow all users > access to all hosts is in effect, the only Kerberos/LDAP/SSSD/PAM > configuration changes that have been made on client machines (apart from > enabling debug logging) were done with `ipa-client-install --mkhomedir`. > > I enabled debug logging for SSSD and have included relevant bits from the > log files here: > https://gist.github.com/arg0sy/5694537 What I see is: fatal: Access denied for user admin by PAM account configuration I would compare the pam.d dir on systems where you can login to the one on systems you cannot log in to. What about disabling selinux? Anything strange on audit.log? Maybe the context of the homedir is not correct. -- groet, natxo From ryan.cunningham.xyzzy at gmail.com Sun Jun 2 22:38:08 2013 From: ryan.cunningham.xyzzy at gmail.com (Ryan Cunningham) Date: Sun, 2 Jun 2013 18:38:08 -0400 Subject: [Freeipa-users] SSSD/SSH authentication issues on some hosts In-Reply-To: References: Message-ID: > What I see is: > > fatal: Access denied for user admin by PAM account configuration > > What about disabling selinux? > Whoops, I probably should have caught these myself. Disabling SELinux fixed one of the hosts. I didn't even look at it because I believed that I had disabled it previously. The other problem host didn't have SELinux enabled but was missing the /etc/selinux/targeted directory structure and was dropping an error: [sssd[pam]] [write_selinux_login_file] (0x0040): creating the temp file for SELinux data failed. /etc/selinux/targeted/logins/adminnik1F1(Sun Jun 2 18:01:44 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 25 Everything's working fine now -- thanks for looking at those logs. Best regards, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: From natxo.asenjo at gmail.com Mon Jun 3 04:58:35 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Mon, 3 Jun 2013 06:58:35 +0200 Subject: [Freeipa-users] SSSD/SSH authentication issues on some hosts In-Reply-To: References: Message-ID: On Mon, Jun 3, 2013 at 12:38 AM, Ryan Cunningham wrote: > >> What I see is: >> >> fatal: Access denied for user admin by PAM account configuration >> >> What about disabling selinux? > > > Whoops, I probably should have caught these myself. > > Disabling SELinux fixed one of the hosts. I didn't even look at it because I > believed that I had disabled it previously. > > The other problem host didn't have SELinux enabled but was missing the > /etc/selinux/targeted directory structure and was dropping an error: > > [sssd[pam]] [write_selinux_login_file] (0x0040): creating the temp file for > SELinux data failed. /etc/selinux/targeted/logins/adminnik1F1(Sun Jun 2 > 18:01:44 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 25 > > Everything's working fine now -- thanks for looking at those logs. glad it helped, but it should also work with selinux enabled. Could you try running restorecon -rv on /etc and /home at least, re-enabling selinux and logging in again? For me and many others, it works and it really is the new 'best practices' to have it on ;-) -- groet, natxo From jhrozek at redhat.com Mon Jun 3 08:45:14 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Mon, 3 Jun 2013 10:45:14 +0200 Subject: [Freeipa-users] SSSD/SSH authentication issues on some hosts In-Reply-To: References: Message-ID: <20130603084514.GB31442@hendrix.brq.redhat.com> On Mon, Jun 03, 2013 at 06:58:35AM +0200, Natxo Asenjo wrote: > On Mon, Jun 3, 2013 at 12:38 AM, Ryan Cunningham > wrote: > > > >> What I see is: > >> > >> fatal: Access denied for user admin by PAM account configuration > >> > >> What about disabling selinux? > > > > > > Whoops, I probably should have caught these myself. > > > > Disabling SELinux fixed one of the hosts. I didn't even look at it because I > > believed that I had disabled it previously. > > > > The other problem host didn't have SELinux enabled but was missing the > > /etc/selinux/targeted directory structure and was dropping an error: > > > > [sssd[pam]] [write_selinux_login_file] (0x0040): creating the temp file for > > SELinux data failed. /etc/selinux/targeted/logins/adminnik1F1(Sun Jun 2 > > 18:01:44 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 25 > > > > Everything's working fine now -- thanks for looking at those logs. > > glad it helped, but it should also work with selinux enabled. > > Could you try running restorecon -rv on /etc and /home at least, > re-enabling selinux and logging in again? For me and many others, it > works and it really is the new 'best practices' to have it on ;-) Did the directory /etc/selinux/targeted/logins/ exist at all? We've had a bug where if SELinux was disabled, the directory didn't exist and creating a temp file there failed. But from your e-mail it sounds like you actually had luck after disabling SELinux? Natxo's suggestion then would be a valid one, too, please let us know whether restorecon did change any contexts. From mkosek at redhat.com Mon Jun 3 11:05:45 2013 From: mkosek at redhat.com (Martin Kosek) Date: Mon, 03 Jun 2013 13:05:45 +0200 Subject: [Freeipa-users] Announcing FreeIPA 3.1.5 Message-ID: <51AC7889.7010901@redhat.com> The FreeIPA team is proud to announce version FreeIPA v3.1.5. It can be downloaded from http://www.freeipa.org/page/Downloads. The new version has also been built for Fedora 18 and is on its way to updates-testing: https://admin.fedoraproject.org/updates/freeipa-3.1.5-1.fc18 == Highlights in 3.1.5 == === Bug fixes === * Directory Server CLDAP responder now returns a result in all cases to avoid timeouts or freezes with Windows DC or other tools probing this interface. == Upgrading == An IPA server can be upgraded simply by installing updated rpms. The server does not need to be shut down in advance. Please note, that the referential integrity extension requires an extended set of indexes to be configured. RPM update for an IPA server with a excessive number of hosts, SUDO or HBAC entries may require several minutes to finish. If you have multiple servers you may upgrade them one at a time. It is expected that all servers will be upgraded in a relatively short period (days or weeks not months). They should be able to co-exist peacefully but new features will not be available on old servers and enrolling a new client against an old server will result in the SSH keys not being uploaded. Downgrading a server once upgraded is not supported. Upgrading from 2.2.0 is supported. Upgrading from previous versions is not supported and has not been tested. An enrolled client does not need the new packages installed unless you want to re-enroll it. SSH keys for already installed clients are not uploaded, you will have to re-enroll the client or manually upload the keys. == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list: http://www.redhat.com/mailman/listinfo/freeipa-users == Detailed Changelog since 3.1.4 == Alexander Bokovoy (1) * Fix cldap parser to work with a single equality filter (NtVer=...) Martin Kosek (1): * Become IPA 3.1.5 Petr Viktorin (1): * Remove leading zero from IPA_NUM_VERSION Simo Sorce (2): * CLDAP: Fix domain handling in netlogon requests * CLDAP: Return empty reply on non-fatal errors From simo at redhat.com Mon Jun 3 13:15:58 2013 From: simo at redhat.com (Simo Sorce) Date: Mon, 03 Jun 2013 09:15:58 -0400 Subject: [Freeipa-users] IPA privileges question In-Reply-To: <8472F90C3727F143A32CAF760BBE7CBC04C96E26@MBX023-W1-CA-6.exch023.domain.local> References: <8472F90C3727F143A32CAF760BBE7CBC04C96C6C@MBX023-W1-CA-6.exch023.domain.local> <51A8D614.9090706@redhat.com> <8472F90C3727F143A32CAF760BBE7CBC04C96E26@MBX023-W1-CA-6.exch023.domain.local> Message-ID: <1370265358.2769.247.camel@willson.li.ssimo.org> On Fri, 2013-05-31 at 18:45 +0000, Guy Matz wrote: > Sorry, should have mentioned that. I had host principal and have since > added ldap: > # klist -k krb5.keytab > Keytab name: FILE:krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET > 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET > 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET > 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET > 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET > 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET > 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET > 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET > > I now get this error: > Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: > gss_accept_sec_context Invalid credentials > > with this in my krb5.log: > May 31 14:42:30 ipadevmstr.collmedia.net krb5kdc[4190](info): AS_REQ (4 > etypes {18 17 16 23}) 192.168.8.111: NEEDED_PREAUTH: > DNS/ipadevmstr.collmedia.net at COLLMEDIA.NET for > krbtgt/COLLMEDIA.NET at COLLMEDIA.NET, Additional pre-authentication required > May 31 14:42:30 ipadevmstr.collmedia.net krb5kdc[4190](info): AS_REQ (4 > etypes {18 17 16 23}) 192.168.8.111: ISSUE: authtime 1370025750, etypes > {rep=18 tkt=18 ses=18}, DNS/ipadevmstr.collmedia.net at COLLMEDIA.NET for > krbtgt/COLLMEDIA.NET at COLLMEDIA.NET > May 31 14:42:31 ipadevmstr.collmedia.net krb5kdc[4190](info): TGS_REQ (4 > etypes {18 17 16 23}) 192.168.8.111: ISSUE: authtime 1370025263, etypes > {rep=18 tkt=18 ses=18}, HTTP/ipadevmstr.collmedia.net at COLLMEDIA.NET for > ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET > May 31 14:42:31 ipadevmstr.collmedia.net krb5kdc[4190](info): ... > CONSTRAINED-DELEGATION s4u-client=DNS/ipadevmstr.collmedia.net at COLLMEDIA.NET > > Do I need to add DNS too? No, and you shouldn;t have added ldap/fqdn either as you are not hosting an LDAP server. Just FYI: there is no error in the snippet above, the 'NEEDED_PREAUTH' message is normal and does not imply there is any error in the system. Simo. -- Simo Sorce * Red Hat, Inc * New York From gmatz at collective.com Mon Jun 3 15:50:53 2013 From: gmatz at collective.com (Guy Matz) Date: Mon, 3 Jun 2013 15:50:53 +0000 Subject: [Freeipa-users] IPA privileges question References: <8472F90C3727F143A32CAF760BBE7CBC04C96C6C@MBX023-W1-CA-6.exch023.domain.local> <51A8D614.9090706@redhat.com> <8472F90C3727F143A32CAF760BBE7CBC04C96E26@MBX023-W1-CA-6.exch023.domain.local> <1370265358.2769.247.camel@willson.li.ssimo.org> Message-ID: <8472F90C3727F143A32CAF760BBE7CBC04C97EF0@MBX023-W1-CA-6.exch023.domain.local> Thanks. Yes, I have realized the error of my ways . . . seems I have just needed the user to have "Host Administration" privileges. Thanks again, Guy On 06/03/2013 09:16 AM, Simo Sorce wrote: > On Fri, 2013-05-31 at 18:45 +0000, Guy Matz wrote: >> Sorry, should have mentioned that. I had host principal and have since >> added ldap: >> # klist -k krb5.keytab >> Keytab name: FILE:krb5.keytab >> KVNO Principal >> ---- >> -------------------------------------------------------------------------- >> 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET >> 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET >> 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET >> 3 host/ipadevmstr.collmedia.net at COLLMEDIA.NET >> 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET >> 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET >> 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET >> 3 ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET >> >> I now get this error: >> Insufficient access: SASL(-13): authentication failure: GSSAPI Failure: >> gss_accept_sec_context Invalid credentials >> >> with this in my krb5.log: >> May 31 14:42:30 ipadevmstr.collmedia.net krb5kdc[4190](info): AS_REQ (4 >> etypes {18 17 16 23}) 192.168.8.111: NEEDED_PREAUTH: >> DNS/ipadevmstr.collmedia.net at COLLMEDIA.NET for >> krbtgt/COLLMEDIA.NET at COLLMEDIA.NET, Additional pre-authentication required >> May 31 14:42:30 ipadevmstr.collmedia.net krb5kdc[4190](info): AS_REQ (4 >> etypes {18 17 16 23}) 192.168.8.111: ISSUE: authtime 1370025750, etypes >> {rep=18 tkt=18 ses=18}, DNS/ipadevmstr.collmedia.net at COLLMEDIA.NET for >> krbtgt/COLLMEDIA.NET at COLLMEDIA.NET >> May 31 14:42:31 ipadevmstr.collmedia.net krb5kdc[4190](info): TGS_REQ (4 >> etypes {18 17 16 23}) 192.168.8.111: ISSUE: authtime 1370025263, etypes >> {rep=18 tkt=18 ses=18}, HTTP/ipadevmstr.collmedia.net at COLLMEDIA.NET for >> ldap/ipadevmstr.collmedia.net at COLLMEDIA.NET >> May 31 14:42:31 ipadevmstr.collmedia.net krb5kdc[4190](info): ... >> CONSTRAINED-DELEGATION s4u-client=DNS/ipadevmstr.collmedia.net at COLLMEDIA.NET >> >> Do I need to add DNS too? > No, and you shouldn;t have added ldap/fqdn either as you are not hosting > an LDAP server. > > Just FYI: there is no error in the snippet above, the 'NEEDED_PREAUTH' > message is normal and does not imply there is any error in the system. > > Simo. > From aly.khimji at gmail.com Mon Jun 3 18:23:48 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Mon, 3 Jun 2013 14:23:48 -0400 Subject: [Freeipa-users] Logging Failed User logins for Trust Users Message-ID: Quick questions guys, can you advise if there is a particular place(s) successful and failed users authentication is logged? I know from local users I can go through the 389 access logs, but for trust based users can you advise where I would look? I know i see a proper ticket issued in krb5kdc logs, but mainly for failed logins. Thx Aly -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Mon Jun 3 20:30:19 2013 From: dpal at redhat.com (Dmitri Pal) Date: Mon, 03 Jun 2013 16:30:19 -0400 Subject: [Freeipa-users] Logging Failed User logins for Trust Users In-Reply-To: References: Message-ID: <51ACFCDB.2020403@redhat.com> On 06/03/2013 02:23 PM, Aly Khimji wrote: > Quick questions guys, > > can you advise if there is a particular place(s) successful and failed > users authentication is logged? I know from local users I can go > through the 389 access logs, but for trust based users can you advise > where I would look? I know i see a proper ticket issued in krb5kdc > logs, but mainly for failed logins. What is the scenario? Is this: user from AD logs into a Linux system that is joined into IPA via SSSD? In this case the authentication happens in AD so the audit trail will be there. Once this user tries to access a resource in IPA domain there will be a record of issuing this user a service ticket in the kerberos log. The users always get TGTs from the domain they belong to so the record will be in the log of the corresponding KDC. > > Thx > > Aly > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From aly.khimji at gmail.com Tue Jun 4 01:22:21 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Mon, 3 Jun 2013 21:22:21 -0400 Subject: [Freeipa-users] IPA different ID results on different nodes Message-ID: Hey guys, Just wanted to say thank you for all your support with everything and answering all my questions. Just wanted to show you something, maybe you can shed some light.. Below is my self running the ID command on 2 different nodes (1) the IDM server and the other the IDM client. I get two different results of my user ID, the client being correct and the server not having the correct groups displaying with the ID, and even having one that has been deleted. Is there someplace this information in cached? or I can set an invalidator so that the information is pulled down or is forced to expire quicker so its checked from AD? CLIENT: -sh-4.1$ hostname rhidmclient.nix.corpnonprd.xxxx.com -sh-4.1$ id uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain admins at corpnonprd.xxxx.com), 59400513(domain users at corpnonprd.xxxx.com),59401123( mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com), 162200012(mirra-supapp-admin-nix-cde) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 SERVER: didmsvrua01.nix.corpnonprd.xxxx.com [root at didmsvrua01 ~]# id akhimji at corpnonprd uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com),59400513,59400513,59401113( seca at corpnonprd.xxxx.com) just a note this group [59401113(seca at corpnonprd.xxxx.com)] was deleted on AD, and correctly doesn't show up on the client, but remains in the server. Please let me know if you need more info (eg logs, etc..) Thx Aly -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbose at redhat.com Tue Jun 4 07:56:03 2013 From: sbose at redhat.com (Sumit Bose) Date: Tue, 4 Jun 2013 09:56:03 +0200 Subject: [Freeipa-users] IPA different ID results on different nodes In-Reply-To: References: Message-ID: <20130604075603.GI3487@localhost.localdomain> On Mon, Jun 03, 2013 at 09:22:21PM -0400, Aly Khimji wrote: > Hey guys, > > Just wanted to say thank you for all your support with everything and > answering all my questions. > > Just wanted to show you something, maybe you can shed some light.. > Below is my self running the ID command on 2 different nodes (1) the IDM > server and the other the IDM client. I get two different results of my user > ID, the client being correct and the server not having the correct groups > displaying with the ID, and even having one that has been deleted. > > Is there someplace this information in cached? or I can set an invalidator > so that the information is pulled down or is forced to expire quicker so > its checked from AD? > > CLIENT: > -sh-4.1$ hostname > rhidmclient.nix.corpnonprd.xxxx.com > -sh-4.1$ id > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > akhimji at corpnonprd.xxxx.com) > groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain > admins at corpnonprd.xxxx.com), > 59400513(domain users at corpnonprd.xxxx.com),59401123( > mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com), > 162200012(mirra-supapp-admin-nix-cde) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > SERVER: > didmsvrua01.nix.corpnonprd.xxxx.com > [root at didmsvrua01 ~]# id akhimji at corpnonprd > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > akhimji at corpnonprd.xxxx.com) > groups=59401108(akhimji at corpnonprd.xxxx.com),59400513,59400513,59401113( > seca at corpnonprd.xxxx.com) > > just a note this group [59401113(seca at corpnonprd.xxxx.com)] was deleted on > AD, and correctly doesn't show up on the client, but remains in the server. Group-memberships are cached for some time by SSSD so I would guess you see cached data on the server. But during authentication the group-memberships of a user are updated. Can you check if seca at corpnonprd.xxxx.com does away if you log in with akhimji at corpnonprd on the server? bye, Sumit > > Please let me know if you need more info (eg logs, etc..) > > Thx > > Aly > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From sbose at redhat.com Tue Jun 4 08:06:57 2013 From: sbose at redhat.com (Sumit Bose) Date: Tue, 4 Jun 2013 10:06:57 +0200 Subject: [Freeipa-users] Logging Failed User logins for Trust Users In-Reply-To: <51ACFCDB.2020403@redhat.com> References: <51ACFCDB.2020403@redhat.com> Message-ID: <20130604080657.GJ3487@localhost.localdomain> On Mon, Jun 03, 2013 at 04:30:19PM -0400, Dmitri Pal wrote: > On 06/03/2013 02:23 PM, Aly Khimji wrote: > > Quick questions guys, > > > > can you advise if there is a particular place(s) successful and failed > > users authentication is logged? I know from local users I can go > > through the 389 access logs, but for trust based users can you advise > > where I would look? I know i see a proper ticket issued in krb5kdc > > logs, but mainly for failed logins. > > What is the scenario? > Is this: user from AD logs into a Linux system that is joined into IPA > via SSSD? > In this case the authentication happens in AD so the audit trail will be > there. > Once this user tries to access a resource in IPA domain there will be a > record of issuing this user a service ticket in the kerberos log. > > The users always get TGTs from the domain they belong to so the record > will be in the log of the corresponding KDC. Are you using ssh to log in to the IPA client or is this a console login? In the first case logs from sshd might help. Typically issues here are related to access checks and mapping the Kerberos principal to a local user name. See e.g. http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Edit_.2Fetc.2Fkrb5.conf how to configure the auth_to_local feature. Please note that Kerberos principals are handled case sensitive here, i.e. if you AD users name use upper and lower case you have to use the same case at the ssh login prompt. Alternatively you can add a .k5login file in the users home directory on the IPA client. For console login the sssd logs is the best source to figure out what's going wrong, HTH bye, Sumit > > > > > > Thx > > > > Aly > > > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From jhrozek at redhat.com Tue Jun 4 08:44:53 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 4 Jun 2013 10:44:53 +0200 Subject: [Freeipa-users] Limiting Host access by UID/GID In-Reply-To: References: <51A7DF7A.7090201@redhat.com> <20130531095539.GT19954@hendrix.brq.redhat.com> <1370006800.2769.195.camel@willson.li.ssimo.org> <20130531134128.GY19954@hendrix.brq.redhat.com> Message-ID: <20130604084453.GC9753@hendrix.brq.redhat.com> On Fri, May 31, 2013 at 08:50:29AM -0700, Chandan Kumar wrote: > As far as my understanding goes it does not stop even if I disable cache > credentials. I set following parameters in sssd.conf but still UID 20000 is > able to login. > Sorry, there was some terminology confusion. I didn't ask for disabling cache credentials, but removing the on-disk cache and starting afresh. The cache is stored in /var/lib/sss/db/cache_$domname.ldb, so you can mv or rm it and check again if the IDs are still allowed. > cache_credentials = False > krb5_store_password_if_offline = False > min_id=5000 > max_id=5010 > enumerate = False > entry_cache_timeout=3 > > Package Info: > Client; > sssd-client-1.9.2-82.7.el6_4.x86_64 > > Server: > ipa-server-2.2.0-16.el6.x86_64 > > Thanks > Chandan > > On Friday, May 31, 2013, Jakub Hrozek wrote: > > > On Fri, May 31, 2013 at 09:26:40AM -0400, Simo Sorce wrote: > > > On Fri, 2013-05-31 at 11:55 +0200, Jakub Hrozek wrote: > > > > On Thu, May 30, 2013 at 07:23:38PM -0400, Dmitri Pal wrote: > > > > > On 05/30/2013 06:52 PM, Chandan Kumar wrote: > > > > > > Hello, > > > > > > > > > > > > As part of migration from passwd/shadow to IPA, I want to roll out > > > > > > IPA/SSSD based password first for a small number of users and then > > for > > > > > > all. (same goes with host. first small number of host and then > > all). > > > > > > > > > > > > I was trying to limit it using max_id/min_id parameters in sssd > > but it > > > > > > does not seems to work the way I expected. > > > > > > ------- > > > > > > min_id = 5000 > > > > > > max_id = 5100 > > > > > > ------ > > > > > > So there is a user "kchandan" with UID/GID 20000 > > > > > > ------ > > > > > > [root at tipa1 ~]# id kchandan > > > > > > uid=20000(kchandan) gid=20000 groups=20000 > > > > > > ------- > > > > > > > > > > > > But It is allowing me to login with that ID with only error showing > > > > > > GID 20000 not found. > > > > > > ----------- > > > > > > ssh 10.2.3.105 -l kchandan > > > > > > kchandan at 10.2.3.105 's password: > > > > > > id: cannot find name for group ID 20000 > > > > > > ------------- > > > > > > > > > > > > Is there any way to achieve this? > > > > > > > > > > So you want to allow only a subset of users with a specific range to > > log > > > > > into the systems controlled by SSSD before you open it to a broader > > public? > > > > > I would defer to SSSD gurus but the hack that comes to mind is to > > > > > configure a simple access provider to limit the access to just the > > users > > > > > you care about (man sssd-simple) or configure ldap access provider > > based > > > > > on a filter (man sssd-ldap). > > > > > > > > Hi, > > > > > > > > The user shouldn't be even saved to cache if it's filtered out of > > range. > > > > > > > > But looking at the current NSS code, the entry would have been > > returned if > > > > it was saved *before* you changed the min_id/max_id parameters. Could > > that be > > > > the case? Can you check if after removing the cache the entry still > > shows up? > > > > > > > > I think that the fact that the entry is returned from cache even if it > > > > should be filtered out is a bug: > > > > https://fedorahosted.org/sssd/ticket/1954 > > > > > > So far we always maintained that if you consistently change > > > configuration (and a change of ranges is a big change) then it's on the > > > admin to wipe the cache file. > > > > Yes, that's why the ticket is minor. But mostly I don't like the > > inconsistency where some requests check the ranges even in the responder > > and some don't. > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > -- > > -- > http://about.me/chandank From aly.khimji at gmail.com Tue Jun 4 13:40:21 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Tue, 4 Jun 2013 09:40:21 -0400 Subject: [Freeipa-users] IPA different ID results on different nodes In-Reply-To: <20130604075603.GI3487@localhost.localdomain> References: <20130604075603.GI3487@localhost.localdomain> Message-ID: I re-logged in this morning into the server and i see the following on the server Any thoughts? Thx again. SERVER: -sh-4.1$ id uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 CLIENT: -sh-4.1$ id uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain admins at corpnonprd.xxxx.com),59400513(domain users at corpnonprd.xxxx.com ),59401123(mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com),162200012(mirra-supapp-admin-nix-cde) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 -sh-4.1$ CLIENT LOG: (Tue Jun 4 09:35:51 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. (Tue Jun 4 09:35:51 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server (Tue Jun 4 09:35:51 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,110,User lookup failed (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [3][1][name=akhimji] (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Got request with the following data (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): service: sshd (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): tty: ssh (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): ruser: (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): rhost: 10.210.240.246 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok type: 1 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok size: 11 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok size: 0 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): priv: 1 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): cli_pid: 10644 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [check_for_valid_tgt] (0x0020): krb5_cc_retrieve_cred failed. (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_resolve_server_process] (0x0200): Found address for server didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200 (Tue Jun 4 09:36:17 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [krb5_find_ccache_step] (0x0080): Saved ccache FILE:/tmp/krb5cc_59401108_opsH3I if of different type than ccache in configuration file, reusing the old ccache (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [fo_set_port_status] (0x0100): Marking port 389 of server ' didmsvrua01.nix.corpnonprd.xxxx.com' as 'working' (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [set_server_common_status] (0x0100): Marking server ' didmsvrua01.nix.corpnonprd.xxxx.com' as 'working' (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, ) [Success] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [child_sig_handler] (0x0100): child [10648] finished successfully. (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [3][1][name=akhimji] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): *Request processed. Returned 3,95,User lookup failed* (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Got request with the following data (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): service: sshd (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): tty: ssh (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): ruser: (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): rhost: 10.210.240.246 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): priv: 1 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): cli_pid: 10644 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_resolve_server_process] (0x0200): Found address for server didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_resolve_server_process] (0x0200): Found address for server didmsvrua01.nix.corpnonprd.xxxx.com: [10.137.216.162] TTL 1200 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: host/ rhidmclient.nix.corpnonprd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [child_sig_handler] (0x0100): child [10649] finished successfully. (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [fo_set_port_status] (0x0100): Marking port 389 of server ' didmsvrua01.nix.corpnonprd.xxxx.com' as 'working' (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [set_server_common_status] (0x0100): Marking server ' didmsvrua01.nix.corpnonprd.xxxx.com' as 'working' (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [allow_all] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, ) [Success] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sss_selinux_extract_user] (0x0040): sysdb_search_user_by_name failed. (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [ipa_selinux_handler] (0x0040): Cannot create op context (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, ) [Internal Error (System error)] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Sending result [0][CorpNonPrd.xxxx.com] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Sent result [0][CorpNonPrd.xxxx.com] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=akhimji] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): *Request processed. Returned 3,95,User lookup failed* (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [3][1][name=akhimji] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Got request with the following data (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): service: sshd (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): tty: ssh (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): ruser: (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): rhost: 10.210.240.246 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): priv: 1 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): cli_pid: 10644 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [3][1][name=akhimji] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Got request with the following data (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): service: sshd (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): tty: ssh (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): ruser: (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): rhost: 10.210.240.246 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): priv: 1 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): cli_pid: 10644 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=akhimji] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [3][1][name=akhimji] (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Got request with the following data (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): domain: CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): user: akhimji at CorpNonPrd.xxxx.com (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): service: sshd (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): tty: ssh (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): ruser: (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): rhost: 10.210.240.246 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): authtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): newauthtok size: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): priv: 0 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [pam_print_data] (0x0100): cli_pid: 10650 (Tue Jun 4 09:36:18 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler] (0x0100): Sending result [0][CorpNonPrd.xxxx.com] (Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_get_account_info] (0x0100): Got request for [4098][1][idnumber=162200012] (Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sdap_nested_get_user_send] (0x0080):* Couldn't parse out user information based on DN (null), falling back to an LDAP lookup* (Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sdap_save_grpmem] (0x0040): F*ailed to save user mirra-supapp-admin-nix-cde * (Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sdap_save_groups] (0x0040): *Failed to store group 0 members*. (Tue Jun 4 09:36:23 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success Aly On Tue, Jun 4, 2013 at 3:56 AM, Sumit Bose wrote: > On Mon, Jun 03, 2013 at 09:22:21PM -0400, Aly Khimji wrote: > > Hey guys, > > > > Just wanted to say thank you for all your support with everything and > > answering all my questions. > > > > Just wanted to show you something, maybe you can shed some light.. > > Below is my self running the ID command on 2 different nodes (1) the IDM > > server and the other the IDM client. I get two different results of my > user > > ID, the client being correct and the server not having the correct groups > > displaying with the ID, and even having one that has been deleted. > > > > Is there someplace this information in cached? or I can set an > invalidator > > so that the information is pulled down or is forced to expire quicker so > > its checked from AD? > > > > CLIENT: > > -sh-4.1$ hostname > > rhidmclient.nix.corpnonprd.xxxx.com > > -sh-4.1$ id > > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > > akhimji at corpnonprd.xxxx.com) > > groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain > > admins at corpnonprd.xxxx.com), > > 59400513(domain users at corpnonprd.xxxx.com),59401123( > > mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com), > > 162200012(mirra-supapp-admin-nix-cde) > > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > > > > SERVER: > > didmsvrua01.nix.corpnonprd.xxxx.com > > [root at didmsvrua01 ~]# id akhimji at corpnonprd > > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > > akhimji at corpnonprd.xxxx.com) > > groups=59401108(akhimji at corpnonprd.xxxx.com),59400513,59400513,59401113( > > seca at corpnonprd.xxxx.com) > > > > just a note this group [59401113(seca at corpnonprd.xxxx.com)] was deleted > on > > AD, and correctly doesn't show up on the client, but remains in the > server. > > Group-memberships are cached for some time by SSSD so I would guess you > see cached data on the server. But during authentication the > group-memberships of a user are updated. Can you check if > seca at corpnonprd.xxxx.com does away if you log in with akhimji at corpnonprd > on the server? > > bye, > Sumit > > > > Please let me know if you need more info (eg logs, etc..) > > > > Thx > > > > Aly > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Wed Jun 5 08:20:38 2013 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 05 Jun 2013 10:20:38 +0200 Subject: [Freeipa-users] FreeIPA Training Series Message-ID: <51AEF4D6.1040508@redhat.com> Hello FreeIPA and SSSD users, Our team just published FreeIPA&SSSD training presentations created in the event of finishing FreeIPA 3.0 and SSSD 1.9.2 back in beginning of 2013. I would like to welcome you to look at the presentations, they contain useful information with aim to help you with understanding, configuring or even debugging the features. All presentations were uploaded to the FreeIPA.org wiki: http://www.freeipa.org/page/Documentation#FreeIPA_Training_Series -- Martin Kosek Supervisor, Software Engineering - Identity Management Team Red Hat Inc. From sbose at redhat.com Wed Jun 5 08:42:12 2013 From: sbose at redhat.com (Sumit Bose) Date: Wed, 5 Jun 2013 10:42:12 +0200 Subject: [Freeipa-users] IPA different ID results on different nodes In-Reply-To: References: <20130604075603.GI3487@localhost.localdomain> Message-ID: <20130605084212.GS3487@localhost.localdomain> On Tue, Jun 04, 2013 at 09:40:21AM -0400, Aly Khimji wrote: > I re-logged in this morning into the server and i see the following on the > server > Any thoughts? > > Thx again. > > SERVER: > -sh-4.1$ id > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > CLIENT: > -sh-4.1$ id > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > akhimji at corpnonprd.xxxx.com) > groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain > admins at corpnonprd.xxxx.com),59400513(domain users at corpnonprd.xxxx.com > ),59401123(mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com),162200012(mirra-supapp-admin-nix-cde) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > -sh-4.1$ so the client side still looks ok. Can you send the logs from the server as well? Besides the log of the domain the krb5_child and sssd_pac log would be interesting as well. If you do not want to disclose the logs on public mailing lists feel free to send them to me directly. bye, Sumit From pspacek at redhat.com Wed Jun 5 10:53:00 2013 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 05 Jun 2013 12:53:00 +0200 Subject: [Freeipa-users] Announcing bind-dyndb-ldap version 3.3 Message-ID: <51AF188C.5030707@redhat.com> The FreeIPA team is proud to announce bind-dyndb-ldap version 3.2. It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/. The new version has also been built for Fedora 19 and now it in updates-testing: https://admin.fedoraproject.org/updates/FEDORA-2013-10003 This release includes several fixes. == Changes in 3.3 == [1] Crash triggered by missing sasl_user parameter was fixed. [2] IPv6 handling in PTR record synchronization was fixed. https://fedorahosted.org/bind-dyndb-ldap/ticket/118 [3] Authentication settings are validated more strictly. Conflicting options are reported and prevent named from starting. [4] Automatic empty zones defined in RFC 6303 are automatically unloaded if conflicting master or forward zone is defined in LDAP. https://fedorahosted.org/bind-dyndb-ldap/ticket/119 [5] Configuration without persistent search is now deprecated and informational message is logged. Support for zone_refresh will be removed in 4.x release. https://fedorahosted.org/bind-dyndb-ldap/ticket/120 == Upgrading == An server can be upgraded simply by installing updated rpms. BIND has to be restarted manually after the RPM installation. You will need to clean up configuration file /etc/named.conf if your configuration contains typos or other unsupported options. Downgrading back to any 2.x version is supported under following conditions: - new object class idnsForwardZone is not utilized - record types not supported by 2.x versions are not utilized - configured connection count is >= 3 (to prevent deadlocks in 2.x releases) == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list: http://www.redhat.com/mailman/listinfo/freeipa-users -- Petr Spacek Software engineer Red Hat From pspacek at redhat.com Wed Jun 5 13:39:48 2013 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 05 Jun 2013 15:39:48 +0200 Subject: [Freeipa-users] Fedora 19 test day: OTP based 2FA using FreeIPA In-Reply-To: <51A4D01C.2070606@redhat.com> References: <51A4D01C.2070606@redhat.com> Message-ID: <51AF3FA4.7070004@redhat.com> On 28.5.2013 17:41, Dmitri Pal wrote: > To read more about the test day and suggested tests see the following > link > https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication Links to LiveCD ISOs on "Test Day" Wiki page are broken. There is too many "0" in links. i686 image doesn't exist at all. Is it intentional? -- Petr^2 Spacek From rcritten at redhat.com Wed Jun 5 13:41:44 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 05 Jun 2013 09:41:44 -0400 Subject: [Freeipa-users] Fedora 19 test day: OTP based 2FA using FreeIPA In-Reply-To: <51AF3FA4.7070004@redhat.com> References: <51A4D01C.2070606@redhat.com> <51AF3FA4.7070004@redhat.com> Message-ID: <51AF4018.7000403@redhat.com> Petr Spacek wrote: > On 28.5.2013 17:41, Dmitri Pal wrote: >> To read more about the test day and suggested tests see the following >> link >> https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication >> > > Links to LiveCD ISOs on "Test Day" Wiki page are broken. There is too > many "0" in links. > > i686 image doesn't exist at all. Is it intentional? > The scripts/liveCD are still being worked on. Should be done soon. rob From sakodak at gmail.com Wed Jun 5 15:20:24 2013 From: sakodak at gmail.com (KodaK) Date: Wed, 5 Jun 2013 10:20:24 -0500 Subject: [Freeipa-users] sudo rules user and host group bugs? Message-ID: I know this has been discussed before, but I didn't see anything with a cursory search. There are bugs when using user and host groups with sudo rules. I have to split out my users and hosts into individual entries. I'm running ipa 3.0.0-26 on RHEL. All I really want to know is if this is fixed upstream. Thanks, --Jason -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Wed Jun 5 19:45:24 2013 From: dpal at redhat.com (Dmitri Pal) Date: Wed, 05 Jun 2013 15:45:24 -0400 Subject: [Freeipa-users] sudo rules user and host group bugs? In-Reply-To: References: Message-ID: <51AF9554.5070501@redhat.com> On 06/05/2013 11:20 AM, KodaK wrote: > I know this has been discussed before, but I didn't see anything with > a cursory search. > > There are bugs when using user and host groups with sudo rules. I > have to split out my users and hosts into individual entries. I'm > running ipa 3.0.0-26 on RHEL. > > All I really want to know is if this is fixed upstream. > I am not sure I recall a bug you are referring to. A quick scan against the open tickets does not reveal anything like what you describe. Can you provide the description of the issue or point to the earlier thread on the matter? > Thanks, > > --Jason > > -- > The government is going to read our mail anyway, might as well make it > tough for them. GPG Public key ID: B6A1A7C6 > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Wed Jun 5 19:58:35 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 5 Jun 2013 21:58:35 +0200 Subject: [Freeipa-users] sudo rules user and host group bugs? In-Reply-To: References: Message-ID: <20130605195835.GO10811@hendrix.redhat.com> On Wed, Jun 05, 2013 at 10:20:24AM -0500, KodaK wrote: > I know this has been discussed before, but I didn't see anything with a > cursory search. > > There are bugs when using user and host groups with sudo rules. I have to > split out my users and hosts into individual entries. I'm running ipa > 3.0.0-26 on RHEL. > > All I really want to know is if this is fixed upstream. > > Thanks, > > --Jason Do you use the SSSD integration? If so, then I can think of one bug that might apply to your situation: https://bugzilla.redhat.com/show_bug.cgi?id=880150 If you fetch sudo rules with nss_ldap, then describing what problems you are seeing in more detail would help. From lukas.bezdicka at gooddata.com Wed Jun 5 20:04:55 2013 From: lukas.bezdicka at gooddata.com (=?UTF-8?B?THVrw6HFoSBCZXpkacSNa2E=?=) Date: Wed, 5 Jun 2013 22:04:55 +0200 Subject: [Freeipa-users] sudo rules user and host group bugs? In-Reply-To: <51AF9554.5070501@redhat.com> References: <51AF9554.5070501@redhat.com> Message-ID: Hi, lately I spent some time with debugging sudo, what I ended up with was: I created sudo rule in ipa called defaults with sudo option fqdn. defaults is being checked by sssd as default setting. I set up NIS domain on hosts same as ipa domain. See getent netgroup sudo seems to work fine. On Wed, Jun 5, 2013 at 9:45 PM, Dmitri Pal wrote: > On 06/05/2013 11:20 AM, KodaK wrote: > > I know this has been discussed before, but I didn't see anything with a > cursory search. > > There are bugs when using user and host groups with sudo rules. I have > to split out my users and hosts into individual entries. I'm running ipa > 3.0.0-26 on RHEL. > > All I really want to know is if this is fixed upstream. > > > I am not sure I recall a bug you are referring to. A quick scan against > the open tickets does not reveal anything like what you describe. > Can you provide the description of the issue or point to the earlier > thread on the matter? > > Thanks, > > --Jason > > -- > The government is going to read our mail anyway, might as well make it > tough for them. GPG Public key ID: B6A1A7C6 > > > _______________________________________________ > Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sakodak at gmail.com Wed Jun 5 20:47:27 2013 From: sakodak at gmail.com (KodaK) Date: Wed, 5 Jun 2013 15:47:27 -0500 Subject: [Freeipa-users] sudo rules user and host group bugs? In-Reply-To: <51AF9554.5070501@redhat.com> References: <51AF9554.5070501@redhat.com> Message-ID: Sorry, for some reason gmail makes me forget about "reply all." On Wed, Jun 5, 2013 at 2:45 PM, Dmitri Pal wrote: > On 06/05/2013 11:20 AM, KodaK wrote: > > I know this has been discussed before, but I didn't see anything with a > cursory search. > > There are bugs when using user and host groups with sudo rules. I have to > split out my users and hosts into individual entries. I'm running ipa > 3.0.0-26 on RHEL. > > All I really want to know is if this is fixed upstream. > > > I am not sure I recall a bug you are referring to. A quick scan against > the open tickets does not reveal anything like what you describe. > Can you provide the description of the issue or point to the earlier > thread on the matter? > > I'm going off of memory on seeing the previous bug. It very well could be a false memory. I have a rule like this: [jebalicki at mo0033802 ~]$ ipa sudorule-show esolutions-sandbox-root-access Rule name: esolutions-sandbox-root-access Enabled: TRUE Users: slfries, awellard Hosts: slnessbxl01.unix.magellanhealth.com Sudo Allow Commands: /bin/su - This works. However, if I change the rule to use hostgroups instead of listing the hosts individually the rule will not work. The groups still exist and look like this: [jebalicki at mo0033802 ~]$ ipa hostgroup-show esolutions-sandbox-hosts Host-group: esolutions-sandbox-hosts Description: esolutions sandbox hosts Member hosts: slnessbxl01.unix.magellanhealth.com Member of HBAC rule: esolutions-sandbox-access [jebalicki at mo0033802 ~]$ ipa group-show esolutions Group name: esolutions Description: esolutions group GID: 1115600250 Member users: awellard, slfries Member of HBAC rule: esolutions-sandbox-access Client machine is pretty much default-out-of-the-box IRT IPA configuration, here's the installer output (installs during kickstart): [root at slnessbxl01 ~]# cat ks-post.log Discovery was successful! Hostname: slnessbxl01.unix.magellanhealth.com Realm: UNIX.MAGELLANHEALTH.COM DNS Domain: UNIX.MAGELLANHEALTH.COM IPA Server: slpidml01.unix.magellanhealth.com BaseDN: dc=unix,dc=magellanhealth,dc=com Synchronizing time with KDC... Enrolled in IPA realm UNIX.MAGELLANHEALTH.COM Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm UNIX.MAGELLANHEALTH.COM Warning: Hostname (slnessbxl01.unix.magellanhealth.com) not found in DNS DNS server record set to: slnessbxl01.unix.magellanhealth.com -> 10.200.12.104 SSSD enabled NTP enabled Client configuration complete. [root at slnessbxl01 ~]# rpm -qa | grep ipa python-iniparse-0.3.1-2.1.el6.noarch libipa_hbac-python-1.8.0-32.el6.x86_64 libipa_hbac-1.8.0-32.el6.x86_64 ipa-client-2.2.0-16.el6.x86_64 ipa-python-2.2.0-16.el6.x86_64 [root at slnessbxl01 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.3 (Santiago) [root at slnessbxl01 ~]# -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmatz at collective.com Wed Jun 5 21:53:36 2013 From: gmatz at collective.com (Guy Matz) Date: Wed, 5 Jun 2013 21:53:36 +0000 Subject: [Freeipa-users] Ubunto client? Message-ID: <8472F90C3727F143A32CAF760BBE7CBC04CBD001@MBX023-W1-CA-6.exch023.domain.local> Hi! Can anyone recommend a PPA that contains a freeIPA client that: 1. works 2. Also contains an openssh-server that uses AuthorizedKeysCommand Thanks a lot, Guy From lslebodn at redhat.com Wed Jun 5 22:29:49 2013 From: lslebodn at redhat.com (Lukas Slebodnik) Date: Thu, 6 Jun 2013 00:29:49 +0200 Subject: [Freeipa-users] Ubunto client? In-Reply-To: <8472F90C3727F143A32CAF760BBE7CBC04CBD001@MBX023-W1-CA-6.exch023.domain.local> References: <8472F90C3727F143A32CAF760BBE7CBC04CBD001@MBX023-W1-CA-6.exch023.domain.local> Message-ID: <20130605222948.GH22335@mail.corp.redhat.com> On (05/06/13 21:53), Guy Matz wrote: >Hi! Can anyone recommend a PPA that contains a freeIPA client that: >1. works Ubuntu 13.04 have already had freeipa-client-3.1.2 [1] and sssd-1.9.4 [2] But I did not test them. >2. Also contains an openssh-server that uses AuthorizedKeysCommand I am adding Timo Aaltonen (Ubuntu freeipa/sssd package mantainer) to CC. He could know answer to your question about openssh-server and AuthorizedKeysCommand > >Thanks a lot, >Guy > LS [1] http://packages.ubuntu.com/raring/freeipa-client [2] http://packages.ubuntu.com/raring/sssd From chandank.kumar at gmail.com Wed Jun 5 22:56:25 2013 From: chandank.kumar at gmail.com (Chandan Kumar) Date: Wed, 5 Jun 2013 15:56:25 -0700 Subject: [Freeipa-users] Limiting Host access by UID/GID In-Reply-To: <20130604084453.GC9753@hendrix.brq.redhat.com> References: <51A7DF7A.7090201@redhat.com> <20130531095539.GT19954@hendrix.brq.redhat.com> <1370006800.2769.195.camel@willson.li.ssimo.org> <20130531134128.GY19954@hendrix.brq.redhat.com> <20130604084453.GC9753@hendrix.brq.redhat.com> Message-ID: Sorry for late reply. Thanks for helping out. Yes after deleting the sssd cache from /var/lib it does not allow user groups outside min/max_id. Thanks Chandan On Tuesday, June 4, 2013, Jakub Hrozek wrote: > On Fri, May 31, 2013 at 08:50:29AM -0700, Chandan Kumar wrote: > > As far as my understanding goes it does not stop even if I disable cache > > credentials. I set following parameters in sssd.conf but still UID 20000 > is > > able to login. > > > > Sorry, there was some terminology confusion. I didn't ask for disabling > cache credentials, but removing the on-disk cache and starting afresh. > > The cache is stored in /var/lib/sss/db/cache_$domname.ldb, so you can mv > or rm it and check again if the IDs are still allowed. > > > cache_credentials = False > > krb5_store_password_if_offline = False > > min_id=5000 > > max_id=5010 > > enumerate = False > > entry_cache_timeout=3 > > > > Package Info: > > Client; > > sssd-client-1.9.2-82.7.el6_4.x86_64 > > > > Server: > > ipa-server-2.2.0-16.el6.x86_64 > > > > Thanks > > Chandan > > > > On Friday, May 31, 2013, Jakub Hrozek wrote: > > > > > On Fri, May 31, 2013 at 09:26:40AM -0400, Simo Sorce wrote: > > > > On Fri, 2013-05-31 at 11:55 +0200, Jakub Hrozek wrote: > > > > > On Thu, May 30, 2013 at 07:23:38PM -0400, Dmitri Pal wrote: > > > > > > On 05/30/2013 06:52 PM, Chandan Kumar wrote: > > > > > > > Hello, > > > > > > > > > > > > > > As part of migration from passwd/shadow to IPA, I want to roll > out > > > > > > > IPA/SSSD based password first for a small number of users and > then > > > for > > > > > > > all. (same goes with host. first small number of host and then > > > all). > > > > > > > > > > > > > > I was trying to limit it using max_id/min_id parameters in sssd > > > but it > > > > > > > does not seems to work the way I expected. > > > > > > > ------- > > > > > > > min_id = 5000 > > > > > > > max_id = 5100 > > > > > > > ------ > > > > > > > So there is a user "kchandan" with UID/GID 20000 > > > > > > > ------ > > > > > > > [root at tipa1 ~]# id kchandan > > > > > > > uid=20000(kchandan) gid=20000 groups=20000 > > > > > > > ------- > > > > > > > > > > > > > > But It is allowing me to login with that ID with only error > showing > > > > > > > GID 20000 not found. > > > > > > > ----------- > > > > > > > ssh 10.2.3.105 -l kchandan > > > > > > > kchandan at 10.2.3.105 's password: > > > > > > > id: cannot find name for group ID 20000 > > > > > > > ------------- > > > > > > > > > > > > > > Is there any way to achieve this? > > > > > > > > > > > > So you want to allow only a subset of users with a specific > range to > > > log > > > > > > into the systems controlled by SSSD before you open it to a > broader > > > public? > > > > > > I would defer to SSSD gurus but the hack that comes to mind is to > > > > > > configure a simple access provider to limit the access to just > the > > > users > > > > > > you care about (man sssd-simple) or configure ldap access > provider > > > based > > > > > > on a filter (man sssd-ldap). > > > > > > > > > > Hi, > > > > > > > > > > The user shouldn't be even saved to cache if it's filtered out of > > > range. > > > > > > > > > > But looking at the current NSS code, the entry would have been > > > returned if > > > > > it was saved *before* you changed the min_id/max_id parameters. > Could > > > that be > > > > > the case? Can you check if after removing the cache the entry still > > > shows up? > > > > > > > > > > I think that the fact that the entry is returned from cache even > if it > > > > > should be filtered out is a bug: > > > > > https://fedorahosted.org/sssd/ticket/1954 > > > > > > > > So far we always maintained that if you consistently change > > > > configuration (and a change of ranges is a big change) then it's on > the > > > > admin to wipe the cache file. > > > > > > Yes, that's why the ticket is minor. But mostly I don't like the > > > inconsistency where some requests check the ranges even in the > responder > > > and some don't. > > > > > > _______________________________________________ > > > Freeipa-users mailing list > > > Freeipa-users at redhat.com > > > -- -- http://about.me/chandank -------------- next part -------------- An HTML attachment was scrubbed... URL: From JR.Aquino at citrix.com Wed Jun 5 23:49:19 2013 From: JR.Aquino at citrix.com (JR Aquino) Date: Wed, 5 Jun 2013 23:49:19 +0000 Subject: [Freeipa-users] IPA Replica Issue Message-ID: <61E09562-30AB-4F46-B89D-460E449CA5BC@citrixonline.com> I have been having replication issues since the update to RHEL6.4 and 389-ds-base-1.2.11.15-12. It is entirely possible that we have more than just 1 problem. Frequently we seeing errors in our replication monitoring indicating: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server This problem cannot be solved via ipa-replication-managment force-sync and it does not get permanently solved with a re-initializeation or a dirsrv restart either (the problem eventually comes back or appears on a different server) Have any of you also seen this error when you could verify that the servers can communicate over ldap? When checking with Rich today in IRC, we turned on debugging for replication and did not see a smoking gun. We -did- see log messages showing things like: (auth1:389): CSN 51ad2c55000900660000 not found, we aren't as up to date, or we purged When looking for this change, it was determined that the originating IPA server who was responsible for the change show that this was a modification by the MemberOf plugin associating a host with a hostgroup or vice versa. This change was -not- found on the IPA server who is reporting the replication troubles. IPA deliberately excludes memberof changes during incremental updates for performance reasons. This is because each server does replicate the 'member' info, where by the local MemberOf plugin will fire off and perform its respective fixups accordingly. Rich asked me to bring this issue up to the attention of the mailing list so that we could continue to track the root cause of the issue(s) and hopefully come to a conclusion about how to fix them. "Keeping your head in the cloud" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jr Aquino | Sr. Information Security Specialist GXPN | GIAC Exploit Researcher and Advanced Penetration Tester GCIH | GIAC Certified Incident Handler GWAPT | GIAC WebApp Penetration Tester Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 C: +1 805.717.0365 jr.aquino at citrix.com http://www.citrixonline.com From rmeggins at redhat.com Thu Jun 6 00:26:21 2013 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 05 Jun 2013 18:26:21 -0600 Subject: [Freeipa-users] IPA Replica Issue In-Reply-To: <61E09562-30AB-4F46-B89D-460E449CA5BC@citrixonline.com> References: <61E09562-30AB-4F46-B89D-460E449CA5BC@citrixonline.com> Message-ID: <51AFD72D.2060609@redhat.com> On 06/05/2013 05:49 PM, JR Aquino wrote: > I have been having replication issues since the update to RHEL6.4 and 389-ds-base-1.2.11.15-12. > > It is entirely possible that we have more than just 1 problem. > > Frequently we seeing errors in our replication monitoring indicating: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server > > This problem cannot be solved via ipa-replication-managment force-sync and it does not get permanently solved with a re-initializeation or a dirsrv restart either (the problem eventually comes back or appears on a different server) > > Have any of you also seen this error when you could verify that the servers can communicate over ldap? > > When checking with Rich today in IRC, we turned on debugging for replication and did not see a smoking gun. > > We -did- see log messages showing things like: (auth1:389): CSN 51ad2c55000900660000 not found, we aren't as up to date, or we purged On replicaID 0x66 - I think dbscan -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 will tell you what are the purge and max CSNs, somewhere near the beginning - what are they? Also, what is the database RUV on 0x66? that is, do ldapsearch -xLLL -h 0x66hostname -D "cn=directory manager" -w password -b dc=expertcity,dc=com '(&(objectclass=nsTombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))' > > When looking for this change, it was determined that the originating IPA server who was responsible for the change show that this was a modification by the MemberOf plugin associating a host with a hostgroup or vice versa. > > This change was -not- found on the IPA server who is reporting the replication troubles. > > IPA deliberately excludes memberof changes during incremental updates for performance reasons. This is because each server does replicate the 'member' info, where by the local MemberOf plugin will fire off and perform its respective fixups accordingly. > > Rich asked me to bring this issue up to the attention of the mailing list so that we could continue to track the root cause of the issue(s) and hopefully come to a conclusion about how to fix them. > > > "Keeping your head in the cloud" > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Jr Aquino | Sr. Information Security Specialist > GXPN | GIAC Exploit Researcher and Advanced Penetration Tester > GCIH | GIAC Certified Incident Handler > GWAPT | GIAC WebApp Penetration Tester > > Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 > T: +1 805.690.3478 > C: +1 805.717.0365 > jr.aquino at citrix.com > http://www.citrixonline.com > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From JR.Aquino at citrix.com Thu Jun 6 01:20:46 2013 From: JR.Aquino at citrix.com (JR Aquino) Date: Thu, 6 Jun 2013 01:20:46 +0000 Subject: [Freeipa-users] IPA Replica Issue In-Reply-To: <51AFD72D.2060609@redhat.com> References: <61E09562-30AB-4F46-B89D-460E449CA5BC@citrixonline.com> <51AFD72D.2060609@redhat.com> Message-ID: <846A9AEE-A940-448E-AE83-2F293AE45F71@citrixonline.com> On Jun 5, 2013, at 5:26 PM, Rich Megginson wrote: > On 06/05/2013 05:49 PM, JR Aquino wrote: >> I have been having replication issues since the update to RHEL6.4 and 389-ds-base-1.2.11.15-12. >> >> It is entirely possible that we have more than just 1 problem. >> >> Frequently we seeing errors in our replication monitoring indicating: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server >> >> This problem cannot be solved via ipa-replication-managment force-sync and it does not get permanently solved with a re-initializeation or a dirsrv restart either (the problem eventually comes back or appears on a different server) >> >> Have any of you also seen this error when you could verify that the servers can communicate over ldap? >> >> When checking with Rich today in IRC, we turned on debugging for replication and did not see a smoking gun. >> >> We -did- see log messages showing things like: (auth1:389): CSN 51ad2c55000900660000 not found, we aren't as up to date, or we purged > > On replicaID 0x66 - I think dbscan -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 will tell you what are the purge and max CSNs, somewhere near the beginning - what are they? I've looked up and down the dbscan output and there is no sign of the word 'purge' or 'max' > Also, what is the database RUV on 0x66? that is, do > > ldapsearch -xLLL -h 0x66hostname -D "cn=directory manager" -w password -b dc=expertcity,dc=com '(&(objectclass=nsTombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))' I've sent you a private email from for the above output > >> >> When looking for this change, it was determined that the originating IPA server who was responsible for the change show that this was a modification by the MemberOf plugin associating a host with a hostgroup or vice versa. >> >> This change was -not- found on the IPA server who is reporting the replication troubles. >> >> IPA deliberately excludes memberof changes during incremental updates for performance reasons. This is because each server does replicate the 'member' info, where by the local MemberOf plugin will fire off and perform its respective fixups accordingly. >> >> Rich asked me to bring this issue up to the attention of the mailing list so that we could continue to track the root cause of the issue(s) and hopefully come to a conclusion about how to fix them. >> >> >> "Keeping your head in the cloud" >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> Jr Aquino | Sr. Information Security Specialist >> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >> GCIH | GIAC Certified Incident Handler >> GWAPT | GIAC WebApp Penetration Tester >> >> Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 >> T: +1 805.690.3478 >> C: +1 805.717.0365 >> jr.aquino at citrix.com >> http://www.citrixonline.com >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > From rmeggins at redhat.com Thu Jun 6 01:48:36 2013 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 05 Jun 2013 19:48:36 -0600 Subject: [Freeipa-users] IPA Replica Issue In-Reply-To: <846A9AEE-A940-448E-AE83-2F293AE45F71@citrixonline.com> References: <61E09562-30AB-4F46-B89D-460E449CA5BC@citrixonline.com> <51AFD72D.2060609@redhat.com> <846A9AEE-A940-448E-AE83-2F293AE45F71@citrixonline.com> Message-ID: <51AFEA74.9010800@redhat.com> On 06/05/2013 07:20 PM, JR Aquino wrote: > On Jun 5, 2013, at 5:26 PM, Rich Megginson wrote: > >> On 06/05/2013 05:49 PM, JR Aquino wrote: >>> I have been having replication issues since the update to RHEL6.4 and 389-ds-base-1.2.11.15-12. >>> >>> It is entirely possible that we have more than just 1 problem. >>> >>> Frequently we seeing errors in our replication monitoring indicating: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server >>> >>> This problem cannot be solved via ipa-replication-managment force-sync and it does not get permanently solved with a re-initializeation or a dirsrv restart either (the problem eventually comes back or appears on a different server) >>> >>> Have any of you also seen this error when you could verify that the servers can communicate over ldap? >>> >>> When checking with Rich today in IRC, we turned on debugging for replication and did not see a smoking gun. >>> >>> We -did- see log messages showing things like: (auth1:389): CSN 51ad2c55000900660000 not found, we aren't as up to date, or we purged >> On replicaID 0x66 - I think dbscan -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 will tell you what are the purge and max CSNs, somewhere near the beginning - what are they? > I've looked up and down the dbscan output and there is no sign of the word 'purge' or 'max' ok - try this dbscan -k 000000de000000000000 -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 and dbscan -k 0000014d000000000000 -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 If that gives you nothing, then just tell me what the first and last csns are. > >> Also, what is the database RUV on 0x66? that is, do >> >> ldapsearch -xLLL -h 0x66hostname -D "cn=directory manager" -w password -b dc=expertcity,dc=com '(&(objectclass=nsTombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))' > I've sent you a private email from for the above output > >>> When looking for this change, it was determined that the originating IPA server who was responsible for the change show that this was a modification by the MemberOf plugin associating a host with a hostgroup or vice versa. >>> >>> This change was -not- found on the IPA server who is reporting the replication troubles. >>> >>> IPA deliberately excludes memberof changes during incremental updates for performance reasons. This is because each server does replicate the 'member' info, where by the local MemberOf plugin will fire off and perform its respective fixups accordingly. >>> >>> Rich asked me to bring this issue up to the attention of the mailing list so that we could continue to track the root cause of the issue(s) and hopefully come to a conclusion about how to fix them. >>> >>> >>> "Keeping your head in the cloud" >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> Jr Aquino | Sr. Information Security Specialist >>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>> GCIH | GIAC Certified Incident Handler >>> GWAPT | GIAC WebApp Penetration Tester >>> >>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 >>> T: +1 805.690.3478 >>> C: +1 805.717.0365 >>> jr.aquino at citrix.com >>> http://www.citrixonline.com >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users From JR.Aquino at citrix.com Thu Jun 6 03:06:32 2013 From: JR.Aquino at citrix.com (JR Aquino) Date: Thu, 6 Jun 2013 03:06:32 +0000 Subject: [Freeipa-users] IPA Replica Issue In-Reply-To: <51AFEA74.9010800@redhat.com> References: <61E09562-30AB-4F46-B89D-460E449CA5BC@citrixonline.com> <51AFD72D.2060609@redhat.com> <846A9AEE-A940-448E-AE83-2F293AE45F71@citrixonline.com> <51AFEA74.9010800@redhat.com> Message-ID: On Jun 5, 2013, at 6:48 PM, Rich Megginson wrote: > On 06/05/2013 07:20 PM, JR Aquino wrote: >> On Jun 5, 2013, at 5:26 PM, Rich Megginson wrote: >> >>> On 06/05/2013 05:49 PM, JR Aquino wrote: >>>> I have been having replication issues since the update to RHEL6.4 and 389-ds-base-1.2.11.15-12. >>>> >>>> It is entirely possible that we have more than just 1 problem. >>>> >>>> Frequently we seeing errors in our replication monitoring indicating: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server >>>> >>>> This problem cannot be solved via ipa-replication-managment force-sync and it does not get permanently solved with a re-initializeation or a dirsrv restart either (the problem eventually comes back or appears on a different server) >>>> >>>> Have any of you also seen this error when you could verify that the servers can communicate over ldap? >>>> >>>> When checking with Rich today in IRC, we turned on debugging for replication and did not see a smoking gun. >>>> >>>> We -did- see log messages showing things like: (auth1:389): CSN 51ad2c55000900660000 not found, we aren't as up to date, or we purged >>> On replicaID 0x66 - I think dbscan -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 will tell you what are the purge and max CSNs, somewhere near the beginning - what are they? >> I've looked up and down the dbscan output and there is no sign of the word 'purge' or 'max' > ok - try this > dbscan -k 000000de000000000000 -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 > and > dbscan -k 0000014d000000000000 -f /var/lib/dirsrv/slapd-INST/cldb/xxxxxx.db4 > > If that gives you nothing, then just tell me what the first and last csns are. It looks like -none- of my 42 servers seem to have that key present or a 'max' or a 'purge' csn. The first CSN is: dbid: 514543d2000600770000 replgen: 1363737222 Tue Mar 19 16:53:42 2013 csn: 514543d2000600770000 uniqueid: 00000000-00000000-00000000-00000000 dn: cn=start iteration operation: delete the last CSN is: dbid: 51afe52a000900380000 replgen: 1370480270 Wed Jun 5 17:57:50 2013 csn: 51afe52a000900380000 uniqueid: 34b69984-244d11e2-9c3ddd59-5d298bd5 dn: uid=user,cn=users,cn=accounts,dc=example,dc=com operation: modify ntUserLastLogon: 130149214165556521 manager: uid=manager,cn=users,cn=accounts,dc=example,dc=com manager: uid=manager,cn=users,cn=accounts,dc=example,dc=com modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config modifyTimestamp: 20130606005748Z >> >>> Also, what is the database RUV on 0x66? that is, do >>> >>> ldapsearch -xLLL -h 0x66hostname -D "cn=directory manager" -w password -b dc=expertcity,dc=com '(&(objectclass=nsTombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))' >> I've sent you a private email from for the above output >> >>>> When looking for this change, it was determined that the originating IPA server who was responsible for the change show that this was a modification by the MemberOf plugin associating a host with a hostgroup or vice versa. >>>> >>>> This change was -not- found on the IPA server who is reporting the replication troubles. >>>> >>>> IPA deliberately excludes memberof changes during incremental updates for performance reasons. This is because each server does replicate the 'member' info, where by the local MemberOf plugin will fire off and perform its respective fixups accordingly. >>>> >>>> Rich asked me to bring this issue up to the attention of the mailing list so that we could continue to track the root cause of the issue(s) and hopefully come to a conclusion about how to fix them. >>>> >>>> >>>> "Keeping your head in the cloud" >>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>> Jr Aquino | Sr. Information Security Specialist >>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>> GCIH | GIAC Certified Incident Handler >>>> GWAPT | GIAC WebApp Penetration Tester >>>> >>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 >>>> T: +1 805.690.3478 >>>> C: +1 805.717.0365 >>>> jr.aquino at citrix.com >>>> http://www.citrixonline.com >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >> From tjaalton at ubuntu.com Thu Jun 6 03:33:00 2013 From: tjaalton at ubuntu.com (Timo Aaltonen) Date: Thu, 06 Jun 2013 06:33:00 +0300 Subject: [Freeipa-users] Ubunto client? In-Reply-To: <8472F90C3727F143A32CAF760BBE7CBC04CBD001@MBX023-W1-CA-6.exch023.domain.local> References: <8472F90C3727F143A32CAF760BBE7CBC04CBD001@MBX023-W1-CA-6.exch023.domain.local> Message-ID: <51B002EC.8040102@ubuntu.com> On 06.06.2013 00:53, Guy Matz wrote: > Hi! Can anyone recommend a PPA that contains a freeIPA client that: > 1. works and what's wrong with the one I gave you on #ubuntu-freeipa? (https://launchpad.net/~freeipa/+archive/ppa) IOW, why ask here and not contact me directly.. especially since you said the backport worked. > 2. Also contains an openssh-server that uses AuthorizedKeysCommand looks like it's quite fresh and in saucy: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/911747 no idea of a ppa with it -- t From JR.Aquino at citrix.com Thu Jun 6 05:07:05 2013 From: JR.Aquino at citrix.com (JR Aquino) Date: Thu, 6 Jun 2013 05:07:05 +0000 Subject: [Freeipa-users] sudo rules user and host group bugs? In-Reply-To: References: <51AF9554.5070501@redhat.com> Message-ID: On Jun 5, 2013, at 1:47 PM, KodaK wrote: Sorry, for some reason gmail makes me forget about "reply all." On Wed, Jun 5, 2013 at 2:45 PM, Dmitri Pal > wrote: On 06/05/2013 11:20 AM, KodaK wrote: I know this has been discussed before, but I didn't see anything with a cursory search. There are bugs when using user and host groups with sudo rules. I have to split out my users and hosts into individual entries. I'm running ipa 3.0.0-26 on RHEL. All I really want to know is if this is fixed upstream. I am not sure I recall a bug you are referring to. A quick scan against the open tickets does not reveal anything like what you describe. Can you provide the description of the issue or point to the earlier thread on the matter? I'm going off of memory on seeing the previous bug. It very well could be a false memory. I have a rule like this: [jebalicki at mo0033802 ~]$ ipa sudorule-show esolutions-sandbox-root-access Rule name: esolutions-sandbox-root-access Enabled: TRUE Users: slfries, awellard Hosts: slnessbxl01.unix.magellanhealth.com Sudo Allow Commands: /bin/su - This works. However, if I change the rule to use hostgroups instead of listing the hosts individually the rule will not work. The groups still exist and look like this: [jebalicki at mo0033802 ~]$ ipa hostgroup-show esolutions-sandbox-hosts Host-group: esolutions-sandbox-hosts Description: esolutions sandbox hosts Member hosts: slnessbxl01.unix.magellanhealth.com Member of HBAC rule: esolutions-sandbox-access [jebalicki at mo0033802 ~]$ ipa group-show esolutions Group name: esolutions Description: esolutions group GID: 1115600250 Member users: awellard, slfries Member of HBAC rule: esolutions-sandbox-access Client machine is pretty much default-out-of-the-box IRT IPA configuration, here's the installer output (installs during kickstart): [root at slnessbxl01 ~]# cat ks-post.log Discovery was successful! Hostname: slnessbxl01.unix.magellanhealth.com Realm: UNIX.MAGELLANHEALTH.COM DNS Domain: UNIX.MAGELLANHEALTH.COM IPA Server: slpidml01.unix.magellanhealth.com BaseDN: dc=unix,dc=magellanhealth,dc=com Synchronizing time with KDC... Enrolled in IPA realm UNIX.MAGELLANHEALTH.COM Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm UNIX.MAGELLANHEALTH.COM Warning: Hostname (slnessbxl01.unix.magellanhealth.com) not found in DNS DNS server record set to: slnessbxl01.unix.magellanhealth.com -> 10.200.12.104 SSSD enabled NTP enabled Client configuration complete. [root at slnessbxl01 ~]# rpm -qa | grep ipa python-iniparse-0.3.1-2.1.el6.noarch libipa_hbac-python-1.8.0-32.el6.x86_64 libipa_hbac-1.8.0-32.el6.x86_64 ipa-client-2.2.0-16.el6.x86_64 ipa-python-2.2.0-16.el6.x86_64 [root at slnessbxl01 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.3 (Santiago) [root at slnessbxl01 ~]# Troubleshooting: Can you confirm that the output of the following commands: 1. $ domainname * does it match your domain? 2. $ hostname * does match match your fqdn? 3. $ getent netgroup esolutions-sandbox-hosts * does this list your host? 4. Does /etc/nsswitch.conf contain the line: "netgroup: files sss"? Another important Sudo Troubleshooting step is to edit: /etc/sudo-ldap.conf (or /etc/ldap.conf, depending on what version of RHEL/Sudo you're running): At the top, add the line: sudoers_debug 2 Then try another sudo command. sudo -l for example. This should result in a long list of search criteria and status. The last few lines should indicate where any matches occurred. "Keeping your head in the cloud" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ JR Aquino Senior Information Security Specialist, Technical Operations T: +1 805 690 3478 | F: +1 805 879 3730 | M: +1 805 717 0365 GIAC Certified Exploit Researcher and Advanced Penetration Tester | GIAC WebApplication Penetration Tester | GIAC Certified Incident Handler JR.Aquino at citrix.com [cid:image002.jpg at 01CD4A37.5451DC00] Powering mobile workstyles and cloud services _______________________________________________ Freeipa-users mailing list Freeipa-users at redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 15835 bytes Desc: image002.jpg URL: From jhrozek at redhat.com Thu Jun 6 08:53:56 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Thu, 6 Jun 2013 10:53:56 +0200 Subject: [Freeipa-users] Limiting Host access by UID/GID In-Reply-To: References: <51A7DF7A.7090201@redhat.com> <20130531095539.GT19954@hendrix.brq.redhat.com> <1370006800.2769.195.camel@willson.li.ssimo.org> <20130531134128.GY19954@hendrix.brq.redhat.com> <20130604084453.GC9753@hendrix.brq.redhat.com> Message-ID: <20130606085356.GR10811@hendrix.redhat.com> On Wed, Jun 05, 2013 at 03:56:25PM -0700, Chandan Kumar wrote: > Sorry for late reply. Thanks for helping out. Yes after deleting the sssd > cache from /var/lib it does not allow user groups outside min/max_id. > Great, I'm glad it works for you now. From mkosek at redhat.com Thu Jun 6 11:29:24 2013 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 06 Jun 2013 13:29:24 +0200 Subject: [Freeipa-users] FreeIPA Training Series In-Reply-To: <51AEF4D6.1040508@redhat.com> References: <51AEF4D6.1040508@redhat.com> Message-ID: <51B07294.50505@redhat.com> On 06/05/2013 10:20 AM, Martin Kosek wrote: > Hello FreeIPA and SSSD users, > > Our team just published FreeIPA&SSSD training presentations created in the > event of finishing FreeIPA 3.0 and SSSD 1.9.2 back in beginning of 2013. > > I would like to welcome you to look at the presentations, they contain useful > information with aim to help you with understanding, configuring or even > debugging the features. All presentations were uploaded to the FreeIPA.org wiki: > > http://www.freeipa.org/page/Documentation#FreeIPA_Training_Series > There was a (reasonable) request to have also a PDF version of the presentations, they are now uploaded to the wiki, for your convenience. HTH, Martin From gmatz at collective.com Thu Jun 6 12:51:42 2013 From: gmatz at collective.com (Guy Matz) Date: Thu, 6 Jun 2013 12:51:42 +0000 Subject: [Freeipa-users] Ubunto client? References: <8472F90C3727F143A32CAF760BBE7CBC04CBD001@MBX023-W1-CA-6.exch023.domain.local> <51B002EC.8040102@ubuntu.com> Message-ID: <8472F90C3727F143A32CAF760BBE7CBC04CBD555@MBX023-W1-CA-6.exch023.domain.local> Sorry, I should have mentioned that I need this for precise! Timo, Is the IRC channel still up? I tried to get on yesterday, but couldn't find it on freenode . . . Ah, I can join now . . . will find you there! :-) Thanks, Guy On 06/05/2013 11:34 PM, Timo Aaltonen wrote: > On 06.06.2013 00:53, Guy Matz wrote: >> Hi! Can anyone recommend a PPA that contains a freeIPA client that: >> 1. works > and what's wrong with the one I gave you on #ubuntu-freeipa? > (https://launchpad.net/~freeipa/+archive/ppa) > > IOW, why ask here and not contact me directly.. especially since you > said the backport worked. > >> 2. Also contains an openssh-server that uses AuthorizedKeysCommand > looks like it's quite fresh and in saucy: > > https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/911747 > > no idea of a ppa with it > From tjaalton at ubuntu.com Thu Jun 6 13:48:20 2013 From: tjaalton at ubuntu.com (Timo Aaltonen) Date: Thu, 06 Jun 2013 16:48:20 +0300 Subject: [Freeipa-users] Ubunto client? In-Reply-To: <8472F90C3727F143A32CAF760BBE7CBC04CBD555@MBX023-W1-CA-6.exch023.domain.local> References: <8472F90C3727F143A32CAF760BBE7CBC04CBD001@MBX023-W1-CA-6.exch023.domain.local> <51B002EC.8040102@ubuntu.com> <8472F90C3727F143A32CAF760BBE7CBC04CBD555@MBX023-W1-CA-6.exch023.domain.local> Message-ID: <51B09324.8010802@ubuntu.com> On 06.06.2013 15:51, Guy Matz wrote: > Sorry, I should have mentioned that I need this for precise! ok, so the issue was that the ppa needs another ppa for sssd, for reference: https://launchpad.net/~sssd/+archive/updates I should probably push 1.9.5 there.. -- t From natxo.asenjo at gmail.com Thu Jun 6 14:20:36 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Thu, 6 Jun 2013 16:20:36 +0200 Subject: [Freeipa-users] why default shell /bin/sh Message-ID: hi, just interested. We have noticed that ldap users have this PS1 envvar: PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ This is a confusing moment. Changing the shell to /bin/bash solves this, but maybe this is not optimal for other systems or users. -- Groeten, natxo From rcritten at redhat.com Thu Jun 6 14:30:34 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 06 Jun 2013 10:30:34 -0400 Subject: [Freeipa-users] why default shell /bin/sh In-Reply-To: References: Message-ID: <51B09D0A.1090505@redhat.com> Natxo Asenjo wrote: > hi, > > just interested. We have noticed that ldap users have this PS1 envvar: > PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ > > This is a confusing moment. Changing the shell to /bin/bash solves this, > but maybe this is not optimal for other systems or users. Lowest-common denominator. One can configure all sorts of *nix-like systems to use IPA for authentication so we needed a default shell that is available on all systems and that is the bourne shell. This is configurable in the IPA configuration, and you can override the shell in sssd as well. rob From jhrozek at redhat.com Thu Jun 6 14:37:01 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Thu, 6 Jun 2013 16:37:01 +0200 Subject: [Freeipa-users] why default shell /bin/sh In-Reply-To: <51B09D0A.1090505@redhat.com> References: <51B09D0A.1090505@redhat.com> Message-ID: <20130606143701.GW10811@hendrix.redhat.com> On Thu, Jun 06, 2013 at 10:30:34AM -0400, Rob Crittenden wrote: > Natxo Asenjo wrote: > >hi, > > > >just interested. We have noticed that ldap users have this PS1 envvar: > >PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ > > > >This is a confusing moment. Changing the shell to /bin/bash solves this, > >but maybe this is not optimal for other systems or users. > > Lowest-common denominator. One can configure all sorts of *nix-like systems > to use IPA for authentication so we needed a default shell that is available > on all systems and that is the bourne shell. > > This is configurable in the IPA configuration, and you can override the > shell in sssd as well. > > rob yep, see the override_shell option for a complete client side override and allowed_shells/shell_fallback if you need more control over which shell gets used. All the options are in man sssd.conf(5). From mkosek at redhat.com Thu Jun 6 15:51:55 2013 From: mkosek at redhat.com (Martin Kosek) Date: Thu, 06 Jun 2013 17:51:55 +0200 Subject: [Freeipa-users] why default shell /bin/sh In-Reply-To: <20130606143701.GW10811@hendrix.redhat.com> References: <51B09D0A.1090505@redhat.com> <20130606143701.GW10811@hendrix.redhat.com> Message-ID: <51B0B01B.2030906@redhat.com> On 06/06/2013 04:37 PM, Jakub Hrozek wrote: > On Thu, Jun 06, 2013 at 10:30:34AM -0400, Rob Crittenden wrote: >> Natxo Asenjo wrote: >>> hi, >>> >>> just interested. We have noticed that ldap users have this PS1 envvar: >>> PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ >>> >>> This is a confusing moment. Changing the shell to /bin/bash solves this, >>> but maybe this is not optimal for other systems or users. >> >> Lowest-common denominator. One can configure all sorts of *nix-like systems >> to use IPA for authentication so we needed a default shell that is available >> on all systems and that is the bourne shell. >> >> This is configurable in the IPA configuration, and you can override the >> shell in sssd as well. >> >> rob > > yep, see the override_shell option for a complete client side override and > allowed_shells/shell_fallback if you need more control over which shell > gets used. All the options are in man sssd.conf(5). > Yup, in FreeIPA admin just need to change global config object: # ipa config-show ... Default shell: /bin/sh ... # ipa config-mod --defaultshell=/bin/bash ... Default shell: /bin/bash ... Martin From natxo.asenjo at gmail.com Thu Jun 6 20:57:50 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Thu, 6 Jun 2013 22:57:50 +0200 Subject: [Freeipa-users] why default shell /bin/sh In-Reply-To: <51B09D0A.1090505@redhat.com> References: <51B09D0A.1090505@redhat.com> Message-ID: On Thu, Jun 6, 2013 at 4:30 PM, Rob Crittenden wrote: > Natxo Asenjo wrote: >> >> hi, >> >> just interested. We have noticed that ldap users have this PS1 envvar: >> PS1='\s-\v\$ ' instead of the usual [\u@\h \W]\$ >> >> This is a confusing moment. Changing the shell to /bin/bash solves this, >> but maybe this is not optimal for other systems or users. > > > Lowest-common denominator. One can configure all sorts of *nix-like systems > to use IPA for authentication so we needed a default shell that is available > on all systems and that is the bourne shell. thanks all for your explanations. In the bash man page I found this little gem: --norc Do not read and execute the personal initialization file ~/.bashrc if the shell is interactive. This option is on by default if the shell is invoked as sh. So this is the problem, when using /bin/sh (which in rhel is a symlink to /bin/bash), the profile files do not get executed. We do have other systems than rhel/fedora/centos, but none where users interactively login. So I am just going to go ahead and make my life a little more pleasant with a minder spartan shell :-) -- groet, natxo From sakodak at gmail.com Fri Jun 7 03:17:48 2013 From: sakodak at gmail.com (KodaK) Date: Thu, 6 Jun 2013 22:17:48 -0500 Subject: [Freeipa-users] why default shell /bin/sh In-Reply-To: <51B09D0A.1090505@redhat.com> References: <51B09D0A.1090505@redhat.com> Message-ID: On Thu, Jun 6, 2013 at 9:30 AM, Rob Crittenden wrote: > > Lowest-common denominator. One can configure all sorts of *nix-like > systems to use IPA for authentication so we needed a default shell that is > available on all systems and that is the bourne shell. > > I have a bunch of AIX machines, the users on those demand ksh, mostly. Luckily I have ksh for Linux and bash for AIX to cover everyone, but I'm tempted to give them all csh just to teach them a lesson. -------------- next part -------------- An HTML attachment was scrubbed... URL: From endre.karlson at gmail.com Fri Jun 7 09:37:47 2013 From: endre.karlson at gmail.com (Endre Karlson) Date: Fri, 7 Jun 2013 11:37:47 +0200 Subject: [Freeipa-users] Error replicating between two masters over VPN Message-ID: Hi, I am seeing some trouble with replication between two of my master servers. Here's the logs: [05/Jun/2013:12:59:57 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [05/Jun/2013:12:59:57 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) [05/Jun/2013:13:04:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [05/Jun/2013:13:04:56 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) [05/Jun/2013:13:09:56 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [05/Jun/2013:13:09:56 +0200] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -1 (Can't contact LDAP server) [05/Jun/2013:13:13:53 +0200] NSMMReplicationPlugin - agmt="cn= meTosa-vidm001.coretrek.org" (sa-vidm001:389): Replication bind with GSSAPI auth resumed [06/Jun/2013:12:13:33 +0200] NSMMReplicationPlugin - changelog program - _cl5WriteOperationTxn: retry (49) the transaction (csn=51b060cf000000040000) failed (rc=-30994 (DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock)) [06/Jun/2013:12:13:33 +0200] NSMMReplicationPlugin - changelog program - _cl5WriteOperationTxn: failed to write entry with csn (51b060cf000000040000); db error - -30994 DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock [06/Jun/2013:12:13:33 +0200] NSMMReplicationPlugin - write_changelog_and_ruv: can't add a change for uid=fredrik,cn=users,cn=accounts,dc=coretrek,dc=org (uniqid: 97fc2481-ce9111e2-ad99c556-7765408e, optype: 16) to changelog csn 51b060cf000000040000 -------------- next part -------------- An HTML attachment was scrubbed... URL: From natxo.asenjo at gmail.com Fri Jun 7 09:53:39 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Fri, 7 Jun 2013 11:53:39 +0200 Subject: [Freeipa-users] Error replicating between two masters over VPN In-Reply-To: References: Message-ID: On Fri, Jun 7, 2013 at 11:37 AM, Endre Karlson wrote: > Hi, I am seeing some trouble with replication between two of my master > servers. Here's the logs: > > [05/Jun/2013:12:59:57 +0200] slapd_ldap_sasl_interactive_bind - Error: could > not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't > contact LDAP server) ((null)) errno 107 (Transport endpoint is not > connected) This looks like a networking error. Have you verified all ports specified in section 2.2.4.4 are reachable from both servers? https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Preparing_for_an_IPA_Installation.html -- groet, natxo From mkosek at redhat.com Fri Jun 7 14:25:37 2013 From: mkosek at redhat.com (Martin Kosek) Date: Fri, 07 Jun 2013 16:25:37 +0200 Subject: [Freeipa-users] Announcing FreeIPA 3.2.1 Message-ID: <51B1ED61.7050805@redhat.com> The FreeIPA team is proud to announce FreeIPA v3.2.1. It can be downloaded from http://www.freeipa.org/page/Downloads. The new version has also been built for Fedora 19 and is on its way to updates-testing. == Highlights in 3.2.1 == === New features for 3.2.1 === * dnszone-add command now interactively prompts user when it needs IP address of a name server instead of failing in the server phase * Improved debugging level of DNS dynamic update in ipa-client-install (see ipaclient-install.log) * Support multiple local domain ID ranges with RID base set === Bug fixes === * Directory Server CLDAP responder now returns a result in all cases to avoid timeouts or freezes with Windows DC or other tools probing this interface. * User passwords may contain non-ASCII characters again * Missing Web UI HBAC Test tab is returned back in the UI menu * Manual Web UI configuration page for other browsers (e.g. Internet Explorer 10) is fixed * Removal of ID range of an active trust is no longer allowed * ... and many others stabilization fixes, see Detailed changelog for full details == Upgrading == An IPA server can be upgraded simply by installing updated rpms. The server does not need to be shut down in advance. Due to changes related to OCSP/CRL URI fix [1], ipa-ca.DOMAIN DNS name is automatically converted from a set of CNAMEs to a set of A/AAAA records pointing to FreeIPA servers with CA configured. FreeIPA servers installed with the --selfsign option will be converted to CA-less. See the section above titled "Dropped --selfsign option". Please note, that the referential integrity extension requires an extended set of indexes to be configured. RPM update for an IPA server with a excessive number of hosts, SUDO or HBAC entries may require several minutes to finish. If you have multiple servers you may upgrade them one at a time. It is expected that all servers will be upgraded in a relatively short period (days or weeks not months). They should be able to co-exist peacefully but new features will not be available on old servers and enrolling a new client against an old server will result in the SSH keys not being uploaded. Downgrading a server once upgraded is not supported. Upgrading from 2.2.0 and later versions is supported. Upgrading from previous versions is not supported and has not been tested. An enrolled client does not need the new packages installed unless you want to re-enroll it. SSH keys for already installed clients are not uploaded, you will have to re-enroll the client or manually upload the keys. == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode. == References == [1] http://freeipa.org/page/V3/Single_OCSP_and_CRL_in_certs == Detailed Changelog since 3.2.0 == === Alexander Bokovoy (1): === * Fix cldap parser to work with a single equality filter (NtVer=...) === Ana Krivokapic (3): === * Prompt for nameserver IP address in dnszone-add * Do not display success message on failure in web UI * Prevent error when running IPA commands with su/sudo === Diane Trout (1): === * Fix log format not a string literal. === Martin Kosek (4): === * Set KRB5CCNAME so that dirsrv can work with newer krb5-server * Avoid exporting KRB5_KTNAME in dirsrv env * Remove redundant u'' character * Become 3.2.1 === Nathaniel McCallum (6): === * Add ipaUserAuthType and ipaUserAuthTypeClass * Add IPA OTP schema and ACLs * ipa-kdb: Add OTP support * Add the krb5/FreeIPA RADIUS companion daemon * Remove unnecessary prefixes from ipa-pwd-extop files * Add OTP support to ipa-pwd-extop === Petr Spacek (1): === * ipa-client-install: Add 'debug' and 'show' statements to nsupdate commands === Petr Viktorin (1): === * Remove leading zero from IPA_NUM_VERSION === Petr Vobornik (7): === * Fix: HBAC Test tab is missing * Move spec modifications from facet factories to pre_ops * Unite and move facet pre_ops to related modules * Web UI: move ./_base/metadata_provider.js to ./metadata.js * Regression fix: missing control buttons in nested search facets * Make ssbrowser.html work in IE 10 * Fix regression: missing facet tab group labels === Simo Sorce (2): === * CLDAP: Fix domain handling in netlogon requests * CLDAP: Return empty reply on non-fatal errors === Sumit Bose (1): === * Fix format string typo === Tomas Babej (9): === * Remove redundancy from hbactest help text * Support multiple local domain ranges with RID base set * Do not allow removal of ID range of an active trust * Use private ccache in ipa install tools * Remove redundant check for env.interactive * Add prompt_param method to avoid code duplication * Incorporate interactive prompts in idrange-add * Do not check userPassword with 7-bit plugin * Manage ipa-otpd.socket by IPA From john.moyer at digitalreasoning.com Mon Jun 10 13:52:35 2013 From: john.moyer at digitalreasoning.com (John Moyer) Date: Mon, 10 Jun 2013 09:52:35 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: <51A64449.9080304@redhat.com> References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> Message-ID: <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> Rob, Sorry for the late response I tried the following [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA certutil: certificate is valid After this I tried to add a machine and got the same error: [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U Hostname: server.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: server.example.com BaseDN: dc=example,dc=com Synchronizing time with KDC... Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates Installation failed. Rolling back changes. IPA client is not configured on this system. Any additional suggestions? Thanks, _____________________________________________________ John Moyer Director, IT Operations On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: > John Moyer wrote: >> Rob, >> >> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >> >> >> -------- >> certutil -d /etc/httpd/alias -L -h internal >> >> Certificate Nickname Trust Attributes >> SSL,S/MIME,JAR/XPI >> >> MyIPA u,u,u >> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >> >> ---------- >> >> I'm still getting the following when I try to restart the dirsrv: >> >> /etc/init.d/dirsrv restart >> Shutting down dirsrv: >> EXAMPLE-COM... [ OK ] >> PKI-IPA... [ OK ] >> Starting dirsrv: >> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >> [ OK ] >> PKI-IPA... [ OK ] > > You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. > >> >> I'm also getting the following when I try to add a server to IPA: >> >> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >> Hostname: ip-10-133-38-119.ec2.internal >> Realm: EXAMPLE.COM >> DNS Domain: example.com >> IPA Server: server.example.com >> BaseDN: dc=example,dc=com >> >> Synchronizing time with KDC... >> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >> >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. > > The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. > > rob > From john.moyer at digitalreasoning.com Mon Jun 10 18:17:52 2013 From: john.moyer at digitalreasoning.com (John Moyer) Date: Mon, 10 Jun 2013 14:17:52 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> Message-ID: I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate Thanks, _____________________________________________________ John Moyer Director, IT Operations On Jun 10, 2013, at 9:52 AM, John Moyer wrote: > Rob, > > Sorry for the late response I tried the following > > [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, > [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, > [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA > certutil: certificate is valid > > After this I tried to add a machine and got the same error: > > [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U > Hostname: server.example.com > Realm: EXAMPLE.COM > DNS Domain: example.com > IPA Server: server.example.com > BaseDN: dc=example,dc=com > > Synchronizing time with KDC... > Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates > > Installation failed. Rolling back changes. > IPA client is not configured on this system. > > Any additional suggestions? > > > Thanks, > _____________________________________________________ > John Moyer > Director, IT Operations > On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: > >> John Moyer wrote: >>> Rob, >>> >>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>> >>> >>> -------- >>> certutil -d /etc/httpd/alias -L -h internal >>> >>> Certificate Nickname Trust Attributes >>> SSL,S/MIME,JAR/XPI >>> >>> MyIPA u,u,u >>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>> >>> ---------- >>> >>> I'm still getting the following when I try to restart the dirsrv: >>> >>> /etc/init.d/dirsrv restart >>> Shutting down dirsrv: >>> EXAMPLE-COM... [ OK ] >>> PKI-IPA... [ OK ] >>> Starting dirsrv: >>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>> [ OK ] >>> PKI-IPA... [ OK ] >> >> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >> >>> >>> I'm also getting the following when I try to add a server to IPA: >>> >>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>> Hostname: ip-10-133-38-119.ec2.internal >>> Realm: EXAMPLE.COM >>> DNS Domain: example.com >>> IPA Server: server.example.com >>> BaseDN: dc=example,dc=com >>> >>> Synchronizing time with KDC... >>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>> >>> Installation failed. Rolling back changes. >>> IPA client is not configured on this system. >> >> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >> >> rob >> > From rcritten at redhat.com Mon Jun 10 18:58:02 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 10 Jun 2013 14:58:02 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> Message-ID: <51B621BA.6060800@redhat.com> John Moyer wrote: > I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. > > [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate Apache has its own certificate database in /etc/httpd/alias. Perhaps try the same commands against it. rob > > > Thanks, > _____________________________________________________ > John Moyer > Director, IT Operations > On Jun 10, 2013, at 9:52 AM, John Moyer wrote: > >> Rob, >> >> Sorry for the late response I tried the following >> >> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, >> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, >> [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA >> certutil: certificate is valid >> >> After this I tried to add a machine and got the same error: >> >> [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >> Hostname: server.example.com >> Realm: EXAMPLE.COM >> DNS Domain: example.com >> IPA Server: server.example.com >> BaseDN: dc=example,dc=com >> >> Synchronizing time with KDC... >> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >> >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. >> >> Any additional suggestions? >> >> >> Thanks, >> _____________________________________________________ >> John Moyer >> Director, IT Operations >> On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: >> >>> John Moyer wrote: >>>> Rob, >>>> >>>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>>> >>>> >>>> -------- >>>> certutil -d /etc/httpd/alias -L -h internal >>>> >>>> Certificate Nickname Trust Attributes >>>> SSL,S/MIME,JAR/XPI >>>> >>>> MyIPA u,u,u >>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>>> >>>> ---------- >>>> >>>> I'm still getting the following when I try to restart the dirsrv: >>>> >>>> /etc/init.d/dirsrv restart >>>> Shutting down dirsrv: >>>> EXAMPLE-COM... [ OK ] >>>> PKI-IPA... [ OK ] >>>> Starting dirsrv: >>>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>>> [ OK ] >>>> PKI-IPA... [ OK ] >>> >>> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >>> >>>> >>>> I'm also getting the following when I try to add a server to IPA: >>>> >>>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>> Hostname: ip-10-133-38-119.ec2.internal >>>> Realm: EXAMPLE.COM >>>> DNS Domain: example.com >>>> IPA Server: server.example.com >>>> BaseDN: dc=example,dc=com >>>> >>>> Synchronizing time with KDC... >>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>> >>>> Installation failed. Rolling back changes. >>>> IPA client is not configured on this system. >>> >>> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >>> >>> rob >>> >> > From dpal at redhat.com Mon Jun 10 18:30:18 2013 From: dpal at redhat.com (Dmitri Pal) Date: Mon, 10 Jun 2013 14:30:18 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> Message-ID: <51B61B3A.9010903@redhat.com> On 06/10/2013 02:17 PM, John Moyer wrote: > I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. > > [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate Is this the same issue we are discussing on the devel list? The intermediate CA case? > > > Thanks, > _____________________________________________________ > John Moyer > Director, IT Operations > On Jun 10, 2013, at 9:52 AM, John Moyer wrote: > >> Rob, >> >> Sorry for the late response I tried the following >> >> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, >> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, >> [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA >> certutil: certificate is valid >> >> After this I tried to add a machine and got the same error: >> >> [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >> Hostname: server.example.com >> Realm: EXAMPLE.COM >> DNS Domain: example.com >> IPA Server: server.example.com >> BaseDN: dc=example,dc=com >> >> Synchronizing time with KDC... >> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >> >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. >> >> Any additional suggestions? >> >> >> Thanks, >> _____________________________________________________ >> John Moyer >> Director, IT Operations >> On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: >> >>> John Moyer wrote: >>>> Rob, >>>> >>>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>>> >>>> >>>> -------- >>>> certutil -d /etc/httpd/alias -L -h internal >>>> >>>> Certificate Nickname Trust Attributes >>>> SSL,S/MIME,JAR/XPI >>>> >>>> MyIPA u,u,u >>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>>> >>>> ---------- >>>> >>>> I'm still getting the following when I try to restart the dirsrv: >>>> >>>> /etc/init.d/dirsrv restart >>>> Shutting down dirsrv: >>>> EXAMPLE-COM... [ OK ] >>>> PKI-IPA... [ OK ] >>>> Starting dirsrv: >>>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>>> [ OK ] >>>> PKI-IPA... [ OK ] >>> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >>> >>>> I'm also getting the following when I try to add a server to IPA: >>>> >>>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>> Hostname: ip-10-133-38-119.ec2.internal >>>> Realm: EXAMPLE.COM >>>> DNS Domain: example.com >>>> IPA Server: server.example.com >>>> BaseDN: dc=example,dc=com >>>> >>>> Synchronizing time with KDC... >>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>> >>>> Installation failed. Rolling back changes. >>>> IPA client is not configured on this system. >>> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >>> >>> rob >>> > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From john.moyer at digitalreasoning.com Mon Jun 10 19:36:59 2013 From: john.moyer at digitalreasoning.com (John Moyer) Date: Mon, 10 Jun 2013 15:36:59 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: <51B61B3A.9010903@redhat.com> References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> <51B61B3A.9010903@redhat.com> Message-ID: <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> Rob, I think you had me look at that already. This is the output from certutil on that: [root@ ~]# certutil -d /etc/httpd/alias -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI MyIPA u,u,u Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, Dmitri, This is the same issue I've been having for a while, other things were wrong before all of them stemmed from putting in the Godaddy signed cert. Thanks, _____________________________________________________ John Moyer Director, IT Operations On Jun 10, 2013, at 2:30 PM, Dmitri Pal wrote: > On 06/10/2013 02:17 PM, John Moyer wrote: >> I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. >> >> [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate > > Is this the same issue we are discussing on the devel list? > The intermediate CA case? > >> >> >> Thanks, >> _____________________________________________________ >> John Moyer >> Director, IT Operations >> On Jun 10, 2013, at 9:52 AM, John Moyer wrote: >> >>> Rob, >>> >>> Sorry for the late response I tried the following >>> >>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, >>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, >>> [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA >>> certutil: certificate is valid >>> >>> After this I tried to add a machine and got the same error: >>> >>> [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>> Hostname: server.example.com >>> Realm: EXAMPLE.COM >>> DNS Domain: example.com >>> IPA Server: server.example.com >>> BaseDN: dc=example,dc=com >>> >>> Synchronizing time with KDC... >>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>> >>> Installation failed. Rolling back changes. >>> IPA client is not configured on this system. >>> >>> Any additional suggestions? >>> >>> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> Director, IT Operations >>> On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: >>> >>>> John Moyer wrote: >>>>> Rob, >>>>> >>>>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>>>> >>>>> >>>>> -------- >>>>> certutil -d /etc/httpd/alias -L -h internal >>>>> >>>>> Certificate Nickname Trust Attributes >>>>> SSL,S/MIME,JAR/XPI >>>>> >>>>> MyIPA u,u,u >>>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>>>> >>>>> ---------- >>>>> >>>>> I'm still getting the following when I try to restart the dirsrv: >>>>> >>>>> /etc/init.d/dirsrv restart >>>>> Shutting down dirsrv: >>>>> EXAMPLE-COM... [ OK ] >>>>> PKI-IPA... [ OK ] >>>>> Starting dirsrv: >>>>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>>>> [ OK ] >>>>> PKI-IPA... [ OK ] >>>> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >>>> >>>>> I'm also getting the following when I try to add a server to IPA: >>>>> >>>>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>> Hostname: ip-10-133-38-119.ec2.internal >>>>> Realm: EXAMPLE.COM >>>>> DNS Domain: example.com >>>>> IPA Server: server.example.com >>>>> BaseDN: dc=example,dc=com >>>>> >>>>> Synchronizing time with KDC... >>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>> >>>>> Installation failed. Rolling back changes. >>>>> IPA client is not configured on this system. >>>> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >>>> >>>> rob >>>> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From rcritten at redhat.com Mon Jun 10 20:19:18 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 10 Jun 2013 16:19:18 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> <51B61B3A.9010903@redhat.com> <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> Message-ID: <51B634C6.2000903@redhat.com> John Moyer wrote: > Rob, > > I think you had me look at that already. This is the output from certutil on that: > > [root@ ~]# certutil -d /etc/httpd/alias -L > > Certificate Nickname Trust Attributes > SSL,S/MIME,JAR/XPI > > MyIPA u,u,u > Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, > Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, What certificate does the client have in /etc/ipa/ca.crt? Is it either one of these? Can you try linking libnssckbi.so to /etc/pki/nssdb on the client prior to enrollment? rob > > > > Dmitri, > > This is the same issue I've been having for a while, other things were wrong before all of them stemmed from putting in the Godaddy signed cert. > > Thanks, > _____________________________________________________ > John Moyer > Director, IT Operations > > On Jun 10, 2013, at 2:30 PM, Dmitri Pal wrote: > >> On 06/10/2013 02:17 PM, John Moyer wrote: >>> I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. >>> >>> [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate >> >> Is this the same issue we are discussing on the devel list? >> The intermediate CA case? >> >>> >>> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> Director, IT Operations >>> On Jun 10, 2013, at 9:52 AM, John Moyer wrote: >>> >>>> Rob, >>>> >>>> Sorry for the late response I tried the following >>>> >>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, >>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, >>>> [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA >>>> certutil: certificate is valid >>>> >>>> After this I tried to add a machine and got the same error: >>>> >>>> [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>> Hostname: server.example.com >>>> Realm: EXAMPLE.COM >>>> DNS Domain: example.com >>>> IPA Server: server.example.com >>>> BaseDN: dc=example,dc=com >>>> >>>> Synchronizing time with KDC... >>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>> >>>> Installation failed. Rolling back changes. >>>> IPA client is not configured on this system. >>>> >>>> Any additional suggestions? >>>> >>>> >>>> Thanks, >>>> _____________________________________________________ >>>> John Moyer >>>> Director, IT Operations >>>> On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: >>>> >>>>> John Moyer wrote: >>>>>> Rob, >>>>>> >>>>>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>>>>> >>>>>> >>>>>> -------- >>>>>> certutil -d /etc/httpd/alias -L -h internal >>>>>> >>>>>> Certificate Nickname Trust Attributes >>>>>> SSL,S/MIME,JAR/XPI >>>>>> >>>>>> MyIPA u,u,u >>>>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>>>>> >>>>>> ---------- >>>>>> >>>>>> I'm still getting the following when I try to restart the dirsrv: >>>>>> >>>>>> /etc/init.d/dirsrv restart >>>>>> Shutting down dirsrv: >>>>>> EXAMPLE-COM... [ OK ] >>>>>> PKI-IPA... [ OK ] >>>>>> Starting dirsrv: >>>>>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>>>>> [ OK ] >>>>>> PKI-IPA... [ OK ] >>>>> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >>>>> >>>>>> I'm also getting the following when I try to add a server to IPA: >>>>>> >>>>>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>>> Hostname: ip-10-133-38-119.ec2.internal >>>>>> Realm: EXAMPLE.COM >>>>>> DNS Domain: example.com >>>>>> IPA Server: server.example.com >>>>>> BaseDN: dc=example,dc=com >>>>>> >>>>>> Synchronizing time with KDC... >>>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>>> >>>>>> Installation failed. Rolling back changes. >>>>>> IPA client is not configured on this system. >>>>> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >>>>> >>>>> rob >>>>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > From john.moyer at digitalreasoning.com Mon Jun 10 20:32:00 2013 From: john.moyer at digitalreasoning.com (John Moyer) Date: Mon, 10 Jun 2013 16:32:00 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: <51B634C6.2000903@redhat.com> References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> <51B61B3A.9010903@redhat.com> <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> <51B634C6.2000903@redhat.com> Message-ID: Rob, Do you mean doing this? If not let me know. [root at pki]# ls -la total 32 drwxr-xr-x 8 root root 4096 Jun 10 20:23 . drwxr-xr-x 90 root root 4096 Jun 10 18:05 .. drwxr-xr-x 6 root root 4096 Mar 4 22:22 CA drwxr-xr-x 2 root root 4096 Jul 11 2012 java lrwxrwxrwx 1 root root 24 Jun 10 20:23 nssdb -> /usr/lib64/libnssckbi.so drwxr-xr-x 2 root root 4096 Jun 10 18:05 nssdb.orig drwxr-xr-x 2 root root 4096 Mar 21 15:19 rpm-gpg drwx------ 2 root root 4096 Feb 22 05:07 rsyslog drwxr-xr-x 5 root root 4096 Mar 21 15:18 tls After I did that I tried to enroll this system and got the same error. The cert that is in the /etc/ipa/ca.crt is the same as the one that is on the server which is the CA Cert gotten from godaddy. You also had me change this into a der version of the Cert (using openssl) and jam that into the Directory server. Thanks, _____________________________________________________ John Moyer Director, IT Operations Digital Reasoning Systems, Inc. John.Moyer at digitalreasoning.com Office: 703.678.2311 Mobile: 240.460.0023 Fax: 703.678.2312 www.digitalreasoning.com On Jun 10, 2013, at 4:19 PM, Rob Crittenden wrote: > John Moyer wrote: >> Rob, >> >> I think you had me look at that already. This is the output from certutil on that: >> >> [root@ ~]# certutil -d /etc/httpd/alias -L >> >> Certificate Nickname Trust Attributes >> SSL,S/MIME,JAR/XPI >> >> MyIPA u,u,u >> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, > > What certificate does the client have in /etc/ipa/ca.crt? Is it either one of these? > > Can you try linking libnssckbi.so to /etc/pki/nssdb on the client prior to enrollment? > > rob > >> >> >> >> Dmitri, >> >> This is the same issue I've been having for a while, other things were wrong before all of them stemmed from putting in the Godaddy signed cert. >> >> Thanks, >> _____________________________________________________ >> John Moyer >> Director, IT Operations >> >> On Jun 10, 2013, at 2:30 PM, Dmitri Pal wrote: >> >>> On 06/10/2013 02:17 PM, John Moyer wrote: >>>> I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. >>>> >>>> [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate >>> >>> Is this the same issue we are discussing on the devel list? >>> The intermediate CA case? >>> >>>> >>>> >>>> Thanks, >>>> _____________________________________________________ >>>> John Moyer >>>> Director, IT Operations >>>> On Jun 10, 2013, at 9:52 AM, John Moyer wrote: >>>> >>>>> Rob, >>>>> >>>>> Sorry for the late response I tried the following >>>>> >>>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, >>>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, >>>>> [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA >>>>> certutil: certificate is valid >>>>> >>>>> After this I tried to add a machine and got the same error: >>>>> >>>>> [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>> Hostname: server.example.com >>>>> Realm: EXAMPLE.COM >>>>> DNS Domain: example.com >>>>> IPA Server: server.example.com >>>>> BaseDN: dc=example,dc=com >>>>> >>>>> Synchronizing time with KDC... >>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>> >>>>> Installation failed. Rolling back changes. >>>>> IPA client is not configured on this system. >>>>> >>>>> Any additional suggestions? >>>>> >>>>> >>>>> Thanks, >>>>> _____________________________________________________ >>>>> John Moyer >>>>> Director, IT Operations >>>>> On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: >>>>> >>>>>> John Moyer wrote: >>>>>>> Rob, >>>>>>> >>>>>>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>>>>>> >>>>>>> >>>>>>> -------- >>>>>>> certutil -d /etc/httpd/alias -L -h internal >>>>>>> >>>>>>> Certificate Nickname Trust Attributes >>>>>>> SSL,S/MIME,JAR/XPI >>>>>>> >>>>>>> MyIPA u,u,u >>>>>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>>>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>>>>>> >>>>>>> ---------- >>>>>>> >>>>>>> I'm still getting the following when I try to restart the dirsrv: >>>>>>> >>>>>>> /etc/init.d/dirsrv restart >>>>>>> Shutting down dirsrv: >>>>>>> EXAMPLE-COM... [ OK ] >>>>>>> PKI-IPA... [ OK ] >>>>>>> Starting dirsrv: >>>>>>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>>>>>> [ OK ] >>>>>>> PKI-IPA... [ OK ] >>>>>> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >>>>>> >>>>>>> I'm also getting the following when I try to add a server to IPA: >>>>>>> >>>>>>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>>>> Hostname: ip-10-133-38-119.ec2.internal >>>>>>> Realm: EXAMPLE.COM >>>>>>> DNS Domain: example.com >>>>>>> IPA Server: server.example.com >>>>>>> BaseDN: dc=example,dc=com >>>>>>> >>>>>>> Synchronizing time with KDC... >>>>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>>>> >>>>>>> Installation failed. Rolling back changes. >>>>>>> IPA client is not configured on this system. >>>>>> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >>>>>> >>>>>> rob >>>>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager for IdM portfolio >>> Red Hat Inc. >>> >>> >>> ------------------------------- >>> Looking to carve out IT costs? >>> www.redhat.com/carveoutcosts/ >>> >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > From rcritten at redhat.com Mon Jun 10 20:42:29 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 10 Jun 2013 16:42:29 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> <51B61B3A.9010903@redhat.com> <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> <51B634C6.2000903@redhat.com> Message-ID: <51B63A35.1060404@redhat.com> John Moyer wrote: > Rob, > > Do you mean doing this? If not let me know. > > [root at pki]# ls -la > total 32 > drwxr-xr-x 8 root root 4096 Jun 10 20:23 . > drwxr-xr-x 90 root root 4096 Jun 10 18:05 .. > drwxr-xr-x 6 root root 4096 Mar 4 22:22 CA > drwxr-xr-x 2 root root 4096 Jul 11 2012 java > lrwxrwxrwx 1 root root 24 Jun 10 20:23 nssdb -> /usr/lib64/libnssckbi.so > drwxr-xr-x 2 root root 4096 Jun 10 18:05 nssdb.orig > drwxr-xr-x 2 root root 4096 Mar 21 15:19 rpm-gpg > drwx------ 2 root root 4096 Feb 22 05:07 rsyslog > drwxr-xr-x 5 root root 4096 Mar 21 15:18 tls No, you need to link the shared library into the nssdb directory. nssdb should contain 3 db files, cert8, key3 and secmod. This is the common NSS db that the client uses. > After I did that I tried to enroll this system and got the same error. > > The cert that is in the /etc/ipa/ca.crt is the same as the one that is on the server which is the CA Cert gotten from godaddy. You also had me change this into a der version of the Cert (using openssl) and jam that into the Directory server. Right but which one, there are two. rob > > > Thanks, > _____________________________________________________ > John Moyer > Director, IT Operations > Digital Reasoning Systems, Inc. > John.Moyer at digitalreasoning.com > Office: 703.678.2311 > Mobile: 240.460.0023 > Fax: 703.678.2312 > www.digitalreasoning.com > > On Jun 10, 2013, at 4:19 PM, Rob Crittenden wrote: > >> John Moyer wrote: >>> Rob, >>> >>> I think you had me look at that already. This is the output from certutil on that: >>> >>> [root@ ~]# certutil -d /etc/httpd/alias -L >>> >>> Certificate Nickname Trust Attributes >>> SSL,S/MIME,JAR/XPI >>> >>> MyIPA u,u,u >>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >> >> What certificate does the client have in /etc/ipa/ca.crt? Is it either one of these? >> >> Can you try linking libnssckbi.so to /etc/pki/nssdb on the client prior to enrollment? >> >> rob >> >>> >>> >>> >>> Dmitri, >>> >>> This is the same issue I've been having for a while, other things were wrong before all of them stemmed from putting in the Godaddy signed cert. >>> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> Director, IT Operations >>> >>> On Jun 10, 2013, at 2:30 PM, Dmitri Pal wrote: >>> >>>> On 06/10/2013 02:17 PM, John Moyer wrote: >>>>> I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. >>>>> >>>>> [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate >>>> >>>> Is this the same issue we are discussing on the devel list? >>>> The intermediate CA case? >>>> >>>>> >>>>> >>>>> Thanks, >>>>> _____________________________________________________ >>>>> John Moyer >>>>> Director, IT Operations >>>>> On Jun 10, 2013, at 9:52 AM, John Moyer wrote: >>>>> >>>>>> Rob, >>>>>> >>>>>> Sorry for the late response I tried the following >>>>>> >>>>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, >>>>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, >>>>>> [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA >>>>>> certutil: certificate is valid >>>>>> >>>>>> After this I tried to add a machine and got the same error: >>>>>> >>>>>> [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>>> Hostname: server.example.com >>>>>> Realm: EXAMPLE.COM >>>>>> DNS Domain: example.com >>>>>> IPA Server: server.example.com >>>>>> BaseDN: dc=example,dc=com >>>>>> >>>>>> Synchronizing time with KDC... >>>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>>> >>>>>> Installation failed. Rolling back changes. >>>>>> IPA client is not configured on this system. >>>>>> >>>>>> Any additional suggestions? >>>>>> >>>>>> >>>>>> Thanks, >>>>>> _____________________________________________________ >>>>>> John Moyer >>>>>> Director, IT Operations >>>>>> On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: >>>>>> >>>>>>> John Moyer wrote: >>>>>>>> Rob, >>>>>>>> >>>>>>>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>>>>>>> >>>>>>>> >>>>>>>> -------- >>>>>>>> certutil -d /etc/httpd/alias -L -h internal >>>>>>>> >>>>>>>> Certificate Nickname Trust Attributes >>>>>>>> SSL,S/MIME,JAR/XPI >>>>>>>> >>>>>>>> MyIPA u,u,u >>>>>>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>>>>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>>>>>>> >>>>>>>> ---------- >>>>>>>> >>>>>>>> I'm still getting the following when I try to restart the dirsrv: >>>>>>>> >>>>>>>> /etc/init.d/dirsrv restart >>>>>>>> Shutting down dirsrv: >>>>>>>> EXAMPLE-COM... [ OK ] >>>>>>>> PKI-IPA... [ OK ] >>>>>>>> Starting dirsrv: >>>>>>>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>>>>>>> [ OK ] >>>>>>>> PKI-IPA... [ OK ] >>>>>>> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >>>>>>> >>>>>>>> I'm also getting the following when I try to add a server to IPA: >>>>>>>> >>>>>>>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>>>>> Hostname: ip-10-133-38-119.ec2.internal >>>>>>>> Realm: EXAMPLE.COM >>>>>>>> DNS Domain: example.com >>>>>>>> IPA Server: server.example.com >>>>>>>> BaseDN: dc=example,dc=com >>>>>>>> >>>>>>>> Synchronizing time with KDC... >>>>>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>>>>> >>>>>>>> Installation failed. Rolling back changes. >>>>>>>> IPA client is not configured on this system. >>>>>>> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >>>>>>> >>>>>>> rob >>>>>>> >>>>> >>>>> _______________________________________________ >>>>> Freeipa-users mailing list >>>>> Freeipa-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> >>>> -- >>>> Thank you, >>>> Dmitri Pal >>>> >>>> Sr. Engineering Manager for IdM portfolio >>>> Red Hat Inc. >>>> >>>> >>>> ------------------------------- >>>> Looking to carve out IT costs? >>>> www.redhat.com/carveoutcosts/ >>>> >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >> > From jdennis at redhat.com Mon Jun 10 20:50:44 2013 From: jdennis at redhat.com (John Dennis) Date: Mon, 10 Jun 2013 16:50:44 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> <51B61B3A.9010903@redhat.com> <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> <51B634C6.2000903@redhat.com> Message-ID: <51B63C24.8090505@redhat.com> On 06/10/2013 04:32 PM, John Moyer wrote: > Do you mean doing this? If not let me know. I'm afraid much of what has been done so far amounts to flailing about. The information needed to resolve the problem is contained in your cert. I'm pretty sure I asked for this information previously with detained instructions on how to retrieve it. We need to know the full contents of the cert, including it's extensions and the issuer. Then we need to know the contents of your NSS database. That should be enough to answer the question of why your CA cert is not validating as expected. Either dump the text form of your CA cert and send it along or send us the cert in PEM format and we'll open it up. I suggest you do that in a private email to either me or Rob as opposed to the list. I have tools that will help diagnose why NSS might fail to validate a cert. Also, many public CA will not issue, or will restrict signing CA certs because that opens them up to liability (they can't know what your CA will sign and if they sign your CA they are in effect vouching for any cert you issue). This is another reason it's important to see the contents of the cert, to determine what actions that cert is authorized to perform for and who is authorizing those actions, make sense? John From jdennis at redhat.com Mon Jun 10 21:09:28 2013 From: jdennis at redhat.com (John Dennis) Date: Mon, 10 Jun 2013 17:09:28 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: <51B63C24.8090505@redhat.com> References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> <51B61B3A.9010903@redhat.com> <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> <51B634C6.2000903@redhat.com> <51B63C24.8090505@redhat.com> Message-ID: <51B64088.2080409@redhat.com> On 06/10/2013 04:50 PM, John Dennis wrote: > Either dump the text form of your CA cert and send it along or send us > the cert in PEM format and we'll open it up. Actually in hindsight send us the all the Godaddy certs in PEM format only, the tools need to read PEM format. Text format would be interesting for us humans, but the tools need PEM and we can always generate the text format from PEM anyway. John From john.moyer at digitalreasoning.com Tue Jun 11 14:07:59 2013 From: john.moyer at digitalreasoning.com (John Moyer) Date: Tue, 11 Jun 2013 10:07:59 -0400 Subject: [Freeipa-users] Installing a Godaddy Cert with ipa-server-certinstall In-Reply-To: <51B63A35.1060404@redhat.com> References: <7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com> <519F1C96.5060202@redhat.com> <741DCCC1-79F2-419C-BDC3-6875C937893B@digitalreasoning.com> <519FBB68.8040902@redhat.com> <6C796140-17FC-42CF-A91D-C527F34B7E72@digitalreasoning.com> <519FCAE2.7020502@redhat.com> <51A5F64A.9050908@redhat.com> <50C4031E-BDB1-4697-B609-C986A599979B@digitalreasoning.com> <51A62AC9.7010908@redhat.com> <51A64449.9080304@redhat.com> <2306AAD4-DC2B-42A6-AA55-6AFB3C204404@digitalreasoning.com> <51B61B3A.9010903@redhat.com> <18DE800D-3A47-4124-944A-B4EF0632A2E0@digitalreasoning.com> <51B634C6.2000903@redhat.com> <51B63A35.1060404@redhat.com> Message-ID: <317A399C-B951-4EF6-BBFD-73F031635BF6@digitalreasoning.com> So this is what I did and how it went afterwards: [root at nssdb]# ln -s /usr/lib64/libnssckbi.so libnssckbi.so [root at nssdb]# ls -la total 132 drwxr-xr-x 2 root root 4096 Jun 11 13:50 . drwxr-xr-x 8 root root 4096 Jun 11 13:50 .. -rw-r--r-- 1 root root 65536 Jan 12 2010 cert8.db -rw-r--r-- 1 root root 9216 Jan 12 2010 cert9.db -rw-r--r-- 1 root root 16384 Jan 12 2010 key3.db -rw-r--r-- 1 root root 11264 Jan 12 2010 key4.db lrwxrwxrwx 1 root root 24 Jun 11 13:50 libnssckbi.so -> /usr/lib64/libnssckbi.so -rw-r--r-- 1 root root 451 Jan 10 02:13 pkcs11.txt -rw-r--r-- 1 root root 16384 Jan 12 2010 secmod.db [root at nssdb]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "blah" -U Hostname: server.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: server.example.com BaseDN: dc=example,dc=com Synchronizing time with KDC... Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates Installation failed. Rolling back changes. IPA client is not configured on this system. [root@ nssdb]# Thanks, _____________________________________________________ John Moyer Director, IT Operations On Jun 10, 2013, at 4:42 PM, Rob Crittenden wrote: > John Moyer wrote: >> Rob, >> >> Do you mean doing this? If not let me know. >> >> [root at pki]# ls -la >> total 32 >> drwxr-xr-x 8 root root 4096 Jun 10 20:23 . >> drwxr-xr-x 90 root root 4096 Jun 10 18:05 .. >> drwxr-xr-x 6 root root 4096 Mar 4 22:22 CA >> drwxr-xr-x 2 root root 4096 Jul 11 2012 java >> lrwxrwxrwx 1 root root 24 Jun 10 20:23 nssdb -> /usr/lib64/libnssckbi.so >> drwxr-xr-x 2 root root 4096 Jun 10 18:05 nssdb.orig >> drwxr-xr-x 2 root root 4096 Mar 21 15:19 rpm-gpg >> drwx------ 2 root root 4096 Feb 22 05:07 rsyslog >> drwxr-xr-x 5 root root 4096 Mar 21 15:18 tls > > No, you need to link the shared library into the nssdb directory. nssdb should contain 3 db files, cert8, key3 and secmod. This is the common NSS db that the client uses. > >> After I did that I tried to enroll this system and got the same error. >> >> The cert that is in the /etc/ipa/ca.crt is the same as the one that is on the server which is the CA Cert gotten from godaddy. You also had me change this into a der version of the Cert (using openssl) and jam that into the Directory server. > > Right but which one, there are two. > > rob > >> >> >> Thanks, >> _____________________________________________________ >> John Moyer >> Director, IT Operations >> Digital Reasoning Systems, Inc. >> John.Moyer at digitalreasoning.com >> Office: 703.678.2311 >> Mobile: 240.460.0023 >> Fax: 703.678.2312 >> www.digitalreasoning.com >> >> On Jun 10, 2013, at 4:19 PM, Rob Crittenden wrote: >> >>> John Moyer wrote: >>>> Rob, >>>> >>>> I think you had me look at that already. This is the output from certutil on that: >>>> >>>> [root@ ~]# certutil -d /etc/httpd/alias -L >>>> >>>> Certificate Nickname Trust Attributes >>>> SSL,S/MIME,JAR/XPI >>>> >>>> MyIPA u,u,u >>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>> >>> What certificate does the client have in /etc/ipa/ca.crt? Is it either one of these? >>> >>> Can you try linking libnssckbi.so to /etc/pki/nssdb on the client prior to enrollment? >>> >>> rob >>> >>>> >>>> >>>> >>>> Dmitri, >>>> >>>> This is the same issue I've been having for a while, other things were wrong before all of them stemmed from putting in the Godaddy signed cert. >>>> >>>> Thanks, >>>> _____________________________________________________ >>>> John Moyer >>>> Director, IT Operations >>>> >>>> On Jun 10, 2013, at 2:30 PM, Dmitri Pal wrote: >>>> >>>>> On 06/10/2013 02:17 PM, John Moyer wrote: >>>>>> I don't know if this helps, but this is the log I'm getting from the IPA server's apache error log. >>>>>> >>>>>> [Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate >>>>> >>>>> Is this the same issue we are discussing on the devel list? >>>>> The intermediate CA case? >>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> _____________________________________________________ >>>>>> John Moyer >>>>>> Director, IT Operations >>>>>> On Jun 10, 2013, at 9:52 AM, John Moyer wrote: >>>>>> >>>>>>> Rob, >>>>>>> >>>>>>> Sorry for the late response I tried the following >>>>>>> >>>>>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Class 2 Certification Authority - ValiCert, Inc." -t CT,, >>>>>>> [root at etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n "Go Daddy Secure Certification Authority - The Go Daddy Group, Inc." -t CT,, >>>>>>> [root at etc]# certutil -V -u V -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n MyIPA >>>>>>> certutil: certificate is valid >>>>>>> >>>>>>> After this I tried to add a machine and got the same error: >>>>>>> >>>>>>> [root@~]# ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>>>> Hostname: server.example.com >>>>>>> Realm: EXAMPLE.COM >>>>>>> DNS Domain: example.com >>>>>>> IPA Server: server.example.com >>>>>>> BaseDN: dc=example,dc=com >>>>>>> >>>>>>> Synchronizing time with KDC... >>>>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>>>> >>>>>>> Installation failed. Rolling back changes. >>>>>>> IPA client is not configured on this system. >>>>>>> >>>>>>> Any additional suggestions? >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> _____________________________________________________ >>>>>>> John Moyer >>>>>>> Director, IT Operations >>>>>>> On May 29, 2013, at 2:09 PM, Rob Crittenden wrote: >>>>>>> >>>>>>>> John Moyer wrote: >>>>>>>>> Rob, >>>>>>>>> >>>>>>>>> MyIPA I believe was installed by IPA. I did everything you suggested, the below is what it looks like now. >>>>>>>>> >>>>>>>>> >>>>>>>>> -------- >>>>>>>>> certutil -d /etc/httpd/alias -L -h internal >>>>>>>>> >>>>>>>>> Certificate Nickname Trust Attributes >>>>>>>>> SSL,S/MIME,JAR/XPI >>>>>>>>> >>>>>>>>> MyIPA u,u,u >>>>>>>>> Go Daddy Secure Certification Authority - The Go Daddy Group, Inc. CT,, >>>>>>>>> Go Daddy Class 2 Certification Authority - ValiCert, Inc. CT,, >>>>>>>>> >>>>>>>>> ---------- >>>>>>>>> >>>>>>>>> I'm still getting the following when I try to restart the dirsrv: >>>>>>>>> >>>>>>>>> /etc/init.d/dirsrv restart >>>>>>>>> Shutting down dirsrv: >>>>>>>>> EXAMPLE-COM... [ OK ] >>>>>>>>> PKI-IPA... [ OK ] >>>>>>>>> Starting dirsrv: >>>>>>>>> EXAMPLE-COM...[29/May/2013:16:46:47 +0000] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate issuer has been marked as not trusted by the user.) >>>>>>>>> [ OK ] >>>>>>>>> PKI-IPA... [ OK ] >>>>>>>> You need to apply these trust changes to /etc/dirsrv/slap-EXAMPLE-COM as well. >>>>>>>> >>>>>>>>> I'm also getting the following when I try to add a server to IPA: >>>>>>>>> >>>>>>>>> ipa-client-install --domain=example.com --server=server.example.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U >>>>>>>>> Hostname: ip-10-133-38-119.ec2.internal >>>>>>>>> Realm: EXAMPLE.COM >>>>>>>>> DNS Domain: example.com >>>>>>>>> IPA Server: server.example.com >>>>>>>>> BaseDN: dc=example,dc=com >>>>>>>>> >>>>>>>>> Synchronizing time with KDC... >>>>>>>>> Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates >>>>>>>>> >>>>>>>>> Installation failed. Rolling back changes. >>>>>>>>> IPA client is not configured on this system. >>>>>>>> The client installer downloads the CA cert from LDAP, so make sure you have the GoDaddy CA in LDAP. >>>>>>>> >>>>>>>> rob >>>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Freeipa-users mailing list >>>>>> Freeipa-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> >>>>> >>>>> -- >>>>> Thank you, >>>>> Dmitri Pal >>>>> >>>>> Sr. Engineering Manager for IdM portfolio >>>>> Red Hat Inc. >>>>> >>>>> >>>>> ------------------------------- >>>>> Looking to carve out IT costs? >>>>> www.redhat.com/carveoutcosts/ >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Freeipa-users mailing list >>>>> Freeipa-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>> >> > From shinacalypse at gmail.com Tue Jun 11 23:56:13 2013 From: shinacalypse at gmail.com (Sina Owolabi) Date: Wed, 12 Jun 2013 00:56:13 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion Message-ID: Hi Please help me understand what I am doing wrong: Im using two RHEL6.4 ipa servers in a multi-master configuration Instead of creating multiple sudocmdgroups and sudo rules, I tried to subset what I could see in the /etc/sudoers files and have nested command groups and rules, to be applied to certain users and hostgroups as needed. I have a hostgroup called allservers, which applies to all servers. The allservers hostgroup is a member of sudo rule admin-commands, which I created for specific users to be able to run admin commands on all servers. I have added as members, multiple sudogroups, each of which have a number of commands inside of them. Despite this, I find that sudo does not allow me to run any command as the users added to the admin-command rule. Please help me see where my logic is broken, and what to do to fix. Thanks a lot in advance. My sudo-ldap.conf is correctly configured, and so is nsswitch.conf. Output is below: sudo service httpd status [sudo] password for tuser: tuser is not allowed to run sudo on waphost. This incident will be reported. ipa sudorule-find admin-commands ------------------- 1 Sudo Rule matched ------------------- Rule name: admin-commands Enabled: TRUE Users: tuser Host Groups: allservers Sudo Allow Command Groups: locate, networking, rooting, services, software, storage Sudo Option: !authenticate ---------------------------- Number of entries returned 1 ---------------------------- -- best regards, Sina Owolabi +2348034022578 +2348176469061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steven.Jones at vuw.ac.nz Wed Jun 12 00:26:52 2013 From: Steven.Jones at vuw.ac.nz (Steven Jones) Date: Wed, 12 Jun 2013 00:26:52 +0000 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: Message-ID: <833D8E48405E064EBC54C84EC6B36E407A2C0045@STAWINCOX10MBX1.staff.vuw.ac.nz> Hi, Sounds to complex, dont nest, KISS, Keep It Simple and Stupid. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Sina Owolabi [shinacalypse at gmail.com] Sent: Wednesday, 12 June 2013 11:56 a.m. To: freeipa-users at redhat.com Subject: [Freeipa-users] Sudo Commands and groups confusion Hi Please help me understand what I am doing wrong: Im using two RHEL6.4 ipa servers in a multi-master configuration Instead of creating multiple sudocmdgroups and sudo rules, I tried to subset what I could see in the /etc/sudoers files and have nested command groups and rules, to be applied to certain users and hostgroups as needed. I have a hostgroup called allservers, which applies to all servers. The allservers hostgroup is a member of sudo rule admin-commands, which I created for specific users to be able to run admin commands on all servers. I have added as members, multiple sudogroups, each of which have a number of commands inside of them. Despite this, I find that sudo does not allow me to run any command as the users added to the admin-command rule. Please help me see where my logic is broken, and what to do to fix. Thanks a lot in advance. My sudo-ldap.conf is correctly configured, and so is nsswitch.conf. Output is below: sudo service httpd status [sudo] password for tuser: tuser is not allowed to run sudo on waphost. This incident will be reported. ipa sudorule-find admin-commands ------------------- 1 Sudo Rule matched ------------------- Rule name: admin-commands Enabled: TRUE Users: tuser Host Groups: allservers Sudo Allow Command Groups: locate, networking, rooting, services, software, storage Sudo Option: !authenticate ---------------------------- Number of entries returned 1 ---------------------------- -- best regards, Sina Owolabi +2348034022578 +2348176469061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Wed Jun 12 01:33:29 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 11 Jun 2013 21:33:29 -0400 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: Message-ID: <51B7CFE9.2090403@redhat.com> Sina Owolabi wrote: > Hi > Please help me understand what I am doing wrong: > > Im using two RHEL6.4 ipa servers in a multi-master configuration > Instead of creating multiple sudocmdgroups and sudo rules, I tried to > subset what I could see in the /etc/sudoers files and have nested > command groups and rules, to be applied to certain users and hostgroups > as needed. > I have a hostgroup called allservers, which applies to all servers. > > The allservers hostgroup is a member of sudo rule admin-commands, which > I created for specific users to be able to run admin commands on all > servers. I have added as members, multiple sudogroups, each of which > have a number of commands inside of them. Despite this, I find that sudo > does not allow me to run any command as the users added to the > admin-command rule. Please help me see where my logic is broken, and > what to do to fix. Thanks a lot in advance. > My sudo-ldap.conf is correctly configured, and so is nsswitch.conf. > > Output is below: > > sudo service httpd status > [sudo] password for tuser: > tuser is not allowed to run sudo on waphost. This incident will be > reported. > > ipa sudorule-find admin-commands > ------------------- > 1 Sudo Rule matched > ------------------- > Rule name: admin-commands > Enabled: TRUE > Users: tuser > Host Groups: allservers > Sudo Allow Command Groups: locate, networking, rooting, services, > software, storage > Sudo Option: !authenticate > ---------------------------- > Number of entries returned 1 > ---------------------------- Did you set your NIS domain name on the client machine? sudo uses netgroups which needs the NIS domain. By default IPA creates a managed netgroup for each hostgroup so one should be available with the right information. rob From yamakasi.014 at gmail.com Wed Jun 12 07:48:54 2013 From: yamakasi.014 at gmail.com (Matt .) Date: Wed, 12 Jun 2013 09:48:54 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion Message-ID: Hi, A lot of people seem to have problem with Sudo and FreeIPA. How to enable sudo is described here: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf The problem we are facing, also discussed on IRC is that there is looked in the local sudoers file of the client if the loggedin user may sudo. Of course the username is not known there. The workaround for now seems to be adding the username to the local sudoers file and comment the following lines on the local client: # cat /etc/pam.d/password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet #account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so # cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet #account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so This is not what we want with a centralized auth and policy system so I hope we can fix this bug soon. Ideas are welcome! Cheers, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From shinacalypse at gmail.com Wed Jun 12 08:26:22 2013 From: shinacalypse at gmail.com (Sina Owolabi) Date: Wed, 12 Jun 2013 09:26:22 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: Message-ID: Thank you so very much for the replies. What I did actually worked, but not on two of the servers I was testing with. (adding command groups to a sudorule). It worked so well that I did it twice again :-) What I'm curious about is the two servers that still ask for sudo password. One of them brings out long output when I try (debug is set to 1). Unfortunately they are business critical and can't be rebooted if I want to live to see tomorrow :-) What do you think?: [oowolabi at waphost ~]$ sudo service httpd status sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: tls_checkpeer -> 1 sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: timelimit -> 15 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5) sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: no default options found in ou=SUDOers,dc=qrios,dc=com sudo: ldap search '(|(sudoUser=oowolabi)(sudoUser=%oowolabi)(sudoUser=%#721800009)(sudoUser=%admins)(sudoUser=%employees)(sudoUser=%qrios)(sudoUser=%#721800000)(sudoUser=%#721800006)(sudoUser=%#721800008)(sudoUser=ALL))' sudo: searching from base 'ou=SUDOers,dc=qrios,dc=com' sudo: adding search result sudo: result now has 0 entries sudo: ldap search '(sudoUser=+*)' sudo: searching from base 'ou=SUDOers,dc=qrios,dc=com' sudo: adding search result sudo: result now has 0 entries sudo: sorting remaining 0 entries sudo: searching LDAP for sudoers entries sudo: done with LDAP searches sudo: user_matches=1 sudo: host_matches=0 sudo: sudo_ldap_lookup(0)=0x40 [sudo] password for oowolabi: oowolabi is not allowed to run sudo on waphost. This incident will be reported. On Wed, Jun 12, 2013 at 8:48 AM, Matt . wrote: > Hi, > > A lot of people seem to have problem with Sudo and FreeIPA. > > How to enable sudo is described here: > > http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > > The problem we are facing, also discussed on IRC is that there is looked > in the local sudoers file of the client if the loggedin user may sudo. Of > course the username is not known there. > > The workaround for now seems to be adding the username to the local > sudoers file and comment the following lines on the local client: > > # cat /etc/pam.d/password-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth sufficient pam_sss.so use_first_pass > auth required pam_deny.so > > account required pam_unix.so > account sufficient pam_localuser.so > account sufficient pam_succeed_if.so uid < 500 quiet > #account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > > password requisite pam_cracklib.so try_first_pass retry=3 type= > password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok > password sufficient pam_sss.so use_authtok > password required pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid > session required pam_unix.so > session optional pam_sss.so > > > # cat /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth sufficient pam_sss.so use_first_pass > auth required pam_deny.so > > account required pam_unix.so > account sufficient pam_localuser.so > account sufficient pam_succeed_if.so uid < 500 quiet > #account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > > password requisite pam_cracklib.so try_first_pass retry=3 type= > password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok > password sufficient pam_sss.so use_authtok > password required pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid > session required pam_unix.so > session optional pam_sss.so > > This is not what we want with a centralized auth and policy system so I hope we can fix this bug soon. > > > Ideas are welcome! > > > Cheers, > > Matt > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- best regards, Sina Owolabi +2348034022578 +2348176469061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jun 12 09:10:31 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 12 Jun 2013 12:10:31 +0300 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: Message-ID: <20130612091030.GV26689@redhat.com> On Wed, 12 Jun 2013, Matt . wrote: >Hi, > >A lot of people seem to have problem with Sudo and FreeIPA. > >How to enable sudo is described here: > >http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > >The problem we are facing, also discussed on IRC is that there is looked in >the local sudoers file of the client if the loggedin user may sudo. Of >course the username is not known there. Not sure what exactly is your problem? Could you please rephrase and show it with logs again? If you are using SSSD's sudo integration against IPA server, then here is what you need to get it working on Fedora 18/19 and RHEL 6.4: 1. install libsss_sudo package 2. Add/change following line to /etc/nsswitch.conf sudoers: files sss 3. Make sure your /etc/sssd/sssd.conf looks like this example: http://abbra.fedorapeople.org/.paste/sssd.conf.example 4. Restart sssd These are the only actions I needed to get sudo working for IPA users on Fedora 19 and RHEL 6.4. Please note that sudoers: files sss gives you chance to have local users configured in local sudoers. If you don't want them to be able to use sudo, just change the line in /etc/nsswitch.conf to sudoers: sss -- / Alexander Bokovoy From yamakasi.014 at gmail.com Wed Jun 12 09:22:35 2013 From: yamakasi.014 at gmail.com (Matt .) Date: Wed, 12 Jun 2013 11:22:35 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <20130612091030.GV26689@redhat.com> References: <20130612091030.GV26689@redhat.com> Message-ID: Hi, The package as you described is installed, the configlines are set as you show it. This is what I see in auth.log, my sssd_sudo does not show a thing: Jun 12 11:19:16 server sudo: pam_unix(sudo:auth): authentication failure; logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= user=USERNAME Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): User info message: Your password will expire in 89 day(s). Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): authentication success; logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= user=USERNAME Jun 12 11:19:16 server sudo: USERNAME : user NOT in sudoers ; TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/su Jun 12 11:19:16 server sudo: unable to execute /usr/sbin/sendmail: No such file or directory I really cannot figure out what to check more. 2013/6/12 Alexander Bokovoy > On Wed, 12 Jun 2013, Matt . wrote: > >> Hi, >> >> A lot of people seem to have problem with Sudo and FreeIPA. >> >> How to enable sudo is described here: >> >> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_** >> Integration.pdf >> >> The problem we are facing, also discussed on IRC is that there is looked >> in >> the local sudoers file of the client if the loggedin user may sudo. Of >> course the username is not known there. >> > Not sure what exactly is your problem? Could you please rephrase and > show it with logs again? > > If you are using SSSD's sudo integration against IPA server, then here > is what you need to get it working on Fedora 18/19 and RHEL 6.4: > > 1. install libsss_sudo package > > 2. Add/change following line to /etc/nsswitch.conf > > sudoers: files sss > > 3. Make sure your /etc/sssd/sssd.conf looks like this example: > http://abbra.fedorapeople.org/**.paste/sssd.conf.example > 4. Restart sssd > > These are the only actions I needed to get sudo working for IPA users on > Fedora 19 and RHEL 6.4. > > Please note that sudoers: files sss > gives you chance to have local users configured in local sudoers. If you > don't want them to be able to use sudo, just change the line in > /etc/nsswitch.conf to > sudoers: sss > > > -- > / Alexander Bokovoy > -------------- next part -------------- An HTML attachment was scrubbed... URL: From leah_zimmermann at web.de Wed Jun 12 09:42:23 2013 From: leah_zimmermann at web.de (Leah Zimmermann) Date: Wed, 12 Jun 2013 11:42:23 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm Message-ID: <51B8427F.2060302@web.de> Dear List Members, I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted relationship to an AD-Domain. The users of the AD-Domain can login via ssh- or console-login. Then they can start the gnome desktop manually. But if they login via gdm they logged out immediatly. In /var/log/Xorg.0.log I see many entries like [ 88837.701] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 12 connected from local host ( uid=42 gid=42 pid=10962 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14 connected from local host ( uid=42 gid=42 pid=10962 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14 disconnected [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12 disconnected and an entry in /var/log/messages like Jun 12 11:18:52 ipa_hostname smbd[11154]: Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client ADS machine account AD_DOMAIN. Where AD_DOMAIN and AD_NETBIOS are replacements according to http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions We need some AD user able to login via gdm to the CentOS machine. Can someone please tell me how to enable graphical/gdm login on the FreeIPA-Server for AD-Users? thank you in advanced Leah -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbose at redhat.com Wed Jun 12 10:03:29 2013 From: sbose at redhat.com (Sumit Bose) Date: Wed, 12 Jun 2013 12:03:29 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <51B8427F.2060302@web.de> References: <51B8427F.2060302@web.de> Message-ID: <20130612100328.GP6550@localhost.localdomain> On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: > Dear List Members, > > I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted > relationship to an AD-Domain. > The users of the AD-Domain can login via ssh- or console-login. Then > they can start the gnome desktop manually. But if they login via gdm > they logged out immediatly. Which name style are you using 'AD_NETBIOS\username' or 'username at AD_DOMAIN' ? If you only tried one can you try the other? If this does not help, please send the relevant section of /var/Log/secure and the sssd logs with a high debug level. bye, Sumit > > In /var/log/Xorg.0.log I see many entries like > > [ 88837.701] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 12 > connected from local host ( uid=42 gid=42 pid=10962 ) > Auth name: MIT-MAGIC-COOKIE-1 ID: 270 > [ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14 > connected from local host ( uid=42 gid=42 pid=10962 ) > Auth name: MIT-MAGIC-COOKIE-1 ID: 270 > [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14 disconnected > [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12 disconnected > > and an entry in /var/log/messages like > > Jun 12 11:18:52 ipa_hostname smbd[11154]: Failed to find a Unix > account for AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to > find a Unix account for AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to > find a Unix account for AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check > failed. Rejecting auth request from client ADS machine account > AD_DOMAIN. > > Where AD_DOMAIN and AD_NETBIOS are replacements according to > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions > > We need some AD user able to login via gdm to the CentOS machine. > Can someone please tell me how to enable graphical/gdm login on the > FreeIPA-Server for AD-Users? > > thank you in advanced > > Leah > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From leah_zimmermann at web.de Wed Jun 12 12:04:33 2013 From: leah_zimmermann at web.de (Leah Zimmermann) Date: Wed, 12 Jun 2013 14:04:33 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <20130612100328.GP6550@localhost.localdomain> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> Message-ID: <51B863D1.3050308@web.de> Am 12.06.2013 12:03, schrieb Sumit Bose: > On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: >> Dear List Members, >> >> I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted >> relationship to an AD-Domain. >> The users of the AD-Domain can login via ssh- or console-login. Then >> they can start the gnome desktop manually. But if they login via gdm >> they logged out immediatly. > Which name style are you using 'AD_NETBIOS\username' or > 'username at AD_DOMAIN' ? If you only tried one can you try the other? until now I tried only 'username at AD_DOMAIN', but 'AD_NETBIOS\username' does not work as well. > > If this does not help, please send the relevant section of > /var/Log/secure and the sssd logs with a high debug level. > > As far as I can see, both styles causing the same results. Jun 12 13:27:56 ipa_hostname pam: gdm-password: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN Jun 12 13:27:57 ipa_hostname pam: gdm-password: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN Jun 12 13:27:57 ipa_hostname pam: gdm-password: pam_unix(gdm-password:session): session opened for user leah at AD_DOMAIN by (uid=0) Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Jun 12 13:27:58 ipa_hostname pam: gdm-password: pam_unix(gdm-password:session): session closed for user leah at AD_DOMAIN Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Jun 12 13:32:56 ipa_hostname pam: gdm-password: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah Jun 12 13:32:58 ipa_hostname pam: gdm-password: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah Jun 12 13:32:58 ipa_hostname pam: gdm-password: pam_unix(gdm-password:session): session opened for user AD_NETBIOS\leah by (uid=0) Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Jun 12 13:32:58 ipa_hostname pam: gdm-password: pam_unix(gdm-password:session): session closed for user AD_NETBIOS\leah Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) May be the Unregistered Authentication Agent is the problem. But what I have missed to do? Thanks Leah -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Wed Jun 12 12:37:22 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 12 Jun 2013 14:37:22 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: <20130612091030.GV26689@redhat.com> Message-ID: <20130612123722.GC1859@hendrix.redhat.com> On Wed, Jun 12, 2013 at 11:22:35AM +0200, Matt . wrote: > Hi, > > The package as you described is installed, the configlines are set as you > show it. > > This is what I see in auth.log, my sssd_sudo does not show a thing: > > Jun 12 11:19:16 server sudo: pam_unix(sudo:auth): authentication failure; > logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= > user=USERNAME > Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): User info message: Your > password will expire in 89 day(s). > Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): authentication success; > logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= > user=USERNAME > Jun 12 11:19:16 server sudo: USERNAME : user NOT in sudoers ; TTY=pts/0 ; > PWD=/ ; USER=root ; COMMAND=/bin/su Pavel, I know you were debugging this problem on IRC, was there any conclusion? > Jun 12 11:19:16 server sudo: unable to execute /usr/sbin/sendmail: No such > file or directory > > I really cannot figure out what to check more. > > > 2013/6/12 Alexander Bokovoy > > > On Wed, 12 Jun 2013, Matt . wrote: > > > >> Hi, > >> > >> A lot of people seem to have problem with Sudo and FreeIPA. > >> > >> How to enable sudo is described here: > >> > >> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_** > >> Integration.pdf > >> > >> The problem we are facing, also discussed on IRC is that there is looked > >> in > >> the local sudoers file of the client if the loggedin user may sudo. Of > >> course the username is not known there. > >> > > Not sure what exactly is your problem? Could you please rephrase and > > show it with logs again? > > > > If you are using SSSD's sudo integration against IPA server, then here > > is what you need to get it working on Fedora 18/19 and RHEL 6.4: > > > > 1. install libsss_sudo package > > > > 2. Add/change following line to /etc/nsswitch.conf > > > > sudoers: files sss > > > > 3. Make sure your /etc/sssd/sssd.conf looks like this example: > > http://abbra.fedorapeople.org/**.paste/sssd.conf.example > > 4. Restart sssd > > > > These are the only actions I needed to get sudo working for IPA users on > > Fedora 19 and RHEL 6.4. > > > > Please note that sudoers: files sss > > gives you chance to have local users configured in local sudoers. If you > > don't want them to be able to use sudo, just change the line in > > /etc/nsswitch.conf to > > sudoers: sss > > > > > > -- > > / Alexander Bokovoy > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From pbrezina at redhat.com Wed Jun 12 12:51:57 2013 From: pbrezina at redhat.com (=?UTF-8?B?UGF2ZWwgQsWZZXppbmE=?=) Date: Wed, 12 Jun 2013 14:51:57 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <20130612123722.GC1859@hendrix.redhat.com> References: <20130612091030.GV26689@redhat.com> <20130612123722.GC1859@hendrix.redhat.com> Message-ID: <51B86EED.3080106@redhat.com> On 06/12/2013 02:37 PM, Jakub Hrozek wrote: > On Wed, Jun 12, 2013 at 11:22:35AM +0200, Matt . wrote: >> Hi, >> >> The package as you described is installed, the configlines are set as you >> show it. >> >> This is what I see in auth.log, my sssd_sudo does not show a thing: >> >> Jun 12 11:19:16 server sudo: pam_unix(sudo:auth): authentication failure; >> logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= >> user=USERNAME >> Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): User info message: Your >> password will expire in 89 day(s). >> Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): authentication success; >> logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME rhost= >> user=USERNAME >> Jun 12 11:19:16 server sudo: USERNAME : user NOT in sudoers ; TTY=pts/0 ; >> PWD=/ ; USER=root ; COMMAND=/bin/su > > Pavel, I know you were debugging this problem on IRC, was there any > conclusion? > No. I'm waiting for our lab to come back online so I can try to reproduce it. >> Jun 12 11:19:16 server sudo: unable to execute /usr/sbin/sendmail: No such >> file or directory >> >> I really cannot figure out what to check more. >> >> >> 2013/6/12 Alexander Bokovoy >> >>> On Wed, 12 Jun 2013, Matt . wrote: >>> >>>> Hi, >>>> >>>> A lot of people seem to have problem with Sudo and FreeIPA. >>>> >>>> How to enable sudo is described here: >>>> >>>> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_** >>>> Integration.pdf >>>> >>>> The problem we are facing, also discussed on IRC is that there is looked >>>> in >>>> the local sudoers file of the client if the loggedin user may sudo. Of >>>> course the username is not known there. >>>> >>> Not sure what exactly is your problem? Could you please rephrase and >>> show it with logs again? >>> >>> If you are using SSSD's sudo integration against IPA server, then here >>> is what you need to get it working on Fedora 18/19 and RHEL 6.4: >>> >>> 1. install libsss_sudo package >>> >>> 2. Add/change following line to /etc/nsswitch.conf >>> >>> sudoers: files sss >>> >>> 3. Make sure your /etc/sssd/sssd.conf looks like this example: >>> http://abbra.fedorapeople.org/**.paste/sssd.conf.example >>> 4. Restart sssd >>> >>> These are the only actions I needed to get sudo working for IPA users on >>> Fedora 19 and RHEL 6.4. >>> >>> Please note that sudoers: files sss >>> gives you chance to have local users configured in local sudoers. If you >>> don't want them to be able to use sudo, just change the line in >>> /etc/nsswitch.conf to >>> sudoers: sss >>> >>> >>> -- >>> / Alexander Bokovoy >>> > >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > From natxo.asenjo at gmail.com Wed Jun 12 14:19:52 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Wed, 12 Jun 2013 16:19:52 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: Message-ID: On Wed, Jun 12, 2013 at 1:56 AM, Sina Owolabi wrote: > Hi > Please help me understand what I am doing wrong: > > Im using two RHEL6.4 ipa servers in a multi-master configuration > Instead of creating multiple sudocmdgroups and sudo rules, I tried to subset > what I could see in the /etc/sudoers files and have nested command groups > and rules, to be applied to certain users and hostgroups as needed. > I have a hostgroup called allservers, which applies to all servers. > > The allservers hostgroup is a member of sudo rule admin-commands, which I > created for specific users to be able to run admin commands on all servers. > I have added as members, multiple sudogroups, each of which have a number of > commands inside of them. Despite this, I find that sudo does not allow me to > run any command as the users added to the admin-command rule. Please help me > see where my logic is broken, and what to do to fix. Thanks a lot in > advance. we have deployed sudo accross all our ipa nodes with cfengine. The configuration you need is this: /etc/sudo-ldap.conf (permissions 640) TLS_CACERT /etc/ipa/ca.crt TLS_REQCERT demand SASL_MECH GSSAPI BASE dc=domain,dc=tld URI ldaps://kdc1.domain.tld ldaps://kdc2.domain.tld ROOTUSE_SASL on SUDOERS_BASE ou=sudoers,dc=,dc=domain,dc=tld SUDOERS_DEBUG 0 if you need debugging, change SUDOERS_DEBUG to 1 in /etc/nsswitch.conf, you need to have this: sudoers: files ldap sudo needs a nisdomain defined, so in all the nodes you can edit the /etc/sysconfig/network file and add something like this: NISDOMAIN=domain.tld after which a reboot is needed. When you log in the node, in the shell you enter $ nisdomainname and you need to see your ipa domain name in there. If you have a configuration management system modify these files for you, do not forget to restore the selinux context in /etc if selinux is enabled. After that, create a sudo rule. This is our admins sudo rule: $ ipa sudorule-show admins Rule name: admins Description: admins may run any command on anyhost Enabled: TRUE Host category: all Command category: all User Groups: admins Sudo Option: !authenticate It works. I have not yet created other sudo rules limited to a set of hosts/commands, but it should be straight forward. -- natxo From shinacalypse at gmail.com Wed Jun 12 17:29:57 2013 From: shinacalypse at gmail.com (Sina Owolabi) Date: Wed, 12 Jun 2013 18:29:57 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <20130612091030.GV26689@redhat.com> References: <20130612091030.GV26689@redhat.com> Message-ID: Thank you for the reply Alex, though I'm a little confused that I am answering the correct email. I have taken a look at the example sssd.conf you advised, and I'm a little curious if the configuration supports having multiple IPA servers? I have a multi-master setup with two servers. I tried to add both servers to the ldap uri and to the krb5 section byt the service refused to start. Also I have to note that this not being able to sudo only seems to affect physical servers, and not the virtual machines I have applied it against. Also unfortunately, this didnt work either.. I guess I will try a reboot first if I can. sudo debug: [root at waphost IPA-configs]# su - oowolabi [oowolabi at waphost ~]$ sudo service httpd status sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: tls_checkpeer -> 1 sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: timelimit -> 15 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5) sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: no default options found in ou=SUDOers,dc=qrios,dc=com sudo: ldap search '(|(sudoUser=oowolabi)(sudoUser=%oowolabi)(sudoUser=%#721800009)(sudoUser=%admins)(sudoUser=%employees)(sudoUser=%qrios)(sudoUser=%#721800000)(sudoUser=%#721800006)(sudoUser=%#721800008)(sudoUser=ALL))' sudo: searching from base 'ou=SUDOers,dc=qrios,dc=com' sudo: adding search result sudo: result now has 0 entries sudo: ldap search '(sudoUser=+*)' sudo: searching from base 'ou=SUDOers,dc=qrios,dc=com' sudo: adding search result sudo: result now has 0 entries sudo: sorting remaining 0 entries sudo: searching LDAP for sudoers entries sudo: done with LDAP searches sudo: user_matches=1 sudo: host_matches=0 sudo: sudo_ldap_lookup(0)=0x40 [sudo] password for oowolabi: oowolabi is not allowed to run sudo on waphost. This incident will be reported. [oowolabi at waphost ~]$ exit On Wed, Jun 12, 2013 at 10:10 AM, Alexander Bokovoy wrote: > On Wed, 12 Jun 2013, Matt . wrote: > >> Hi, >> >> A lot of people seem to have problem with Sudo and FreeIPA. >> >> How to enable sudo is described here: >> >> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_** >> Integration.pdf >> >> The problem we are facing, also discussed on IRC is that there is looked >> in >> the local sudoers file of the client if the loggedin user may sudo. Of >> course the username is not known there. >> > Not sure what exactly is your problem? Could you please rephrase and > show it with logs again? > > If you are using SSSD's sudo integration against IPA server, then here > is what you need to get it working on Fedora 18/19 and RHEL 6.4: > > 1. install libsss_sudo package > > 2. Add/change following line to /etc/nsswitch.conf > > sudoers: files sss > > 3. Make sure your /etc/sssd/sssd.conf looks like this example: > http://abbra.fedorapeople.org/**.paste/sssd.conf.example > 4. Restart sssd > > These are the only actions I needed to get sudo working for IPA users on > Fedora 19 and RHEL 6.4. > > Please note that sudoers: files sss > gives you chance to have local users configured in local sudoers. If you > don't want them to be able to use sudo, just change the line in > /etc/nsswitch.conf to > sudoers: sss > > > -- > / Alexander Bokovoy > > > ______________________________**_________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/**mailman/listinfo/freeipa-users > -- best regards, Sina Owolabi +2348034022578 +2348176469061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From shinacalypse at gmail.com Wed Jun 12 18:21:30 2013 From: shinacalypse at gmail.com (Sina Owolabi) Date: Wed, 12 Jun 2013 19:21:30 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: <20130612091030.GV26689@redhat.com> Message-ID: I rebooted one of the servers and it worked! Thanks a lot On Wed, Jun 12, 2013 at 6:29 PM, Sina Owolabi wrote: > Thank you for the reply Alex, though I'm a little confused that I am > answering the correct email. > I have taken a look at the example sssd.conf you advised, and I'm a little > curious if the configuration supports having multiple IPA servers? I have a > multi-master setup with two servers. I tried to add both servers to the > ldap uri and to the krb5 section byt the service refused to start. > Also I have to note that this not being able to sudo only seems to affect > physical servers, and not the virtual machines I have applied it against. > Also unfortunately, this didnt work either.. I guess I will try a reboot > first if I can. > > sudo debug: > > [root at waphost IPA-configs]# su - oowolabi > > [oowolabi at waphost ~]$ sudo service httpd status > sudo: ldap_set_option: debug -> 0 > sudo: ldap_set_option: tls_checkpeer -> 1 > sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt > sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt > sudo: ldap_set_option: ldap_version -> 3 > sudo: ldap_set_option: timelimit -> 15 > sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5) > sudo: ldap_start_tls_s() ok > sudo: ldap_sasl_bind_s() ok > sudo: Looking for cn=defaults: cn=defaults > sudo: no default options found in ou=SUDOers,dc=qrios,dc=com > sudo: ldap search > '(|(sudoUser=oowolabi)(sudoUser=%oowolabi)(sudoUser=%#721800009)(sudoUser=%admins)(sudoUser=%employees)(sudoUser=%qrios)(sudoUser=%#721800000)(sudoUser=%#721800006)(sudoUser=%#721800008)(sudoUser=ALL))' > sudo: searching from base 'ou=SUDOers,dc=qrios,dc=com' > sudo: adding search result > sudo: result now has 0 entries > sudo: ldap search '(sudoUser=+*)' > sudo: searching from base 'ou=SUDOers,dc=qrios,dc=com' > sudo: adding search result > sudo: result now has 0 entries > sudo: sorting remaining 0 entries > sudo: searching LDAP for sudoers entries > sudo: done with LDAP searches > sudo: user_matches=1 > sudo: host_matches=0 > sudo: sudo_ldap_lookup(0)=0x40 > [sudo] password for oowolabi: > oowolabi is not allowed to run sudo on waphost. This incident will be > reported. > [oowolabi at waphost ~]$ exit > > > > On Wed, Jun 12, 2013 at 10:10 AM, Alexander Bokovoy wrote: > >> On Wed, 12 Jun 2013, Matt . wrote: >> >>> Hi, >>> >>> A lot of people seem to have problem with Sudo and FreeIPA. >>> >>> How to enable sudo is described here: >>> >>> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_** >>> Integration.pdf >>> >>> The problem we are facing, also discussed on IRC is that there is looked >>> in >>> the local sudoers file of the client if the loggedin user may sudo. Of >>> course the username is not known there. >>> >> Not sure what exactly is your problem? Could you please rephrase and >> show it with logs again? >> >> If you are using SSSD's sudo integration against IPA server, then here >> is what you need to get it working on Fedora 18/19 and RHEL 6.4: >> >> 1. install libsss_sudo package >> >> 2. Add/change following line to /etc/nsswitch.conf >> >> sudoers: files sss >> >> 3. Make sure your /etc/sssd/sssd.conf looks like this example: >> http://abbra.fedorapeople.org/**.paste/sssd.conf.example >> 4. Restart sssd >> >> These are the only actions I needed to get sudo working for IPA users on >> Fedora 19 and RHEL 6.4. >> >> Please note that sudoers: files sss >> gives you chance to have local users configured in local sudoers. If you >> don't want them to be able to use sudo, just change the line in >> /etc/nsswitch.conf to >> sudoers: sss >> >> >> -- >> / Alexander Bokovoy >> >> >> ______________________________**_________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/**mailman/listinfo/freeipa-users >> > > > > -- > best regards, > > Sina Owolabi > +2348034022578 > +2348176469061 > -- best regards, Sina Owolabi +2348034022578 +2348176469061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jun 12 22:26:54 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Thu, 13 Jun 2013 01:26:54 +0300 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: <20130612091030.GV26689@redhat.com> Message-ID: <20130612222654.GW26689@redhat.com> On Wed, 12 Jun 2013, Sina Owolabi wrote: >Thank you for the reply Alex, though I'm a little confused that I am >answering the correct email. >I have taken a look at the example sssd.conf you advised, and I'm a little >curious if the configuration supports having multiple IPA servers? I have a >multi-master setup with two servers. I tried to add both servers to the >ldap uri and to the krb5 section byt the service refused to start. See man sssd-ldap(5). ldap_uri accepts comma-separated list of servers. Same for krb5_server, see sssd-krb5(5). -- / Alexander Bokovoy From sbose at redhat.com Thu Jun 13 07:18:14 2013 From: sbose at redhat.com (Sumit Bose) Date: Thu, 13 Jun 2013 09:18:14 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <51B863D1.3050308@web.de> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> Message-ID: <20130613071814.GF4317@localhost.localdomain> On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: > Am 12.06.2013 12:03, schrieb Sumit Bose: > >On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: > >>Dear List Members, > >> > >>I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted > >>relationship to an AD-Domain. > >>The users of the AD-Domain can login via ssh- or console-login. Then > >>they can start the gnome desktop manually. But if they login via gdm > >>they logged out immediatly. > >Which name style are you using 'AD_NETBIOS\username' or > >'username at AD_DOMAIN' ? If you only tried one can you try the other? > until now I tried only 'username at AD_DOMAIN', but > 'AD_NETBIOS\username' does not work as well. > > > >If this does not help, please send the relevant section of > >/var/Log/secure and the sssd logs with a high debug level. > > > > > As far as I can see, both styles causing the same results. > > Jun 12 13:27:56 ipa_hostname pam: gdm-password: > pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > Jun 12 13:27:57 ipa_hostname pam: gdm-password: > pam_sss(gdm-password:auth): authentication success; logname= uid=0 > euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > Jun 12 13:27:57 ipa_hostname pam: gdm-password: > pam_unix(gdm-password:session): session opened for user > leah at AD_DOMAIN by (uid=0) > Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered > Authentication Agent for session > /org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, > object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > de_DE.UTF-8) (disconnected from bus) > Jun 12 13:27:58 ipa_hostname pam: gdm-password: > pam_unix(gdm-password:session): session closed for user > leah at AD_DOMAIN > Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered > Authentication Agent for session > /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 > [/usr/libexec/polkit-gnome-authentication-agent-1], object path > /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > > > Jun 12 13:32:56 ipa_hostname pam: gdm-password: > pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > Jun 12 13:32:58 ipa_hostname pam: gdm-password: > pam_sss(gdm-password:auth): authentication success; logname= uid=0 > euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > Jun 12 13:32:58 ipa_hostname pam: gdm-password: > pam_unix(gdm-password:session): session opened for user > AD_NETBIOS\leah by (uid=0) > Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered > Authentication Agent for session > /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, > object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > de_DE.UTF-8) (disconnected from bus) > Jun 12 13:32:58 ipa_hostname pam: gdm-password: > pam_unix(gdm-password:session): session closed for user > AD_NETBIOS\leah > Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered > Authentication Agent for session > /org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 > [/usr/libexec/polkit-gnome-authentication-agent-1], object path > /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > > May be the Unregistered Authentication Agent is the problem. But > what I have missed to do? Do you have SELinux enabled? Can you check if there any audit messages with DELinux denials? Can you check if the SELinux context of the users home directory is right? bye, Sumit > > Thanks > > Leah > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From jhrozek at redhat.com Thu Jun 13 08:31:47 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Thu, 13 Jun 2013 10:31:47 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <20130612222654.GW26689@redhat.com> References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> Message-ID: <20130613083147.GC8351@hendrix.redhat.com> On Thu, Jun 13, 2013 at 01:26:54AM +0300, Alexander Bokovoy wrote: > On Wed, 12 Jun 2013, Sina Owolabi wrote: > >Thank you for the reply Alex, though I'm a little confused that I am > >answering the correct email. > >I have taken a look at the example sssd.conf you advised, and I'm a little > >curious if the configuration supports having multiple IPA servers? I have a > >multi-master setup with two servers. I tried to add both servers to the > >ldap uri and to the krb5 section byt the service refused to start. > See man sssd-ldap(5). ldap_uri accepts comma-separated list of servers. > Same for krb5_server, see sssd-krb5(5). Also if you're using service DNS records, you can either leave the URIs blank and default to service resolution or explicitly use service resolution along with a hardcoded name: ldap_uri = _srv_, ldap://ldap.example.com See the "service discovery" section in the man pages. From pbrezina at redhat.com Thu Jun 13 11:49:10 2013 From: pbrezina at redhat.com (=?UTF-8?B?UGF2ZWwgQsWZZXppbmE=?=) Date: Thu, 13 Jun 2013 13:49:10 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <51B86EED.3080106@redhat.com> References: <20130612091030.GV26689@redhat.com> <20130612123722.GC1859@hendrix.redhat.com> <51B86EED.3080106@redhat.com> Message-ID: <51B9B1B6.1060303@redhat.com> On 06/12/2013 02:51 PM, Pavel B?ezina wrote: > On 06/12/2013 02:37 PM, Jakub Hrozek wrote: >> On Wed, Jun 12, 2013 at 11:22:35AM +0200, Matt . wrote: >>> Hi, >>> >>> The package as you described is installed, the configlines are set as >>> you >>> show it. >>> >>> This is what I see in auth.log, my sssd_sudo does not show a thing: >>> >>> Jun 12 11:19:16 server sudo: pam_unix(sudo:auth): authentication >>> failure; >>> logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME >>> rhost= >>> user=USERNAME >>> Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): User info message: Your >>> password will expire in 89 day(s). >>> Jun 12 11:19:16 server sudo: pam_sss(sudo:auth): authentication success; >>> logname=USERNAME uid=866600006 euid=0 tty=/dev/pts/0 ruser=USERNAME >>> rhost= >>> user=USERNAME >>> Jun 12 11:19:16 server sudo: USERNAME : user NOT in sudoers ; >>> TTY=pts/0 ; >>> PWD=/ ; USER=root ; COMMAND=/bin/su >> >> Pavel, I know you were debugging this problem on IRC, was there any >> conclusion? >> > > No. I'm waiting for our lab to come back online so I can try to > reproduce it. I followed the deployment guide and everything works fine. If you still have problem, please start over and follow: [1] for sudo-ldap-ipa [2] for sudo-sssd-ipa Check list: - NIS domain has to be set to IPA domain - hostname must be set to fqdn - sudo-ldap configuration file on RHEL systems is located at # sudo -V | grep ldap.conf ldap.conf path: /etc/sudo-ldap.conf - nsswitch must contain sudoers: ldap or sudoers: sss # cat /etc/nsswitch.conf | grep sudoers sudoers: files ldap [1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#example-configuring-sudo [2] http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > >>> Jun 12 11:19:16 server sudo: unable to execute /usr/sbin/sendmail: No >>> such >>> file or directory >>> >>> I really cannot figure out what to check more. >>> >>> >>> 2013/6/12 Alexander Bokovoy >>> >>>> On Wed, 12 Jun 2013, Matt . wrote: >>>> >>>>> Hi, >>>>> >>>>> A lot of people seem to have problem with Sudo and FreeIPA. >>>>> >>>>> How to enable sudo is described here: >>>>> >>>>> http://www.freeipa.org/images/**7/77/Freeipa30_SSSD_SUDO_** >>>>> Integration.pdf >>>>> >>>>> >>>>> The problem we are facing, also discussed on IRC is that there is >>>>> looked >>>>> in >>>>> the local sudoers file of the client if the loggedin user may sudo. Of >>>>> course the username is not known there. >>>>> >>>> Not sure what exactly is your problem? Could you please rephrase and >>>> show it with logs again? >>>> >>>> If you are using SSSD's sudo integration against IPA server, then here >>>> is what you need to get it working on Fedora 18/19 and RHEL 6.4: >>>> >>>> 1. install libsss_sudo package >>>> >>>> 2. Add/change following line to /etc/nsswitch.conf >>>> >>>> sudoers: files sss >>>> >>>> 3. Make sure your /etc/sssd/sssd.conf looks like this example: >>>> http://abbra.fedorapeople.org/**.paste/sssd.conf.example >>>> >>>> 4. Restart sssd >>>> >>>> These are the only actions I needed to get sudo working for IPA >>>> users on >>>> Fedora 19 and RHEL 6.4. >>>> >>>> Please note that sudoers: files sss >>>> gives you chance to have local users configured in local sudoers. If >>>> you >>>> don't want them to be able to use sudo, just change the line in >>>> /etc/nsswitch.conf to >>>> sudoers: sss >>>> >>>> >>>> -- >>>> / Alexander Bokovoy >>>> >> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From leah_zimmermann at web.de Thu Jun 13 11:49:30 2013 From: leah_zimmermann at web.de (Leah Zimmermann) Date: Thu, 13 Jun 2013 13:49:30 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <20130613071814.GF4317@localhost.localdomain> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> <20130613071814.GF4317@localhost.localdomain> Message-ID: <51B9B1CA.7090209@web.de> Hello Sumit, Hello List Members, Am 13.06.2013 09:18, schrieb Sumit Bose: > On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: >> Am 12.06.2013 12:03, schrieb Sumit Bose: >>> On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: >>>> Dear List Members, >>>> >>>> I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted >>>> relationship to an AD-Domain. >>>> The users of the AD-Domain can login via ssh- or console-login. Then >>>> they can start the gnome desktop manually. But if they login via gdm >>>> they logged out immediatly. >>> Which name style are you using 'AD_NETBIOS\username' or >>> 'username at AD_DOMAIN' ? If you only tried one can you try the other? >> until now I tried only 'username at AD_DOMAIN', but >> 'AD_NETBIOS\username' does not work as well. >>> If this does not help, please send the relevant section of >>> /var/Log/secure and the sssd logs with a high debug level. >>> >>> >> As far as I can see, both styles causing the same results. >> >> Jun 12 13:27:56 ipa_hostname pam: gdm-password: >> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >> pam_unix(gdm-password:session): session opened for user >> leah at AD_DOMAIN by (uid=0) >> Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered >> Authentication Agent for session >> /org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, >> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >> de_DE.UTF-8) (disconnected from bus) >> Jun 12 13:27:58 ipa_hostname pam: gdm-password: >> pam_unix(gdm-password:session): session closed for user >> leah at AD_DOMAIN >> Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered >> Authentication Agent for session >> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 >> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >> >> >> Jun 12 13:32:56 ipa_hostname pam: gdm-password: >> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >> pam_unix(gdm-password:session): session opened for user >> AD_NETBIOS\leah by (uid=0) >> Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered >> Authentication Agent for session >> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, >> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >> de_DE.UTF-8) (disconnected from bus) >> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >> pam_unix(gdm-password:session): session closed for user >> AD_NETBIOS\leah >> Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered >> Authentication Agent for session >> /org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 >> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >> >> May be the Unregistered Authentication Agent is the problem. But >> what I have missed to do? > Do you have SELinux enabled? Can you check if there any audit messages > with DELinux denials? Can you check if the SELinux context of the users > home directory is right? SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux. I did that already, for eleminating this as the source of difficulties. I'm sorry. May be, I should have mentioned this earlier. If I set it to permissive mode I get drwxr-xr-x. leah at ad_domain leah at ad_domain unconfined_u:object_r:user_home_t:s0 leah drwxr-xr-x. user_xy at ad_domain user_xy at ad_domain unconfined_u:object_r:user_home_t:s0 user_xy ... All home directories of AD-Users looks like this. Thanks Leah From notify.sina at gmail.com Thu Jun 13 12:22:55 2013 From: notify.sina at gmail.com (Notify Me) Date: Thu, 13 Jun 2013 13:22:55 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <20130613083147.GC8351@hendrix.redhat.com> References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> <20130613083147.GC8351@hendrix.redhat.com> Message-ID: Thanks a lot. I followed Alex's advice and it's all good now. Very much appreciated! On Jun 13, 2013 9:33 AM, "Jakub Hrozek" wrote: > On Thu, Jun 13, 2013 at 01:26:54AM +0300, Alexander Bokovoy wrote: > > On Wed, 12 Jun 2013, Sina Owolabi wrote: > > >Thank you for the reply Alex, though I'm a little confused that I am > > >answering the correct email. > > >I have taken a look at the example sssd.conf you advised, and I'm a > little > > >curious if the configuration supports having multiple IPA servers? I > have a > > >multi-master setup with two servers. I tried to add both servers to the > > >ldap uri and to the krb5 section byt the service refused to start. > > See man sssd-ldap(5). ldap_uri accepts comma-separated list of servers. > > Same for krb5_server, see sssd-krb5(5). > > Also if you're using service DNS records, you can either leave the URIs > blank and default to service resolution or explicitly use service > resolution along with a hardcoded name: > > ldap_uri = _srv_, ldap://ldap.example.com > > See the "service discovery" section in the man pages. > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joaquimdecarvalho at gmail.com Thu Jun 13 20:10:29 2013 From: joaquimdecarvalho at gmail.com (Marcelo Carvalho) Date: Thu, 13 Jun 2013 13:10:29 -0700 Subject: [Freeipa-users] (no subject) Message-ID: Hi Folks. I have installed an ipa server and a replica on linux CentOS release 6.4 (Final). It is using outside DNS. I have https console access authenticating admin user through kerberos, and have migrated information on 80+ users and groups to it from a LDAP server. Packages related to ipa installed at main server are: [root ~]# rpm -qa | grep ipa ipa-server-selinux-3.0.0-26.el6_4.2.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-1.9.2-82.el6.x86_64 ipa-python-3.0.0-26.el6_4.2.x86_64 ipa-admintools-3.0.0-26.el6_4.2.x86_64 ipa-client-3.0.0-26.el6_4.2.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch libipa_hbac-python-1.9.2-82.el6.x86_64 ipa-server-3.0.0-26.el6_4.2.x86_64 [root ~]# I am now on the process of installing a CentOS 6.4 as IPA client, and switch my Ubuntu desktop to use IPA as well. 1- On the CentOS 6.4 as IPA client: Packages installed are: $ rpm -qa | grep ipa ipa-client-3.0.0-26.el6_4.2.x86_64 ipa-python-3.0.0-26.el6_4.2.x86_64 python-iniparse-0.3.1-2.1.el6.noarch libipa_hbac-python-1.9.2-82.el6.x86_64 libipa_hbac-1.9.2-82.el6.x86_64 I run installation line as follows and ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx --realm=XXXXXX.XXX Id did go well and I see output line: Client configuration complete. Although all of the above I still cannot login into this new node using IPA. It still checks the local users. 2- On the Ubunto desktop I am locked out. It now does not accept my IPA user-passwd not my local-user-passwd. Please advise on both. Many thanks, Marcelo From gmatz at collective.com Thu Jun 13 21:21:28 2013 From: gmatz at collective.com (Guy Matz) Date: Thu, 13 Jun 2013 21:21:28 +0000 Subject: [Freeipa-users] (no subject) References: Message-ID: <8472F90C3727F143A32CAF760BBE7CBC04CC31A5@MBX023-W1-CA-6.exch023.domain.local> Which version of ubuntu are you using? On 06/13/2013 04:12 PM, Marcelo Carvalho wrote: > Hi Folks. > > I have installed an ipa server and a replica on linux CentOS release > 6.4 (Final). It is using outside DNS. I have https console access > authenticating admin user through kerberos, and have migrated > information on 80+ users and groups to it from a LDAP server. > > Packages related to ipa installed at main server are: > > [root ~]# rpm -qa | grep ipa > ipa-server-selinux-3.0.0-26.el6_4.2.x86_64 > ipa-pki-ca-theme-9.0.3-7.el6.noarch > libipa_hbac-1.9.2-82.el6.x86_64 > ipa-python-3.0.0-26.el6_4.2.x86_64 > ipa-admintools-3.0.0-26.el6_4.2.x86_64 > ipa-client-3.0.0-26.el6_4.2.x86_64 > python-iniparse-0.3.1-2.1.el6.noarch > ipa-pki-common-theme-9.0.3-7.el6.noarch > libipa_hbac-python-1.9.2-82.el6.x86_64 > ipa-server-3.0.0-26.el6_4.2.x86_64 > [root ~]# > > I am now on the process of installing a CentOS 6.4 as IPA client, and > switch my Ubuntu desktop to use IPA as well. > > 1- On the CentOS 6.4 as IPA client: > > Packages installed are: > > $ rpm -qa | grep ipa > ipa-client-3.0.0-26.el6_4.2.x86_64 > ipa-python-3.0.0-26.el6_4.2.x86_64 > python-iniparse-0.3.1-2.1.el6.noarch > libipa_hbac-python-1.9.2-82.el6.x86_64 > libipa_hbac-1.9.2-82.el6.x86_64 > > > I run installation line as follows and > > ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx > --realm=XXXXXX.XXX > > Id did go well and I see output line: > > Client configuration complete. > > Although all of the above I still cannot login into this new node > using IPA. It still checks the local users. > > > 2- On the Ubunto desktop > > I am locked out. It now does not accept my IPA user-passwd not my > local-user-passwd. > > Please advise on both. > > Many thanks, > > Marcelo > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > From sbose at redhat.com Fri Jun 14 07:08:53 2013 From: sbose at redhat.com (Sumit Bose) Date: Fri, 14 Jun 2013 09:08:53 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <51B9B1CA.7090209@web.de> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> <20130613071814.GF4317@localhost.localdomain> <51B9B1CA.7090209@web.de> Message-ID: <20130614070853.GO4317@localhost.localdomain> On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote: > Hello Sumit, > Hello List Members, > > Am 13.06.2013 09:18, schrieb Sumit Bose: > >On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: > >>Am 12.06.2013 12:03, schrieb Sumit Bose: > >>>On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: > >>>>Dear List Members, > >>>> > >>>>I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted > >>>>relationship to an AD-Domain. > >>>>The users of the AD-Domain can login via ssh- or console-login. Then > >>>>they can start the gnome desktop manually. But if they login via gdm > >>>>they logged out immediatly. > >>>Which name style are you using 'AD_NETBIOS\username' or > >>>'username at AD_DOMAIN' ? If you only tried one can you try the other? > >>until now I tried only 'username at AD_DOMAIN', but > >>'AD_NETBIOS\username' does not work as well. > >>>If this does not help, please send the relevant section of > >>>/var/Log/secure and the sssd logs with a high debug level. > >>> > >>> > >>As far as I can see, both styles causing the same results. > >> > >>Jun 12 13:27:56 ipa_hostname pam: gdm-password: > >>pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > >>euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > >>Jun 12 13:27:57 ipa_hostname pam: gdm-password: > >>pam_sss(gdm-password:auth): authentication success; logname= uid=0 > >>euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > >>Jun 12 13:27:57 ipa_hostname pam: gdm-password: > >>pam_unix(gdm-password:session): session opened for user > >>leah at AD_DOMAIN by (uid=0) > >>Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered > >>Authentication Agent for session > >>/org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, > >>object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > >>de_DE.UTF-8) (disconnected from bus) > >>Jun 12 13:27:58 ipa_hostname pam: gdm-password: > >>pam_unix(gdm-password:session): session closed for user > >>leah at AD_DOMAIN > >>Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered > >>Authentication Agent for session > >>/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 > >>[/usr/libexec/polkit-gnome-authentication-agent-1], object path > >>/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > >> > >> > >>Jun 12 13:32:56 ipa_hostname pam: gdm-password: > >>pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > >>euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > >>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>pam_sss(gdm-password:auth): authentication success; logname= uid=0 > >>euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > >>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>pam_unix(gdm-password:session): session opened for user > >>AD_NETBIOS\leah by (uid=0) > >>Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered > >>Authentication Agent for session > >>/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, > >>object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > >>de_DE.UTF-8) (disconnected from bus) > >>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>pam_unix(gdm-password:session): session closed for user > >>AD_NETBIOS\leah > >>Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered > >>Authentication Agent for session > >>/org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 > >>[/usr/libexec/polkit-gnome-authentication-agent-1], object path > >>/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > >> > >>May be the Unregistered Authentication Agent is the problem. But > >>what I have missed to do? > >Do you have SELinux enabled? Can you check if there any audit messages > >with DELinux denials? Can you check if the SELinux context of the users > >home directory is right? > SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux. > I did that already, for eleminating this as the source of difficulties. > I'm sorry. May be, I should have mentioned this earlier. > > If I set it to permissive mode I get > > drwxr-xr-x. leah at ad_domain leah at ad_domain > unconfined_u:object_r:user_home_t:s0 leah > drwxr-xr-x. user_xy at ad_domain user_xy at ad_domain > unconfined_u:object_r:user_home_t:s0 user_xy > ... > > All home directories of AD-Users looks like this. The labels look good. Since this issue seems to be happen during the open-session PAM step I'm quite confident that it is not related to FreeIPA or SSSD, because they do not handle open-session. Do the log files in /var/log/gdm contain any other information? Can you send your gdm-passwd PAM configuration file and all include ones (password-auth) to see if there is anything odd? bye, Sumit > > Thanks > > Leah > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From james.hogarth at gmail.com Fri Jun 14 11:12:14 2013 From: james.hogarth at gmail.com (James Hogarth) Date: Fri, 14 Jun 2013 12:12:14 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <20130613083147.GC8351@hendrix.redhat.com> References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> <20130613083147.GC8351@hendrix.redhat.com> Message-ID: > Also if you're using service DNS records, you can either leave the URIs > blank and default to service resolution or explicitly use service > resolution along with a hardcoded name: > > ldap_uri = _srv_, ldap://ldap.example.com > > > Hi Jakub, Thanks for this. I've been doing the ldap backed sudo for a while for my systems and missed that sssd backed sudo arrived in EL6.4... A quick bit of testing looks like the bare minimum that needs to be added to sssd.conf is to the main section under [domain]: sudo_provider = ldap ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI with an [sudo] section and sudo added to the provided services of course... This really cleans up something that was quite messy before and simplifies a lot - thanks! Time to go and convert all my systems over I think... James -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Fri Jun 14 11:24:30 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Fri, 14 Jun 2013 13:24:30 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> <20130613083147.GC8351@hendrix.redhat.com> Message-ID: <20130614112430.GF5016@hendrix.redhat.com> On Fri, Jun 14, 2013 at 12:12:14PM +0100, James Hogarth wrote: > > Also if you're using service DNS records, you can either leave the URIs > > blank and default to service resolution or explicitly use service > > resolution along with a hardcoded name: > > > > ldap_uri = _srv_, ldap://ldap.example.com > > > > > > > Hi Jakub, > > Thanks for this. I've been doing the ldap backed sudo for a while for my > systems and missed that sssd backed sudo arrived in EL6.4... > > A quick bit of testing looks like the bare minimum that needs to be added > to sssd.conf is to the main section under [domain]: > > sudo_provider = ldap > ldap_sudo_search_base = ou=sudoers,dc=example,dc=com > ldap_sasl_mech = GSSAPI > > > with an [sudo] section and sudo added to the provided services of course... > > This really cleans up something that was quite messy before and simplifies > a lot - thanks! > > Time to go and convert all my systems over I think... > > James Hi James, I believe that at one point we included a configuration very similar to the snippet above in man sssd-sudo. It should be there in 6.4, not 100% sure now. From james.hogarth at gmail.com Fri Jun 14 11:38:53 2013 From: james.hogarth at gmail.com (James Hogarth) Date: Fri, 14 Jun 2013 12:38:53 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: <20130614112430.GF5016@hendrix.redhat.com> References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> <20130613083147.GC8351@hendrix.redhat.com> <20130614112430.GF5016@hendrix.redhat.com> Message-ID: > I believe that at one point we included a configuration very similar to > the snippet above in man sssd-sudo. It should be there in 6.4, not 100% > sure now. > Just checked the man page and indeed that minimal snippet is there ... I really need to spend more time going through new man pages etc at each point release! My quick testing has it working a treat though and it's a lot more lightweight with the caching going on than it was before I've just let a couple of my colleagues know who were struggling a bit with the ldap-sudo and binding stuff ... this is just so much simpler. -------------- next part -------------- An HTML attachment was scrubbed... URL: From yamakasi.014 at gmail.com Fri Jun 14 11:56:07 2013 From: yamakasi.014 at gmail.com (Matt .) Date: Fri, 14 Jun 2013 13:56:07 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> <20130613083147.GC8351@hendrix.redhat.com> <20130614112430.GF5016@hendrix.redhat.com> Message-ID: James, Is this in RHEL based systems only ? On Ubuntu there seems to be still issues. A full printout of the config file(s) would be nice to see as most people write other things down they have working, but the working ones don't write their full config down. Thanks. Cheers, Matt 2013/6/14 James Hogarth > > I believe that at one point we included a configuration very similar to >> the snippet above in man sssd-sudo. It should be there in 6.4, not 100% >> sure now. >> > > Just checked the man page and indeed that minimal snippet is there ... > > I really need to spend more time going through new man pages etc at each > point release! > > My quick testing has it working a treat though and it's a lot more > lightweight with the caching going on than it was before > > I've just let a couple of my colleagues know who were struggling a bit > with the ldap-sudo and binding stuff ... this is just so much simpler. > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From james.hogarth at gmail.com Fri Jun 14 12:36:16 2013 From: james.hogarth at gmail.com (James Hogarth) Date: Fri, 14 Jun 2013 13:36:16 +0100 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> <20130613083147.GC8351@hendrix.redhat.com> <20130614112430.GF5016@hendrix.redhat.com> Message-ID: > Is this in RHEL based systems only ? On Ubuntu there seems to be still > issues. > > A full printout of the config file(s) would be nice to see as most people > write other things down they have working, but the working ones don't write > their full config down. > > All my systems are CentOS 6.4 so YMMV on Ubuntu - I've not tested any packages for debian based systems... The full (sanitized for domains) config: [root at backup hogarthj]# cat /etc/sssd/sssd.conf [domain/example.com] cache_credentials = True krb5_store_password_if_offline = True krb5_realm = EXAMPLE.COM ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, ipa01.example.com ldap_tls_cacert = /etc/ipa/ca.crt sudo_provider = ldap ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = example.com [nss] [pam] [sudo] [autofs] [ssh] The only other edit on the system to make this work was adding this line to /etc/nsswitch.conf: sudoers: files sss This system was successfully working with the ldap-sudo.conf method before but of course that had no load balancing and no caching. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Fri Jun 14 12:46:39 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Fri, 14 Jun 2013 14:46:39 +0200 Subject: [Freeipa-users] Sudo Commands and groups confusion In-Reply-To: References: <20130612091030.GV26689@redhat.com> <20130612222654.GW26689@redhat.com> <20130613083147.GC8351@hendrix.redhat.com> <20130614112430.GF5016@hendrix.redhat.com> Message-ID: <20130614124639.GO5016@hendrix.redhat.com> On Fri, Jun 14, 2013 at 01:36:16PM +0100, James Hogarth wrote: > > Is this in RHEL based systems only ? On Ubuntu there seems to be still > > issues. > > > > A full printout of the config file(s) would be nice to see as most people > > write other things down they have working, but the working ones don't write > > their full config down. > > > > > All my systems are CentOS 6.4 so YMMV on Ubuntu - I've not tested any > packages for debian based systems... > > The full (sanitized for domains) config: > [snip] > sudo_provider = ldap > ldap_sudo_search_base = ou=sudoers,dc=example,dc=com > ldap_sasl_mech = GSSAPI btw in 1.10 we have amended the sudo IPA provider to include this configuration as default, so you should no longer need to amend the config file with 1.10 From jokajak at gmail.com Fri Jun 14 13:37:01 2013 From: jokajak at gmail.com (Josh) Date: Fri, 14 Jun 2013 09:37:01 -0400 Subject: [Freeipa-users] ipa-server-install problem Message-ID: <51BB1C7D.8050801@gmail.com> I'm trying to install freeipa on RHEL6.4 running version ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the "Configuration of CA failed". I believe the problem is that the python used to generate the perl command doesn't wrap any of the arguments in quotes. [1/20]: creating certificate server user ipa : DEBUG ca user pkiuser exists ipa : DEBUG duration: 0 seconds ipa : DEBUG [2/20]: configuring certificate server instance [2/20]: configuring certificate server instance ipa : DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname jokajak.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false ipa : DEBUG stdout=libpath=/usr/lib64 ####################################################################### ####################################################################### ipa : DEBUG stderr=sh: -c: line 0: syntax error near unexpected token `)' sh: -c: line 0: `java -cp /usr/share/java/pki/pki-silent.jar:/usr/share/java/pki/pki-certsrv.jar:/usr/share/java/pki/pki-cmscore.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/pki/pki-tools.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/xerces-j2.jar:/usr/share/java/xml-commons-apis.jar:/usr/share/java/xml-commons-resolver.jar:/usr/lib/java/dirsec/jss4.jar:/usr/lib/java/jss4.jar:/usr/lib/java/dirsec/osutil.jar:/usr/lib/java/osutil.jar: ConfigureCA -cs_hostname jokajak.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false' ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname jokajak.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM -ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM -external false -clone false' returned non-zero exit status 255 ipa : INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 942, in main subject_base=options.subject) File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 617, in configure_instance self.start_creation(runtime=210) File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 358, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 879, in __configure_instance raise RuntimeError('Configuration of CA failed') ipa : INFO The ipa-server-install command failed, exception: RuntimeError: Configuration of CA failed Configuration of CA failed Any recommendations on how to proceed? Thanks, -josh From pviktori at redhat.com Fri Jun 14 14:31:29 2013 From: pviktori at redhat.com (Petr Viktorin) Date: Fri, 14 Jun 2013 16:31:29 +0200 Subject: [Freeipa-users] ipa-server-install problem In-Reply-To: <51BB1C7D.8050801@gmail.com> References: <51BB1C7D.8050801@gmail.com> Message-ID: <51BB2941.5070405@redhat.com> On 06/14/2013 03:37 PM, Josh wrote: > I'm trying to install freeipa on RHEL6.4 running version > ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the > "Configuration of CA failed". I believe the problem is that the python > used to generate the perl command doesn't wrap any of the arguments in > quotes. The command doesn't go through the shell so quoting is not necessary. I can see how the the log line is confusing, though; I filed https://fedorahosted.org/freeipa/ticket/3724. > [1/20]: creating certificate server user > ipa : DEBUG ca user pkiuser exists > ipa : DEBUG duration: 0 seconds > ipa : DEBUG [2/20]: configuring certificate server instance > [2/20]: configuring certificate server instance > ipa : DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA > -cs_hostname jokajak.example.com -cs_port 9445 -client_certdb_dir > /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX -preop_pin > 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin -admin_email > root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent > -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject > CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host jokajak.example.com -ldap_port > 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn > o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm > SHA256withRSA > -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name > internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM > -ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM > -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM > -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM > -external false -clone false > ipa : DEBUG stdout=libpath=/usr/lib64 > ####################################################################### > > ####################################################################### > > ipa : DEBUG stderr=sh: -c: line 0: syntax error near > unexpected token `)' > sh: -c: line 0: `java -cp > /usr/share/java/pki/pki-silent.jar:/usr/share/java/pki/pki-certsrv.jar:/usr/share/java/pki/pki-cmscore.jar:/usr/share/java/pki/pki-nsutil.jar:/usr/share/java/pki/pki-cmsutil.jar:/usr/share/java/pki/pki-tools.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/xerces-j2.jar:/usr/share/java/xml-commons-apis.jar:/usr/share/java/xml-commons-resolver.jar:/usr/lib/java/dirsec/jss4.jar:/usr/lib/java/jss4.jar:/usr/lib/java/dirsec/osutil.jar:/usr/lib/java/osutil.jar: > ConfigureCA -cs_hostname jokajak.example.com -cs_port 9445 > -client_certdb_dir /tmp/tmp-nRzpxE -client_certdb_pwd XXXXXXXX > -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name IPA -admin_user admin > -admin_email root at localhost -admin_password XXXXXXXX -agent_name > ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa > -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host > jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager > -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 > -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd > XXXXXXXX -subsystem_name pki-cad -token_name internal > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM > -ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM > -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM > -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM > -external false -clone false' > > ipa : CRITICAL failed to configure ca instance Command > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname > jokajak.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-nRzpxE > -client_certdb_pwd XXXXXXXX -preop_pin 5czI1yO2iWaHLp2WlffW -domain_name > IPA -admin_user admin -admin_email root at localhost -admin_password > XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type > rsa -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM -ldap_host > jokajak.example.com -ldap_port 7389 -bind_dn cn=Directory Manager > -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 > -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd > XXXXXXXX -subsystem_name pki-cad -token_name internal > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_subsystem_cert_subject_name CN=CA Subsystem,O=EXAMPLE.COM > -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=EXAMPLE.COM > -ca_server_cert_subject_name CN=jokajak.example.com,O=EXAMPLE.COM > -ca_audit_signing_cert_subject_name CN=CA Audit,O=EXAMPLE.COM > -ca_sign_cert_subject_name CN=Certificate Authority,O=EXAMPLE.COM > -external false -clone false' returned non-zero exit status 255 > ipa : INFO File > "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", > line 614, in run_script > return_value = main_function() > > File "/usr/sbin/ipa-server-install", line 942, in main > subject_base=options.subject) > > File > "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line > 617, in configure_instance > self.start_creation(runtime=210) > > File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", > line 358, in start_creation > method() > > File > "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line > 879, in __configure_instance > raise RuntimeError('Configuration of CA failed') > > ipa : INFO The ipa-server-install command failed, exception: > RuntimeError: Configuration of CA failed > Configuration of CA failed > > Any recommendations on how to proceed? > > Thanks, > -josh Adding Ade (a Dogtag developer) to CC, he might be able to help. -- Petr? From gmatz at collective.com Fri Jun 14 14:43:44 2013 From: gmatz at collective.com (Guy Matz) Date: Fri, 14 Jun 2013 14:43:44 +0000 Subject: [Freeipa-users] Ubuntu precise client install - References: <8472F90C3727F143A32CAF760BBE7CBC04CC31A5@MBX023-W1-CA-6.exch023.domain.local> Message-ID: <8472F90C3727F143A32CAF760BBE7CBC04CC56C5@MBX023-W1-CA-6.exch023.domain.local> Yeah, ubuntu's ipa-client doesn't work for 12.04. I wish it had been easier to find this out, but you can benefit from my weeks of hard work! :-) install the ipa client from the freeIPA PPA: apt-add-repository ppa:freeipa/ppa You'll also need the sssd updates PPA: apt-add-repository ppa:sssd/updates Run apt-get update, then apt-get -y install openssh-server freeipa-client sssd That may work. If it doesn't install those packages, run apt-get dist-upgrade. Next run ipa-client install. You need to add a -N so that it doesn't check for ntp. That's broken on ubuntu for some reason. If the install doesn't work, and it tells you to uninstall first, check for /etc/ipa/default.conf and remove it. If it still doesn't work, remove the files under /var/lib/ipa-client/sysrestore/ and run the ipa-client install again. You'll get many warning & error messages, even with a successful install. After install you can do a "ipa host-find host.domain" on your ipa server and you should see "Keytab: True" restart sssd to get ssh authentication to work. The ubuntu client install does not seem to do anything with the --mkhomedir switch, so you need to do that yourself. create the file /usr/share/pam-configs/mkhomedir with the contents: Name: activate mkhomedir Default: yes Priority: 900 Session-Type: Additional Session: required pam_mkhomedir.so umask=0022 skel=/etc/skel and run pam-auth-update That should do it. MANY thanks to tjaalton of ubuntu-freeipa for helping me out with most of this!! On 06/13/2013 06:47 PM, Marcelo Carvalho wrote: My first question is answered. It took aa "ipa-client-install --uninstall" to clean up all the mess done up to now and a new ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx --realm=XXXXXX.XXX It is working on the CentOS 6.4 but this did not clean the mess at the Ubuntu node. On Thu, Jun 13, 2013 at 3:24 PM, Marcelo Carvalho > wrote: Sorry I do not use Ubuntu as my main desktop, and got confused by it. All files are in /home/root-local. I can login as root-local from the console using the local password. From the GUI it show name and does not allow me to login with either the local passwd nor the IPA one. On Thu, Jun 13, 2013 at 2:48 PM, Marcelo Carvalho > wrote: "It shows on the Login GUI" I meant. On Thu, Jun 13, 2013 at 2:47 PM, Marcelo Carvalho > wrote: Ubuntu 12.04.2 This is a box I use very often for testing and now after the ipa-client-install and a reboot, I complete lost my local user. I show on the Login GUI but does not allow me to authenticate any password, not the IPA one not the local user one. In fact I just logged as root and the local user is not even listed on the passwd file and there is NO files left on the /home/user directory. /home/user is empty, but exist. On Thu, Jun 13, 2013 at 2:21 PM, Guy Matz > wrote: Which version of ubuntu are you using? On 06/13/2013 04:12 PM, Marcelo Carvalho wrote: > Hi Folks. > > I have installed an ipa server and a replica on linux CentOS release > 6.4 (Final). It is using outside DNS. I have https console access > authenticating admin user through kerberos, and have migrated > information on 80+ users and groups to it from a LDAP server. > > Packages related to ipa installed at main server are: > > [root ~]# rpm -qa | grep ipa > ipa-server-selinux-3.0.0-26.el6_4.2.x86_64 > ipa-pki-ca-theme-9.0.3-7.el6.noarch > libipa_hbac-1.9.2-82.el6.x86_64 > ipa-python-3.0.0-26.el6_4.2.x86_64 > ipa-admintools-3.0.0-26.el6_4.2.x86_64 > ipa-client-3.0.0-26.el6_4.2.x86_64 > python-iniparse-0.3.1-2.1.el6.noarch > ipa-pki-common-theme-9.0.3-7.el6.noarch > libipa_hbac-python-1.9.2-82.el6.x86_64 > ipa-server-3.0.0-26.el6_4.2.x86_64 > [root ~]# > > I am now on the process of installing a CentOS 6.4 as IPA client, and > switch my Ubuntu desktop to use IPA as well. > > 1- On the CentOS 6.4 as IPA client: > > Packages installed are: > > $ rpm -qa | grep ipa > ipa-client-3.0.0-26.el6_4.2.x86_64 > ipa-python-3.0.0-26.el6_4.2.x86_64 > python-iniparse-0.3.1-2.1.el6.noarch > libipa_hbac-python-1.9.2-82.el6.x86_64 > libipa_hbac-1.9.2-82.el6.x86_64 > > > I run installation line as follows and > > ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx > --realm=XXXXXX.XXX > > Id did go well and I see output line: > > Client configuration complete. > > Although all of the above I still cannot login into this new node > using IPA. It still checks the local users. > > > 2- On the Ubunto desktop > > I am locked out. It now does not accept my IPA user-passwd not my > local-user-passwd. > > Please advise on both. > > Many thanks, > > Marcelo > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From erinn.looneytriggs at gmail.com Fri Jun 14 15:59:56 2013 From: erinn.looneytriggs at gmail.com (Erinn Looney-Triggs) Date: Fri, 14 Jun 2013 11:59:56 -0400 Subject: [Freeipa-users] Replacing CA Certificate Message-ID: <51BB3DFC.9090108@gmail.com> So my CA certificate in IPA is a subordinate certificate of an AD CS instance. These certificates by default are only valid for two years, and mine will be up come this December. So, I am looking for a way to replace this certificate in IPA. Any thoughts? -Erinn -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 555 bytes Desc: OpenPGP digital signature URL: From joaquimdecarvalho at gmail.com Fri Jun 14 23:14:21 2013 From: joaquimdecarvalho at gmail.com (Marcelo Carvalho) Date: Fri, 14 Jun 2013 16:14:21 -0700 Subject: [Freeipa-users] ldap_bind: Invalid credentials (49) Message-ID: Hi Folks. Keeping on installing IPA server now on phase "Setting the NIS Port for Identity Management," I am having "ldapmodify" returning me "ldap_bind: Invalid credentials (49)" error. I have used the two credentials I have set to the IPA server, admin and root but not avail. [root at ipaserver ~]# ldapmodify -x -D 'cn=directory manager' -W Enter LDAP Password: <=== Used IPA admin passwd ldap_bind: Invalid credentials (49) [root at ipaserver201 ~]# [root at ipaserver ~]# ldapmodify -x -D 'cn=directory manager' -W Enter LDAP Password: <=== Used IPA root passwd ldap_bind: Invalid credentials (49) [root at ipaserver201 ~]# I am out of options. Have not set any other passwd on the installation process. What would be the expected passwd? Please advise. Many thanks, Marcelo -------------- next part -------------- An HTML attachment was scrubbed... URL: From arpittolani at gmail.com Sat Jun 15 16:57:58 2013 From: arpittolani at gmail.com (Arpit Tolani) Date: Sat, 15 Jun 2013 22:27:58 +0530 Subject: [Freeipa-users] ldap_bind: Invalid credentials (49) In-Reply-To: References: Message-ID: Hey On Sat, Jun 15, 2013 at 4:44 AM, Marcelo Carvalho < joaquimdecarvalho at gmail.com> wrote: > > Hi Folks. > > Keeping on installing IPA server now on phase "Setting the NIS Port for > Identity Management," I am having "ldapmodify" returning me "ldap_bind: > Invalid credentials (49)" error. > > I have used the two credentials I have set to the IPA server, admin and > root but not avail. > > > [root at ipaserver ~]# ldapmodify -x -D 'cn=directory manager' -W > Enter LDAP Password: <=== Used IPA admin passwd > ldap_bind: Invalid credentials (49) > [root at ipaserver201 ~]# > > > [root at ipaserver ~]# ldapmodify -x -D 'cn=directory manager' -W > Enter LDAP Password: <=== Used IPA root passwd > ldap_bind: Invalid credentials (49) > [root at ipaserver201 ~]# > > When you install IPA server, It ask two password. Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: <---- -First Password is for Directory Manager Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: <----- Second Password is for IPA admin Password (confirm): Try with second password, If you have missed it, Reset the password using. https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Installation_Guide/Installation_Guide-Common_Usage-Resetting_Passwords.html > > I am out of options. Have not set any other passwd on the installation > process. What would be the expected passwd? > > Please advise. > > Many thanks, > > Marcelo > > > Regards Arpit Tolani -------------- next part -------------- An HTML attachment was scrubbed... URL: From kanagaraj.rk at gmail.com Sun Jun 16 06:19:18 2013 From: kanagaraj.rk at gmail.com (RK RK) Date: Sun, 16 Jun 2013 11:49:18 +0530 Subject: [Freeipa-users] Can we block usb access to users Message-ID: Hi all, I am beginner to IPA. Just now I configured IPA in my test environment. We just want to deploy it in production within couple of weeks after understanding most things in IPA. One thing I want to know is can we block the access to USB storage devices like(pendrive, usb-CDROM etc.,) for normal users who are logging into client machines in the IPA domain. If yes please tell me how? or else please suggest any other solution to achieve this. Thanks in advance! -- With Regards, RK, +91 9840483044 -------------- next part -------------- An HTML attachment was scrubbed... URL: From chorn at fluxcoil.net Sun Jun 16 06:29:47 2013 From: chorn at fluxcoil.net (Christian Horn) Date: Sun, 16 Jun 2013 08:29:47 +0200 Subject: [Freeipa-users] Can we block usb access to users In-Reply-To: References: Message-ID: <20130616062947.GA2039@fluxcoil.net> Hi, On Sun, Jun 16, 2013 at 11:49:18AM +0530, RK RK wrote: > > One thing I want to know is can we block the access to USB storage devices > like(pendrive, usb-CDROM etc.,) for normal users who are logging into > client machines in the IPA domain. This is more about systems administration than IPA. You might want to prevent the usb storage kernel module from beeing loaded. Christian From natxo.asenjo at gmail.com Sun Jun 16 12:02:21 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Sun, 16 Jun 2013 14:02:21 +0200 Subject: [Freeipa-users] Can we block usb access to users In-Reply-To: <20130616062947.GA2039@fluxcoil.net> References: <20130616062947.GA2039@fluxcoil.net> Message-ID: Op 16 jun. 2013 08:31 schreef "Christian Horn" het volgende: > > Hi, > > On Sun, Jun 16, 2013 at 11:49:18AM +0530, RK RK wrote: > > > > One thing I want to know is can we block the access to USB storage devices > > like(pendrive, usb-CDROM etc.,) for normal users who are logging into > > client machines in the IPA domain. > > This is more about systems administration than IPA. > You might want to prevent the usb storage kernel module from beeing > loaded. > > Christian If you do that it will not be available for anybody :-) I guess you could get something like what the op wants using policy kit probably. > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From SteveD at redhat.com Fri Jun 14 20:13:37 2013 From: SteveD at redhat.com (Steve Dickson) Date: Fri, 14 Jun 2013 16:13:37 -0400 Subject: [Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work In-Reply-To: <53DB8A94-C71C-45D2-86AD-004F7A13AA59@monkey.org> References: <53DB8A94-C71C-45D2-86AD-004F7A13AA59@monkey.org> Message-ID: <51BB7971.1080001@RedHat.com> The $subject says it all... Any ideas what is going on here? steved. -------- Original Message -------- So yum install works, but 'ipa-server-install' fails every time - I've tried debugging but i think i've gone as far as i can down the pki tomcat rabbit hole: Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/20]: creating certificate server user [2/20]: configuring certificate server instance ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI' returned non-zero exit status 1 Configuration of CA failed >From the install log: 2013-06-14T16:54:45Z DEBUG Starting external process 2013-06-14T16:54:45Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI 2013-06-14T16:54:51Z DEBUG Process finished, return code=1 2013-06-14T16:54:51Z DEBUG stdout=Loading deployment configuration from /tmp/tmpO2lDxI. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. Installation failed. 2013-06-14T16:54:51Z DEBUG stderr= 2013-06-14T16:54:51Z CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI' returned non-zero exit status 1 2013-06-14T16:54:51Z INFO File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 616, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 1025, in main dm_password, subject_base=options.subject) File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 617, in configure_instance self.start_creation(runtime=210) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 363, in start_creation method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 736, in __spawn_instance raise RuntimeError('Configuration of CA failed') 2013-06-14T16:54:51Z INFO The ipa-server-install command failed, exception: RuntimeError: Configuration of CA failed Running that command by hand exposes a different bug: /usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI ERROR: File '/tmp/tmpO2lDxI' is either missing or is NOT a regular file! Traceback (most recent call last): File "/usr/sbin/pkispawn", line 424, in main(sys.argv) File "/usr/sbin/pkispawn", line 122, in main parser.validate() File "/usr/lib/python2.7/site-packages/pki/deployment/pkiparser.py", line 153, in validate parser.arg_parser.print_help() NameError: global name 'parser' is not defined the fix is two places where "parser." needs to be changed to "self." but that is just an error in an error path? -dros From abokovoy at redhat.com Mon Jun 17 13:33:24 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 17 Jun 2013 16:33:24 +0300 Subject: [Freeipa-users] Fwd: FreeIPA on Fedora 19 won't work In-Reply-To: <51BB7971.1080001@RedHat.com> References: <53DB8A94-C71C-45D2-86AD-004F7A13AA59@monkey.org> <51BB7971.1080001@RedHat.com> Message-ID: <20130617133324.GA24492@redhat.com> On Fri, 14 Jun 2013, Steve Dickson wrote: >The $subject says it all... Any ideas what is going on here? I did fresh install right now on a up to date F19 VM and experienced no problem whatsoever. There were updates in pki-* and 389-ds-* packages over weekend. >2013-06-14T16:54:45Z DEBUG Starting external process >2013-06-14T16:54:45Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpO2lDxI >2013-06-14T16:54:51Z DEBUG Process finished, return code=1 >2013-06-14T16:54:51Z DEBUG stdout=Loading deployment configuration from /tmp/tmpO2lDxI. ^^^ The date corresponds to Friday last week, also there was issue with metadata information in Fedora 19 and Rawhide repositories which prevented proper packages propagating. Please try up to date packages from update-testing as of Monday. -- / Alexander Bokovoy From aly.khimji at gmail.com Mon Jun 17 14:16:19 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Mon, 17 Jun 2013 10:16:19 -0400 Subject: [Freeipa-users] ID via Trust Message-ID: Hey guys, So I am getting ready to hopefully roll this out for a demo in our non-prod environment prior to going prod is all works. The purpose of this setup is to allow for elevated access via AD grouping through a trust. Please see below because I get different results on different machines, all on the same network. Can you please advise what you would need from me to help diagnose this issue? Thank you so much, Aly IDM-server: -sh-4.1$ id uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 -sh-4.1$ hostname didmsvrua01.nix.corpnonprd.xxxx.com CLIENT 1: after login: *id: cannot find name for group ID 59401108* -sh-4.1$ hostname rhidmclient.nix.corpnonprd.xxxx.com -sh-4.1$ id uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108 groups=59401108,59400512,59400513,59401123,162200012(mirra-supapp-admin-nix-cde) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 CLIENT 2:(this is the only correct output) -sh-4.1$ id uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain admins at corpnonprd.xxxx.com),59400513(domain users at corpnonprd.xxxx.com ),59401123(mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com),162200012(mirra-supapp-admin-nix-cde) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 -sh-4.1$ hostname utkpciu11 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbose at redhat.com Mon Jun 17 15:21:07 2013 From: sbose at redhat.com (Sumit Bose) Date: Mon, 17 Jun 2013 17:21:07 +0200 Subject: [Freeipa-users] ID via Trust In-Reply-To: References: Message-ID: <20130617152107.GD27655@localhost.localdomain> On Mon, Jun 17, 2013 at 10:16:19AM -0400, Aly Khimji wrote: > Hey guys, > So I am getting ready to hopefully roll this out for a demo in our non-prod > environment prior to going prod is all works. The purpose of this setup is > to allow for elevated access via AD grouping through a trust. Please see > below because I get different results on different machines, all on the > same network. > > Can you please advise what you would need from me to help diagnose this > issue? To avoid excessive searches on the AD side the group memberships of a user are only evaluated with the help of the MS-PAC in the Kerberos ticket when the user logs into a host (Windows clients do basically the same). As a result only on hosts where the user already logged in once id shows all groups the user is member of. > > Thank you so much, > > Aly > > > IDM-server: > -sh-4.1$ id > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > akhimji at corpnonprd.xxxx.com) groups=59401108(akhimji at corpnonprd.xxxx.com) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > -sh-4.1$ hostname > didmsvrua01.nix.corpnonprd.xxxx.com I think processing the PAC failed on this host. The logs of the PAC responder can be found in /var/log/sssd/sssd_pac.log. How did you log in to the system, ssh, gdm, console? > > CLIENT 1: > after login: > *id: cannot find name for group ID 59401108* > -sh-4.1$ hostname > rhidmclient.nix.corpnonprd.xxxx.com > -sh-4.1$ id > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108 > groups=59401108,59400512,59400513,59401123,162200012(mirra-supapp-admin-nix-cde) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 On this host processing of the PAC was successful, i.e all group memberships are known, but some group names could not be resolved. Here /var/log/sssd/sssd_ipa.domain.log has the needed debug output. bye, Sumit > > CLIENT 2:(this is the only correct output) > -sh-4.1$ id > uid=59401108(akhimji at corpnonprd.xxxx.com) gid=59401108( > akhimji at corpnonprd.xxxx.com) > groups=59401108(akhimji at corpnonprd.xxxx.com),59400512(domain > admins at corpnonprd.xxxx.com),59400513(domain users at corpnonprd.xxxx.com > ),59401123(mirra-supapp-admin-corp-uat at corpnonprd.xxxx.com),162200012(mirra-supapp-admin-nix-cde) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > -sh-4.1$ hostname > utkpciu11 > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From rcritten at redhat.com Mon Jun 17 15:48:46 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 17 Jun 2013 11:48:46 -0400 Subject: [Freeipa-users] Can we block usb access to users In-Reply-To: References: Message-ID: <51BF2FDE.1000400@redhat.com> RK RK wrote: > Hi all, > > I am beginner to IPA. Just now I configured IPA in my test environment. > We just want to deploy it in production within couple of weeks after > understanding most things in IPA. > > One thing I want to know is can we block the access to USB storage > devices like(pendrive, usb-CDROM etc.,) for normal users who are logging > into client machines in the IPA domain. > > If yes please tell me how? or else please suggest any other solution to > achieve this. Just throwing this out as an idea, but IPA supports assigning a different SELinux context per-user, so in theory if you had a context that didn't allow access to USB you could use that. By default, users are unconfined_u when logging in. This might require tweaking SELinux policy and shipping that around to all the hosts, something that IPA doesn't help with right now (though something like puppet might). rob From gmatz at collective.com Mon Jun 17 17:03:27 2013 From: gmatz at collective.com (Guy Matz) Date: Mon, 17 Jun 2013 17:03:27 +0000 Subject: [Freeipa-users] upgrade question Message-ID: <8472F90C3727F143A32CAF760BBE7CBC04CC67DF@MBX023-W1-CA-6.exch023.domain.local> Hello! I am thinking about upgrading from 2.2 -> 3.0.0-26.el6_4.4 and am wondering if there are any compelling reasons to do so. I've looked around for a changelog for 2.2 -> 3, but couldn't find anything . . . Thanks a lot, Guy From rcritten at redhat.com Mon Jun 17 17:13:12 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 17 Jun 2013 13:13:12 -0400 Subject: [Freeipa-users] upgrade question In-Reply-To: <8472F90C3727F143A32CAF760BBE7CBC04CC67DF@MBX023-W1-CA-6.exch023.domain.local> References: <8472F90C3727F143A32CAF760BBE7CBC04CC67DF@MBX023-W1-CA-6.exch023.domain.local> Message-ID: <51BF43A8.6040807@redhat.com> Guy Matz wrote: > Hello! I am thinking about upgrading from 2.2 -> 3.0.0-26.el6_4.4 and > am wondering if there are any compelling reasons to do so. I've looked > around for a changelog for 2.2 -> 3, but couldn't find anything . . . You can find out what changed by looking at the upstream News page at http://www.freeipa.org/page/News . Each release has a changelog associated with it, though the highlights are probably what you'll want to focus on. The 3.0.0 in 6.4 has some of the bug fixes from the 3.1.0 upstream release but none of the new features. rob From dpal at redhat.com Tue Jun 18 00:24:58 2013 From: dpal at redhat.com (Dmitri Pal) Date: Mon, 17 Jun 2013 20:24:58 -0400 Subject: [Freeipa-users] Can we block usb access to users In-Reply-To: References: <20130616062947.GA2039@fluxcoil.net> Message-ID: <51BFA8DA.4020701@redhat.com> On 06/16/2013 08:02 AM, Natxo Asenjo wrote: > > > Op 16 jun. 2013 08:31 schreef "Christian Horn" > het volgende: > > > > Hi, > > > > On Sun, Jun 16, 2013 at 11:49:18AM +0530, RK RK wrote: > > > > > > One thing I want to know is can we block the access to USB storage > devices > > > like(pendrive, usb-CDROM etc.,) for normal users who are logging into > > > client machines in the IPA domain. > > > > This is more about systems administration than IPA. > > You might want to prevent the usb storage kernel module from beeing > > loaded. > > > > Christian > > If you do that it will not be available for anybody :-) > > I guess you could get something like what the op wants using policy > kit probably. > Correct, I checked with the polkit team once several months ago. They said yes, just create a polkit rule. But we have not gone beyond that. > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Tue Jun 18 00:28:40 2013 From: dpal at redhat.com (Dmitri Pal) Date: Mon, 17 Jun 2013 20:28:40 -0400 Subject: [Freeipa-users] Replacing CA Certificate In-Reply-To: <51BB3DFC.9090108@gmail.com> References: <51BB3DFC.9090108@gmail.com> Message-ID: <51BFA9B8.9050301@redhat.com> On 06/14/2013 11:59 AM, Erinn Looney-Triggs wrote: > So my CA certificate in IPA is a subordinate certificate of an AD CS > instance. These certificates by default are only valid for two years, > and mine will be up come this December. > > So, I am looking for a way to replace this certificate in IPA. We would need to come up with something this fall to help you. > > Any thoughts? > > -Erinn > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From leah_zimmermann at web.de Tue Jun 18 06:00:02 2013 From: leah_zimmermann at web.de (Leah Zimmermann) Date: Tue, 18 Jun 2013 08:00:02 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <20130614070853.GO4317@localhost.localdomain> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> <20130613071814.GF4317@localhost.localdomain> <51B9B1CA.7090209@web.de> <20130614070853.GO4317@localhost.localdomain> Message-ID: <51BFF762.2020900@web.de> On 06/14/2013 09:08 AM, Sumit Bose wrote: > On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote: >> Hello Sumit, >> Hello List Members, >> >> Am 13.06.2013 09:18, schrieb Sumit Bose: >>> On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: >>>> Am 12.06.2013 12:03, schrieb Sumit Bose: >>>>> On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: >>>>>> Dear List Members, >>>>>> >>>>>> I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted >>>>>> relationship to an AD-Domain. >>>>>> The users of the AD-Domain can login via ssh- or console-login. Then >>>>>> they can start the gnome desktop manually. But if they login via gdm >>>>>> they logged out immediatly. >>>>> Which name style are you using 'AD_NETBIOS\username' or >>>>> 'username at AD_DOMAIN' ? If you only tried one can you try the other? >>>> until now I tried only 'username at AD_DOMAIN', but >>>> 'AD_NETBIOS\username' does not work as well. >>>>> If this does not help, please send the relevant section of >>>>> /var/Log/secure and the sssd logs with a high debug level. >>>>> >>>>> >>>> As far as I can see, both styles causing the same results. >>>> >>>> Jun 12 13:27:56 ipa_hostname pam: gdm-password: >>>> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >>>> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >>>> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >>>> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >>>> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >>>> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >>>> pam_unix(gdm-password:session): session opened for user >>>> leah at AD_DOMAIN by (uid=0) >>>> Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered >>>> Authentication Agent for session >>>> /org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, >>>> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >>>> de_DE.UTF-8) (disconnected from bus) >>>> Jun 12 13:27:58 ipa_hostname pam: gdm-password: >>>> pam_unix(gdm-password:session): session closed for user >>>> leah at AD_DOMAIN >>>> Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered >>>> Authentication Agent for session >>>> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 >>>> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >>>> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >>>> >>>> >>>> Jun 12 13:32:56 ipa_hostname pam: gdm-password: >>>> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >>>> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >>>> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>> pam_unix(gdm-password:session): session opened for user >>>> AD_NETBIOS\leah by (uid=0) >>>> Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered >>>> Authentication Agent for session >>>> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, >>>> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >>>> de_DE.UTF-8) (disconnected from bus) >>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>> pam_unix(gdm-password:session): session closed for user >>>> AD_NETBIOS\leah >>>> Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered >>>> Authentication Agent for session >>>> /org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 >>>> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >>>> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >>>> >>>> May be the Unregistered Authentication Agent is the problem. But >>>> what I have missed to do? >>> Do you have SELinux enabled? Can you check if there any audit messages >>> with DELinux denials? Can you check if the SELinux context of the users >>> home directory is right? >> SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux. >> I did that already, for eleminating this as the source of difficulties. >> I'm sorry. May be, I should have mentioned this earlier. >> >> If I set it to permissive mode I get >> >> drwxr-xr-x. leah at ad_domain leah at ad_domain >> unconfined_u:object_r:user_home_t:s0 leah >> drwxr-xr-x. user_xy at ad_domain user_xy at ad_domain >> unconfined_u:object_r:user_home_t:s0 user_xy >> ... >> >> All home directories of AD-Users looks like this. > The labels look good. Since this issue seems to be happen during the > open-session PAM step I'm quite confident that it is not related to > FreeIPA or SSSD, because they do not handle open-session. Do the log > files in /var/log/gdm contain any other information? Can you send your > gdm-passwd PAM configuration file and all include ones (password-auth) > to see if there is anything odd? ok, here are the files. Hopefully I haven't missed shomething. I cut out only the lines, which are appearing as soon as i logged in. The complete logs are really huge. ########### /etc/pam.d/gdm-password auth [success=done ignore=ignore default=bad] pam_selinux_permit.so auth substack password-auth auth optional pam_gnome_keyring.so account required pam_nologin.so account include password-auth password substack password-auth password optional pam_gnome_keyring.so session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session optional pam_gnome_keyring.so auto_start session include password-auth ########### /etc/pam.d/password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so ########### /var/log/Xorg.0.log: [316000.576] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 1 connected from local host ( uid=0 gid=0 pid=20544 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.587] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 2 connected from local host ( uid=0 gid=0 pid=20550 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.592] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 2 disconnected [316000.603] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 2 connected from local host ( uid=0 gid=0 pid=20552 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.630] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 2 disconnected [316000.633] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 2 connected from local host ( uid=0 gid=0 pid=20555 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.633] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 2 disconnected [316000.694] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 2 connected from local host ( uid=42 gid=42 pid=20561 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.709] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 3 connected from local host ( uid=42 gid=42 pid=20564 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.723] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 4 connected from local host ( uid=42 gid=42 pid=20566 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.868] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 6 connected from local host ( uid=42 gid=42 pid=20574 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.870] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 5 connected from local host ( uid=42 gid=42 pid=20571 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.963] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 7 connected from local host ( uid=42 gid=42 pid=20582 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316000.964] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 7 disconnected [316001.035] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 7 connected from local host ( uid=42 gid=42 pid=20566 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.042] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 8 connected from local host ( uid=42 gid=42 pid=20574 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.048] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 9 connected from local host ( uid=42 gid=42 pid=20586 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.069] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 10 connected from local host ( uid=42 gid=42 pid=20586 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.113] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 11 connected from local host ( uid=42 gid=42 pid=20574 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.117] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 11 disconnected [316001.184] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 12 connected from local host ( uid=42 gid=42 pid=20587 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.219] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 13 connected from local host ( uid=42 gid=42 pid=20588 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.226] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 14 connected from local host ( uid=42 gid=42 pid=20590 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.230] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 15 connected from local host ( uid=42 gid=42 pid=20591 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.240] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 16 connected from local host ( uid=42 gid=42 pid=20589 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.257] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 17 connected from local host ( uid=42 gid=42 pid=20587 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.285] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 18 connected from local host ( uid=42 gid=42 pid=20588 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.291] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 19 connected from local host ( uid=42 gid=42 pid=20591 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.296] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 20 connected from local host ( uid=42 gid=42 pid=20590 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.304] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 21 connected from local host ( uid=42 gid=42 pid=20589 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.359] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 22 connected from local host ( uid=42 gid=42 pid=20591 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.360] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 22 disconnected [316001.378] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 19 disconnected [316001.382] AUDIT: Tue Jun 18 07:33:17 2013: 20546: client 15 disconnected [316001.423] AUDIT: Tue Jun 18 07:33:18 2013: 20546: client 17 disconnected [316001.424] AUDIT: Tue Jun 18 07:33:18 2013: 20546: client 12 disconnected [316001.432] AUDIT: Tue Jun 18 07:33:18 2013: 20546: client 12 connected from local host ( uid=42 gid=42 pid=20595 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316001.481] AUDIT: Tue Jun 18 07:33:18 2013: 20546: client 15 connected from local host ( uid=42 gid=42 pid=20595 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [316031.299] AUDIT: Tue Jun 18 07:33:47 2013: 20546: client 15 disconnected [316031.299] AUDIT: Tue Jun 18 07:33:47 2013: 20546: client 12 disconnected ########### /var/log/gdm/\:0.log AUDIT: Tue Jun 18 07:32:55 2013: 17438: client 11 connected from local host ( uid=0 gid=0 pid=17436 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 17 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 21 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 18 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 15 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 5 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 20 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 8 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 16 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 7 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 10 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 4 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 9 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 6 disconnected AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 4 connected from local host ( uid=0 gid=0 pid=20521 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 AUDIT: Tue Jun 18 07:33:15 2013: 17438: client 4 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 4 connected from local host ( uid=907001104 gid=907001104 pid=20525 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 4 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 4 connected from local host ( uid=907001104 gid=907001104 pid=20526 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 4 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 4 connected from local host ( uid=907001104 gid=907001104 pid=20528 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 5 connected from local host ( uid=907001104 gid=907001104 pid=20531 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 6 connected from local host ( uid=907001104 gid=907001104 pid=20536 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 6 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 1 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 2 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 3 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 4 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 5 disconnected AUDIT: Tue Jun 18 07:33:16 2013: 17438: client 11 disconnected (II) evdev: ImExPS/2 Generic Explorer Mouse: Close (II) evdev: Macintosh mouse button emulation: Close (II) evdev: Power Button: Close (II) evdev: AT Translated Set 2 keyboard: Close Server terminated successfully (0). Closing log file. ########### /var/log/gdm/\:0-greeter.log: Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1c0002b (Login Wind) Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed. Window manager warning: CurrentTime used to choose focus window; focus window may not be correct. Window manager warning: Got a request to focus the no_focus_window with a timestamp of 0. This shouldn't happen! ########### /var/log/gdm/\:0-slave.log is empty Thanks Leah From lukas.bezdicka at gooddata.com Tue Jun 18 07:24:35 2013 From: lukas.bezdicka at gooddata.com (=?UTF-8?B?THVrw6HFoSBCZXpkacSNa2E=?=) Date: Tue, 18 Jun 2013 09:24:35 +0200 Subject: [Freeipa-users] Replacing CA Certificate In-Reply-To: <51BFA9B8.9050301@redhat.com> References: <51BB3DFC.9090108@gmail.com> <51BFA9B8.9050301@redhat.com> Message-ID: We were playing with rotating CA for FreeIPA as an DR procedure. I wouldn't use this how to unless completely necessary as it will mean many manual tasks on your infrastructure. But to know how it could be done: 1) ipa backup: /var/lib/dirsrv/scripts-KOKOTINA/db2bak.pl -v -D "cn=directory manager" -w - Bind Password: Back up directory: /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46 ldap_initialize( ldap://velka.kokotina:389 ) add objectclass: top extensibleObject add cn: backup_2013_2_21_20_17_46 add nsArchiveDir: /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46 add nsDatabaseType: ldbm database adding new entry "cn=backup_2013_2_21_20_17_46, cn=backup, cn=tasks, cn=config" modify complete 2) copy backup elsewhere, reinstall FreeIPA with new CA 3) BACKUP: cn=CAcert,cn=ipa,cn=etc,dc=kokotina from new CA 4) restore: /var/lib/dirsrv/scripts-KOKOTINA/bak2db.pl -v -D "cn=directory manager" -a /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46/ -w - Bind Password: ldap_initialize( ldap://velka.kokotina:389 ) add objectclass: top extensibleObject add cn: restore_2013_2_21_20_41_53 add nsArchiveDir: /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46/ add nsDatabaseType: ldbm database adding new entry "cn=restore_2013_2_21_20_41_53, cn=restore, cn=tasks, cn=config" modify complete 5) RESTORE: cn=CAcert,cn=ipa,cn=etc,dc=kokotina from BACKUP of NEW CA check logs: less /var/log/dirsrv/slapd-KOKOTINA/errors restart dirsrv: service dirsrv restart restart kdc: /etc/init.d/krb5kdc restart regen httpd keytab: kadmin.local ktadd -k /root/kokotina HTTP/velka.kokotina at KOKOTINA mv kokotina /etc/httpd/conf/ipa.keytab regen ldap keytab: ktadd -k /root/kokot ldap/velka.kokotina at KOKOTINA mv /root/kokot /etc/dirsrv/ds.keytab regen host keytab: ktadd -k /root/picka host/velka.kokotina at KOKOTINA mv picka /etc/krb5.keytab regen named keytab: ktadd -k /root/oink DNS/velka.kokotina at KOKOTINA mv oink /etc/named.keytab resore rights: chown dirsrv:dirsrv /etc/dirsrv/ds.keytab chown apache:apache /etc/httpd/conf/ipa.keytab chown httpd:httpd /etc/httpd/conf/ipa.keytab chmod 600 /etc/dirsrv/ds.keytab chmod 600 /etc/httpd/conf/ipa.keytab chmod 400 /etc/named.keytab restorecon -Rv /etc/ I have note about this procedure that we had issue with httpd and it was solved with: service httpd stop; rm /etc/httpd/conf/ipa.keytab ; ipa-getkeytab ... /etc/httpd/conf/ipa.keytab ; chmod .. ; sudo -u apache /bin/bash ; kdestroy ; exit ; service httpd restart -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Tue Jun 18 15:07:12 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 18 Jun 2013 11:07:12 -0400 Subject: [Freeipa-users] Replacing CA Certificate In-Reply-To: References: <51BB3DFC.9090108@gmail.com> <51BFA9B8.9050301@redhat.com> Message-ID: <51C077A0.9020408@redhat.com> Luk?? Bezdi?ka wrote: > We were playing with rotating CA for FreeIPA as an DR procedure. I > wouldn't use this how to unless completely necessary as it will mean > many manual tasks on your infrastructure. But to know how it could be done: This approach can work. It should be considered a last resort though. Ideally we can renew the CA certificate in-place using its existing private key and things will go a whole lot more smoothly. By re-installing you end up with a new CA but a whole bunch of corner cases. > 1) ipa backup: > /var/lib/dirsrv/scripts-KOKOTINA/db2bak.pl -v -D "cn=directory manager" -w - > Bind Password: > Back up directory: /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46 > ldap_initialize( ldap://velka.kokotina:389 ) > add objectclass: > top > extensibleObject > add cn: > backup_2013_2_21_20_17_46 > add nsArchiveDir: > /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46 > add nsDatabaseType: > ldbm database > adding new entry "cn=backup_2013_2_21_20_17_46, cn=backup, cn=tasks, cn=config" > modify complete > > > 2) copy backup elsewhere, reinstall FreeIPA with new CA > > > 3) BACKUP: > cn=CAcert,cn=ipa,cn=etc,dc=kokotina from new CA > > 4) restore: > /var/lib/dirsrv/scripts-KOKOTINA/bak2db.pl -v -D "cn=directory manager" -a /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46/ -w - > Bind Password: > ldap_initialize( ldap://velka.kokotina:389 ) > add objectclass: > top > extensibleObject > add cn: > restore_2013_2_21_20_41_53 > add nsArchiveDir: > /var/lib/dirsrv/slapd-KOKOTINA/bak/KOKOTINA-2013_2_21_20_17_46/ > add nsDatabaseType: > ldbm database > adding new entry "cn=restore_2013_2_21_20_41_53, cn=restore, cn=tasks, cn=config" > modify complete > > 5) RESTORE: > cn=CAcert,cn=ipa,cn=etc,dc=kokotina from BACKUP of NEW CA > > check logs: > less /var/log/dirsrv/slapd-KOKOTINA/errors > > > > > > > restart dirsrv: > service dirsrv restart > > restart kdc: > /etc/init.d/krb5kdc restart > > regen httpd keytab: > kadmin.local > ktadd -k /root/kokotina HTTP/velka.kokotina at KOKOTINA > mv kokotina /etc/httpd/conf/ipa.keytab For all of these keytab refreshment you can use ipa-getkeytab here and bind using the DM password. It is a lot simpler than kadmin. > regen ldap keytab: > ktadd -k /root/kokot ldap/velka.kokotina at KOKOTINA > mv /root/kokot /etc/dirsrv/ds.keytab > > regen host keytab: > ktadd -k /root/picka host/velka.kokotina at KOKOTINA > mv picka /etc/krb5.keytab > > regen named keytab: > ktadd -k /root/oink DNS/velka.kokotina at KOKOTINA > mv oink /etc/named.keytab > > resore rights: > chown dirsrv:dirsrv /etc/dirsrv/ds.keytab > chown apache:apache /etc/httpd/conf/ipa.keytab > chown httpd:httpd /etc/httpd/conf/ipa.keytab > chmod 600 /etc/dirsrv/ds.keytab > chmod 600 /etc/httpd/conf/ipa.keytab > chmod 400 /etc/named.keytab > restorecon -Rv /etc/ > > > I have note about this procedure that we had issue with httpd and it was > solved with: > service httpd stop; rm /etc/httpd/conf/ipa.keytab ; ipa-getkeytab ... > /etc/httpd/conf/ipa.keytab ; chmod .. ; sudo -u apache /bin/bash ; > kdestroy ; exit ; service httpd restart This works ok for a single IPA installation but once you start adding in replication it gets tricky. I've done these basic steps myself to replace a CA The other part that's missing is any hosts or certificates issued by the old CA. Right now in order to delete or replace a certificate we MUST revoke the old one. That will fail because the new CA won't know anything about the old certs, so you'll need to find any and delete them. Any non-IPA services (and IPA clients) with a cert will need to manually delete and request a new one. Anyone who has visited the old site with a browser will be unhappy too as there is now a new cert with the same subject and serial and different key. I wrote similar, though less detailed, steps in the Development notes section in http://www.freeipa.org/page/V3/Backup_and_Restore regards rob From deanhunter at comcast.net Tue Jun 18 17:12:09 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Tue, 18 Jun 2013 12:12:09 -0500 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? Message-ID: <1371575529.1683.8.camel@developer.hunter.org> I have successfully configured FreeIPA to auto-mount the home directory for FreeIPA users. But on those occasions when I need to login as the local administrator I can not get a home directory: [root at host ~]# ssh local at fedora19 local at fedora19's password: Could not chdir to home directory /home/local: No such file or directory -bash-4.2$ logout Connection to fedora19 closed. [root at host ~]# where local is a member of the wheel group. Where do I start? From jokajak at gmail.com Tue Jun 18 17:23:20 2013 From: jokajak at gmail.com (Josh) Date: Tue, 18 Jun 2013 13:23:20 -0400 Subject: [Freeipa-users] ipa-server-install problem In-Reply-To: <51BB2941.5070405@redhat.com> References: <51BB1C7D.8050801@gmail.com> <51BB2941.5070405@redhat.com> Message-ID: <51C09788.4080606@gmail.com> On 06/14/2013 10:31 AM, Petr Viktorin wrote: > On 06/14/2013 03:37 PM, Josh wrote: >> I'm trying to install freeipa on RHEL6.4 running version >> ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the >> "Configuration of CA failed". I believe the problem is that the python >> used to generate the perl command doesn't wrap any of the arguments in >> quotes. > > The command doesn't go through the shell so quoting is not necessary. > I can see how the the log line is confusing, though; I filed > https://fedorahosted.org/freeipa/ticket/3724. > While that may be true, the attached patch fixed it so that I could run the installer. I agree that according to the code it should not have choked on the spaces because of the subprocess.Popen doesn't specify shell=True. Any ideas why it needed the spaces quoted? -josh > > Adding Ade (a Dogtag developer) to CC, he might be able to help. > -------------- next part -------------- --- cainstance.py 2013-06-18 13:20:02.840964013 -0400 +++ cainstance.py.shell 2013-06-18 13:21:12.879281242 -0400 @@ -806,7 +806,7 @@ class CAInstance(service.Service): "-agent_cert_subject", str(DN(('CN', 'ipa-ca-agent'), self.subject_base)), "-ldap_host", self.fqdn, "-ldap_port", str(self.ds_port), - "-bind_dn", "cn=Directory Manager", + "-bind_dn", ipautil.shell_quote("cn=Directory Manager"), "-bind_password", self.dm_password, "-base_dn", str(self.basedn), "-db_name", "ipaca", @@ -817,12 +817,12 @@ class CAInstance(service.Service): "-backup_pwd", self.admin_password, "-subsystem_name", self.service_name, "-token_name", "internal", - "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA Subsystem'), self.subject_base)), - "-ca_subsystem_cert_subject_name", str(DN(('CN', 'CA Subsystem'), self.subject_base)), - "-ca_ocsp_cert_subject_name", str(DN(('CN', 'OCSP Subsystem'), self.subject_base)), + "-ca_subsystem_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))), + "-ca_subsystem_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Subsystem'), self.subject_base))), + "-ca_ocsp_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'OCSP Subsystem'), self.subject_base))), "-ca_server_cert_subject_name", str(DN(('CN', self.fqdn), self.subject_base)), - "-ca_audit_signing_cert_subject_name", str(DN(('CN', 'CA Audit'), self.subject_base)), - "-ca_sign_cert_subject_name", str(DN(('CN', 'Certificate Authority'), self.subject_base)) ] + "-ca_audit_signing_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'CA Audit'), self.subject_base))), + "-ca_sign_cert_subject_name", ipautil.shell_quote(str(DN(('CN', 'Certificate Authority'), self.subject_base))) ] if self.external == 1: args.append("-external") args.append("true") From tainsworth at vsi-corp.com Tue Jun 18 21:34:08 2013 From: tainsworth at vsi-corp.com (Ainsworth, Thomas) Date: Tue, 18 Jun 2013 17:34:08 -0400 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <1371575529.1683.8.camel@developer.hunter.org> References: <1371575529.1683.8.camel@developer.hunter.org> Message-ID: A couple of things to check (you probably have done this thought)... - Make sure the entry in /etc/nsswitch.conf reads: automount: files sss - Also, do you have a "local" account entry in /etc/passwd? That may confuse things... Tom On Tue, Jun 18, 2013 at 1:12 PM, Dean Hunter wrote: > I have successfully configured FreeIPA to auto-mount the home directory > for FreeIPA users. But on those occasions when I need to login as the > local administrator I can not get a home directory: > > [root at host ~]# ssh local at fedora19 > local at fedora19's password: > Could not chdir to home directory /home/local: No such file or directory > -bash-4.2$ logout > Connection to fedora19 closed. > [root at host ~]# > > where local is a member of the wheel group. Where do I start? > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From deanhunter at comcast.net Tue Jun 18 23:49:05 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Tue, 18 Jun 2013 18:49:05 -0500 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: References: <1371575529.1683.8.camel@developer.hunter.org> Message-ID: <1371599345.1683.15.camel@developer.hunter.org> Thank you for your response. As you suggested I checked /etc/nsswitch.conf. ipa-client-automount left the line looking like: automount: sss files So I changed it to: automount: files sss rebooted and tried again. The results were the same. I also checked /etc/passwd. There is an entry for local which was created by Anaconda during the system build. -----Original Message----- From: "Ainsworth, Thomas" To: Dean Hunter Cc: freeipa-users at redhat.com Subject: Re: [Freeipa-users] Auto-Mount Home Directory for Local Users? Date: Tue, 18 Jun 2013 17:34:08 -0400 A couple of things to check (you probably have done this thought)... - Make sure the entry in /etc/nsswitch.conf reads: automount: files sss - Also, do you have a "local" account entry in /etc/passwd? That may confuse things... Tom On Tue, Jun 18, 2013 at 1:12 PM, Dean Hunter wrote: I have successfully configured FreeIPA to auto-mount the home directory for FreeIPA users. But on those occasions when I need to login as the local administrator I can not get a home directory: [root at host ~]# ssh local at fedora19 local at fedora19's password: Could not chdir to home directory /home/local: No such file or directory -bash-4.2$ logout Connection to fedora19 closed. [root at host ~]# where local is a member of the wheel group. Where do I start? _______________________________________________ Freeipa-users mailing list Freeipa-users at redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua at azariah.com Wed Jun 19 00:09:26 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Tue, 18 Jun 2013 16:09:26 -0800 Subject: [Freeipa-users] Upgrade/Migration steps Message-ID: <2973063.rlmeuNKcsR@hosanna> We are migrating from an ancient FreeIPA 2.0 server to a 3.1.5 server. Is there a documented procedure to export all the data from the 2.0 server and import it into the 3.1.5 server? If I copy files over (PKI DB, main IPA DB, Kerberos stuff), will they be upgraded on next restart, or is it much, much, more complicated than that. So far, I have the rough steps (see attached). But I don't know for sure if that will work. Any ideas or insights? Thanks! j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -------------- next part -------------- # Get the Info # get the PKI db /usr/lib64/dirsrv/slapd-PKI-IPA/db2ldif.pl -D "cn=Directory Manager" -w - -n ipaca # get the main IPA db /var/lib/dirsrv/scripts-LAB-WHAMCLOUD-COM/db2ldif.pl -D 'cn=Directory Manager' -w - -n userRoot #!/bin/sh KERBEROS="/etc/krb5* /etc/sysconfig/kadmin /etc/sysconfig/krb5kdc /var/kerberos" DIRSRV="/etc/dirsrv /var/lib/dirsrv /etc/sysconfig/dirsrv /var/run/dirsrv /var/lock/dirsrv" CERTMONGER="/etc/certmonger /var/lib/certmonger" IPA="/var/lib/ipa /etc/ipa /root/ca* /etc/httpd/conf/ipa.keytab" PATH_LIST="$DIRSRV $CERTMONGER $IPA $KERBEROS" BACKUP_TGZ=/var/tmp/ipa-backup-$(date +%Y%m%d-%H%M%S).tar.gz # Transfer to new system and import cd / tar -cvzf $BACKUP_TGZ $PATH_LIST /usr/lib64/dirsrv/slapd-PKI-IPA/ldif2db.pl -D "cn=Directory Manager" -w - -n ipaca \ -v -i /tmp/restore/var/lib/dirsrv/slapd-PKI-IPA/ldif/PKI-IPA-ipaca-2012_1_30_13_41_51.ldif /var/lib/dirsrv/scripts-LAB-WHAMCLOUD-COM/ldif2db.pl -D "cn=Directory Manager" -w - \ -n userRoot -v \ -i /tmp/restore/var/lib/dirsrv/slapd-LAB-WHAMCLOUD-COM/ldif/LAB-WHAMCLOUD-COM-userRoot-2012_1_30_11_54_25.ldif2db rsync -aP /tmp/restore/var/kerberos/ /var/kerberos/ cp -a /tmp/restore/etc/krb5.keytab /etc cp -a /tmp/restore/etc/dirsrv/ds.keytab /etc/dirsrv cp -a /tmp/restore/etc/httpd/conf/ipa.keytab /etc/httpd/conf cp -a /tmp/restore/root/ca*.p12 /root From bcook at redhat.com Wed Jun 19 06:08:29 2013 From: bcook at redhat.com (Brian Cook) Date: Tue, 18 Jun 2013 23:08:29 -0700 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <1371599345.1683.15.camel@developer.hunter.org> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> Message-ID: Are you trying to mount the network home dirs to /home? I usually do something like create /home/net/ and mount them there. That way local users home dirs do not match an auto mount key. Brian On Jun 18, 2013, at 4:49 PM, Dean Hunter wrote: > Thank you for your response. As you suggested I checked /etc/nsswitch.conf. ipa-client-automount left the line looking like: > > automount: sss files > > So I changed it to: > > automount: files sss > > rebooted and tried again. The results were the same. > > I also checked /etc/passwd. There is an entry for local which was created by Anaconda during the system build. > > -----Original Message----- > From: "Ainsworth, Thomas" > To: Dean Hunter > Cc: freeipa-users at redhat.com > Subject: Re: [Freeipa-users] Auto-Mount Home Directory for Local Users? > Date: Tue, 18 Jun 2013 17:34:08 -0400 > > A couple of things to check (you probably have done this thought)... > > - Make sure the entry in /etc/nsswitch.conf reads: > > automount: files sss > > - Also, do you have a "local" account entry in /etc/passwd? That may confuse things... > > Tom > > On Tue, Jun 18, 2013 at 1:12 PM, Dean Hunter wrote: > I have successfully configured FreeIPA to auto-mount the home directory > for FreeIPA users. But on those occasions when I need to login as the > local administrator I can not get a home directory: > > [root at host ~]# ssh local at fedora19 > local at fedora19's password: > Could not chdir to home directory /home/local: No such file or directory > -bash-4.2$ logout > Connection to fedora19 closed. > [root at host ~]# > > where local is a member of the wheel group. Where do I start? > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Wed Jun 19 06:46:06 2013 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 19 Jun 2013 08:46:06 +0200 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <2973063.rlmeuNKcsR@hosanna> References: <2973063.rlmeuNKcsR@hosanna> Message-ID: <51C153AE.4040708@redhat.com> On 06/19/2013 02:09 AM, Joshua J. Kugler wrote: > We are migrating from an ancient FreeIPA 2.0 server to a 3.1.5 server. Is > there a documented procedure to export all the data from the 2.0 server and > import it into the 3.1.5 server? Not yet (but there will be till the end of June) - you can help us with the guide by providing your feedback on current outline. > > If I copy files over (PKI DB, main IPA DB, Kerberos stuff), will they be > upgraded on next restart, or is it much, much, more complicated than that. There are dragons hidden in procedures like this one - you can easily forget copy something. > > So far, I have the rough steps (see attached). But I don't know for sure if > that will work. > > Any ideas or insights? This is the migration plan that should work: 0) We have IPA server(s) of aging version (2.0 in your case) 1) On one of your servers, create a replica (ipa-replica-prepare) and copy the replica file to the new server/VM which will host the updated IPA version 2) You install the up-to-date FreeIPA server (ipa-replica-install). It should have all the services as the original server had, i.e. - if original server had CA installed (it probably did), you will also add "--setup-ca" option - if original server had DNS installed , you will also add "--setup-dns" option The new server should now have all the capability of the aging servers + it will have features introduced in the new version. 4) (Optional but recommended) If the installation went well and you are satisfied with the new server and plan to migrate, you may also spin off some replicas from it just to keep the redundancy in case this server break in any way. 5) If the new server was properly installed, you stop all the old IPA servers: # ipactl stop - this step is important, this will prevent loosing data in case the new server misses something and let you test the new server 6) On your client(s), you verify that they continue to function as before. If you use DNS with IPA, this should be easy as they should fallback to the new IPA servers automatically simply by reading new server address from DNS SRV records. If you do not use automatic DNS discovery and you use a fixed list of servers, you would have to update these lists in /etc/sssd/sssd.conf and /etc/krb5.conf and other configuration files you used. 7) When you verify that clients keep functioning properly, you remove the old IPA servers, i.e: - log in to the new ipa server and delete the old servers $ ipa-replica-manage list $ ipa-replica-manage del old.ipa.server.fqdn 8) You can now uninstall old IPA servers (ipa-server-install --uninstall) or discard their VMs/machines 9) You successfully migrated! Please note that this procedure works only if your FreeIPA basic settings (like REALM) stays intact. If you would want to create a whole new deployment using different settings, the following RFE would need to be finished first: https://fedorahosted.org/freeipa/ticket/3656 Any comments? Does this procedure make sense to you? Martin From mkosek at redhat.com Wed Jun 19 07:26:07 2013 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 19 Jun 2013 09:26:07 +0200 Subject: [Freeipa-users] Replacing CA Certificate In-Reply-To: <51BFA9B8.9050301@redhat.com> References: <51BB3DFC.9090108@gmail.com> <51BFA9B8.9050301@redhat.com> Message-ID: <51C15D0F.5080005@redhat.com> On 06/18/2013 02:28 AM, Dmitri Pal wrote: > On 06/14/2013 11:59 AM, Erinn Looney-Triggs wrote: >> So my CA certificate in IPA is a subordinate certificate of an AD CS >> instance. These certificates by default are only valid for two years, >> and mine will be up come this December. >> >> So, I am looking for a way to replace this certificate in IPA. > > We would need to come up with something this fall to help you. I created an upstrem RFE for it. This ticket is a priority: https://fedorahosted.org/freeipa/ticket/3737 Erinn, you can subscribe to the ticket if you want to receive news. Martin From jhrozek at redhat.com Wed Jun 19 12:42:55 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 19 Jun 2013 14:42:55 +0200 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <1371599345.1683.15.camel@developer.hunter.org> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> Message-ID: <20130619124255.GG5923@hendrix.brq.redhat.com> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: > Thank you for your response. As you suggested I > checked /etc/nsswitch.conf. ipa-client-automount left the line looking > like: > > automount: sss files If it did, then I would consider it to be ipa-client-automount, I think we should always let local files override centrally defined maps. The same goes for other (real) NSS maps like passwd or groups. From brian_lee1 at jabil.com Wed Jun 19 12:50:50 2013 From: brian_lee1 at jabil.com (Brian Lee) Date: Wed, 19 Jun 2013 08:50:50 -0400 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 Message-ID: Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I noticed the documentation mentions 2008 R2 as a prerequisite. Unfortunately our organization has not completed the migration to 2008 R2 yet. I know, we're a little behind the curve on that, but fortunately Windows servers aren't my responsibility ;-) If the Kerberos realms are separate between Active Directory and FreeIPA, why does the domain controller need to be Windows 2008 R2 for an external trust? From what I understand, there is no difference in an external trust in Windows NT4, Active Directory 2003, 2008 R2 or Windows 2012. Thanks in advance for any input or experiences with this configuration! -------------- next part -------------- An HTML attachment was scrubbed... URL: From aly.khimji at gmail.com Wed Jun 19 13:05:21 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Wed, 19 Jun 2013 09:05:21 -0400 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: References: Message-ID: We have managed to establish a FreeIPA / Windows 2003R2. However domain and forest functional level has to be set to max on that platform which i believe is 2003 anyways. I know when I was first attempting the trusts, on a new 2003r2 DC and the forest functional level was set to 2000, the trust wouldn't establish and with IPA and the process would die. Everything "seems" to be working so far, so I would also like to know as well if 2008 is a requirement 100%? Thanks Aly On Wed, Jun 19, 2013 at 8:50 AM, Brian Lee wrote: > Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I > noticed the documentation mentions 2008 R2 as a prerequisite. Unfortunately > our organization has not completed the migration to 2008 R2 yet. I know, > we're a little behind the curve on that, but fortunately Windows servers > aren't my responsibility ;-) > > If the Kerberos realms are separate between Active Directory and FreeIPA, > why does the domain controller need to be Windows 2008 R2 for an external > trust? From what I understand, there is no difference in an external trust > in Windows NT4, Active Directory 2003, 2008 R2 or Windows 2012. > > Thanks in advance for any input or experiences with this configuration! > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbose at redhat.com Wed Jun 19 13:01:19 2013 From: sbose at redhat.com (Sumit Bose) Date: Wed, 19 Jun 2013 15:01:19 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <51BFF762.2020900@web.de> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> <20130613071814.GF4317@localhost.localdomain> <51B9B1CA.7090209@web.de> <20130614070853.GO4317@localhost.localdomain> <51BFF762.2020900@web.de> Message-ID: <20130619130119.GL27655@localhost.localdomain> On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote: > On 06/14/2013 09:08 AM, Sumit Bose wrote: > >On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote: > >>Hello Sumit, > >>Hello List Members, > >> > >>Am 13.06.2013 09:18, schrieb Sumit Bose: > >>>On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: > >>>>Am 12.06.2013 12:03, schrieb Sumit Bose: > >>>>>On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: > >>>>>>Dear List Members, > >>>>>> > >>>>>>I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted > >>>>>>relationship to an AD-Domain. > >>>>>>The users of the AD-Domain can login via ssh- or console-login. Then > >>>>>>they can start the gnome desktop manually. But if they login via gdm > >>>>>>they logged out immediatly. > >>>>>Which name style are you using 'AD_NETBIOS\username' or > >>>>>'username at AD_DOMAIN' ? If you only tried one can you try the other? > >>>>until now I tried only 'username at AD_DOMAIN', but > >>>>'AD_NETBIOS\username' does not work as well. > >>>>>If this does not help, please send the relevant section of > >>>>>/var/Log/secure and the sssd logs with a high debug level. > >>>>> > >>>>> > >>>>As far as I can see, both styles causing the same results. > >>>> > >>>>Jun 12 13:27:56 ipa_hostname pam: gdm-password: > >>>>pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > >>>>euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > >>>>Jun 12 13:27:57 ipa_hostname pam: gdm-password: > >>>>pam_sss(gdm-password:auth): authentication success; logname= uid=0 > >>>>euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > >>>>Jun 12 13:27:57 ipa_hostname pam: gdm-password: > >>>>pam_unix(gdm-password:session): session opened for user > >>>>leah at AD_DOMAIN by (uid=0) > >>>>Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered > >>>>Authentication Agent for session > >>>>/org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, > >>>>object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > >>>>de_DE.UTF-8) (disconnected from bus) > >>>>Jun 12 13:27:58 ipa_hostname pam: gdm-password: > >>>>pam_unix(gdm-password:session): session closed for user > >>>>leah at AD_DOMAIN > >>>>Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered > >>>>Authentication Agent for session > >>>>/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 > >>>>[/usr/libexec/polkit-gnome-authentication-agent-1], object path > >>>>/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > >>>> > >>>> > >>>>Jun 12 13:32:56 ipa_hostname pam: gdm-password: > >>>>pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > >>>>euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > >>>>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>>>pam_sss(gdm-password:auth): authentication success; logname= uid=0 > >>>>euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > >>>>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>>>pam_unix(gdm-password:session): session opened for user > >>>>AD_NETBIOS\leah by (uid=0) > >>>>Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered > >>>>Authentication Agent for session > >>>>/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, > >>>>object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > >>>>de_DE.UTF-8) (disconnected from bus) > >>>>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>>>pam_unix(gdm-password:session): session closed for user > >>>>AD_NETBIOS\leah > >>>>Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered > >>>>Authentication Agent for session > >>>>/org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 > >>>>[/usr/libexec/polkit-gnome-authentication-agent-1], object path > >>>>/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > >>>> > >>>>May be the Unregistered Authentication Agent is the problem. But > >>>>what I have missed to do? > >>>Do you have SELinux enabled? Can you check if there any audit messages > >>>with DELinux denials? Can you check if the SELinux context of the users > >>>home directory is right? > >>SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux. > >>I did that already, for eleminating this as the source of difficulties. > >>I'm sorry. May be, I should have mentioned this earlier. > >> > >>If I set it to permissive mode I get > >> > >>drwxr-xr-x. leah at ad_domain leah at ad_domain > >>unconfined_u:object_r:user_home_t:s0 leah > >>drwxr-xr-x. user_xy at ad_domain user_xy at ad_domain > >>unconfined_u:object_r:user_home_t:s0 user_xy > >>... > >> > >>All home directories of AD-Users looks like this. > >The labels look good. Since this issue seems to be happen during the > >open-session PAM step I'm quite confident that it is not related to > >FreeIPA or SSSD, because they do not handle open-session. Do the log > >files in /var/log/gdm contain any other information? Can you send your > >gdm-passwd PAM configuration file and all include ones (password-auth) > >to see if there is anything odd? > > ok, here are the files. Hopefully I haven't missed shomething. I cut > out only the lines, which are appearing as soon as i logged in. The > complete logs are really huge. > The PAM config looks ok and I didn't found anything obvious in the logs, maybe except the odd looking message in :0-greeter.log. But I think they are not critical. Have you tried if a gdm login with an IPA user is working on this client? bye, Sumit > > ########### > /var/log/gdm/\:0-greeter.log: > > Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW > message with a timestamp of 0 for 0x1c0002b (Login Wind) > Window manager warning: meta_window_activate called by a pager with > a 0 timestamp; the pager needs to be fixed. > Window manager warning: CurrentTime used to choose focus window; > focus window may not be correct. > Window manager warning: Got a request to focus the no_focus_window > with a timestamp of 0. This shouldn't happen! > > > ########### > /var/log/gdm/\:0-slave.log is empty > > Thanks > > Leah > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From abokovoy at redhat.com Wed Jun 19 12:59:01 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 19 Jun 2013 15:59:01 +0300 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: References: Message-ID: <20130619125901.GI24492@redhat.com> On Wed, 19 Jun 2013, Brian Lee wrote: >Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I >noticed the documentation mentions 2008 R2 as a prerequisite. Unfortunately >our organization has not completed the migration to 2008 R2 yet. I know, >we're a little behind the curve on that, but fortunately Windows servers >aren't my responsibility ;-) > >If the Kerberos realms are separate between Active Directory and FreeIPA, >why does the domain controller need to be Windows 2008 R2 for an external >trust? From what I understand, there is no difference in an external trust >in Windows NT4, Active Directory 2003, 2008 R2 or Windows 2012. Please note that actual requirement is to have functional level 2008 or above, for cross-forest trusts. In our limited testing using functional level 2003 things did not work as expected. We didn't look deeper because functional level 2003 also lacks AES encryption and making it working with weaker encryption for TGT was to force downgrading encryption on IPA side, aside from unclear issues with RPC calls. -- / Alexander Bokovoy From elijah.elliott at moser-inc.com Wed Jun 19 13:41:10 2013 From: elijah.elliott at moser-inc.com (Elijah Elliott) Date: Wed, 19 Jun 2013 13:41:10 +0000 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: Message-ID: In /etc/auto_home add a line above +auto_home that reads /home/local -rw localhost:/export/home/local Then create the directory in /export/home, chown it properly, and you should be good. If you have any issues its probably syntax, I am fairly certain you need -rw on linux but that would not be the auto mount line for Solaris. -Eli From: , Thomas > Date: Tuesday, June 18, 2013 5:34 PM To: Dean Hunter > Cc: "freeipa-users at redhat.com" > Subject: Re: [Freeipa-users] Auto-Mount Home Directory for Local Users? Resent-From: > A couple of things to check (you probably have done this thought)... - Make sure the entry in /etc/nsswitch.conf reads: automount: files sss - Also, do you have a "local" account entry in /etc/passwd? That may confuse things... Tom On Tue, Jun 18, 2013 at 1:12 PM, Dean Hunter > wrote: I have successfully configured FreeIPA to auto-mount the home directory for FreeIPA users. But on those occasions when I need to login as the local administrator I can not get a home directory: [root at host ~]# ssh local at fedora19 local at fedora19's password: Could not chdir to home directory /home/local: No such file or directory -bash-4.2$ logout Connection to fedora19 closed. [root at host ~]# where local is a member of the wheel group. Where do I start? _______________________________________________ Freeipa-users mailing list Freeipa-users at redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From aly.khimji at gmail.com Wed Jun 19 14:26:55 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Wed, 19 Jun 2013 10:26:55 -0400 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: <20130619125901.GI24492@redhat.com> References: <20130619125901.GI24492@redhat.com> Message-ID: So as others have mentioned windows obviously isn't my area of focus here either, however we have this working with 2003r2, but I do notice odd behaviour with "id" returning odd results sometimes depending on what system I am logged in from or initial logins failing the first time and working the second time, would this be a result of 2003 trust vs 2008 trust? Aly On Wed, Jun 19, 2013 at 8:59 AM, Alexander Bokovoy wrote: > On Wed, 19 Jun 2013, Brian Lee wrote: > >> Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I >> noticed the documentation mentions 2008 R2 as a prerequisite. >> Unfortunately >> our organization has not completed the migration to 2008 R2 yet. I know, >> we're a little behind the curve on that, but fortunately Windows servers >> aren't my responsibility ;-) >> >> If the Kerberos realms are separate between Active Directory and FreeIPA, >> why does the domain controller need to be Windows 2008 R2 for an external >> trust? From what I understand, there is no difference in an external trust >> in Windows NT4, Active Directory 2003, 2008 R2 or Windows 2012. >> > Please note that actual requirement is to have functional level 2008 or > above, for cross-forest trusts. > > In our limited testing using functional level 2003 things did not work > as expected. We didn't look deeper because functional level 2003 also lacks > AES encryption and making it working with weaker encryption for TGT was to > force downgrading encryption on IPA side, aside from unclear issues with > RPC calls. > > -- > / Alexander Bokovoy > > > ______________________________**_________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/**mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at karasik.org Wed Jun 19 14:32:49 2013 From: linux at karasik.org (Vitaly) Date: Wed, 19 Jun 2013 17:32:49 +0300 Subject: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem Message-ID: ipa-client-install fails with "Cannot resolve network address for KDC" message. I don't have SRV records, but I provide IPA server name via "--server" param. any ideas? TIA, Vitaly 2013-06-19 13:58:39,113 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-06-19 13:58:39,113 DEBUG [ipacheckldap] 2013-06-19 13:58:39,113 DEBUG Init ldap with: ldap:// serv02.prod.example.com:389 2013-06-19 13:58:39,193 DEBUG Search rootdse 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in dc=prod,dc=example,dc=com(base) 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': [' prod.example.com'], 'dc': ['prod'], 'nisDomain': ['prod.example.com']})] 2013-06-19 13:58:39,272 DEBUG Search for (objectClass=krbRealmContainer) in dc=prod,dc=example,dc=com(sub) 2013-06-19 13:58:39,313 DEBUG Found: [('cn=PROD.EXAMPLE.COM,cn=kerberos,dc=prod,dc=example,dc=com', {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': ['PROD.EXAMPLE.COM'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})] 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit vm4.stage.example.com at PROD.EXAMPLE.COM 2013-06-19 13:58:52,032 INFO stdout= 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network address for KDC in realm PROD.EXAMPLE.COM while getting initial credentials 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy 2013-06-19 13:58:52,065 INFO stdout= 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache found while destroying cache ~ ~ ~ ~ ~ ~ ~ -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Wed Jun 19 16:35:49 2013 From: dpal at redhat.com (Dmitri Pal) Date: Wed, 19 Jun 2013 12:35:49 -0400 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: References: Message-ID: <51C1DDE5.4030803@redhat.com> On 06/19/2013 09:05 AM, Aly Khimji wrote: > We have managed to establish a FreeIPA / Windows 2003R2. > However domain and forest functional level has to be set to max on > that platform which i believe is 2003 anyways. > I know when I was first attempting the trusts, on a new 2003r2 DC and > the forest functional level was set to 2000, the trust wouldn't > establish and with IPA and the process would die. > > Everything "seems" to be working so far, so I would also like to know > as well if 2008 is a requirement 100%? We have not tested this extensively. As Alexander mentioned there might be issues. If you manage to set it up - great. If there are some glitches they might be related to 2003 vs 2008 but we can't say for sure without more investigation. If your testing reveals some reproducible issues we definitely want to know about them. Whether we would be able to fix them is yet another story. > > Thanks > > Aly > > > On Wed, Jun 19, 2013 at 8:50 AM, Brian Lee > wrote: > > Has anyone successfully set up trusts between 2003 R2 and FreeIPA? > I noticed the documentation mentions 2008 R2 as a prerequisite. > Unfortunately our organization has not completed the migration to > 2008 R2 yet. I know, we're a little behind the curve on that, but > fortunately Windows servers aren't my responsibility ;-) > > If the Kerberos realms are separate between Active Directory and > FreeIPA, why does the domain controller need to be Windows 2008 R2 > for an external trust? From what I understand, there is no > difference in an external trust in Windows NT4, Active Directory > 2003, 2008 R2 or Windows 2012. > > Thanks in advance for any input or experiences with this > configuration! > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jun 19 16:35:05 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 19 Jun 2013 19:35:05 +0300 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: References: <20130619125901.GI24492@redhat.com> Message-ID: <20130619163505.GL24492@redhat.com> On Wed, 19 Jun 2013, Aly Khimji wrote: >So as others have mentioned windows obviously isn't my area of focus here >either, however we have this working with 2003r2, but I do notice odd >behaviour with "id" returning odd results sometimes depending on what >system I am logged in from or initial logins failing the first time and >working the second time, would this be a result of 2003 trust vs 2008 trust? Ok, so I have tried another time and went through Windows Server 2003 R2 setup again. You need to select domain functional level Windows Server 2003 and after that raise forest functional level to Windows Server 2003. Only in this case it will work, though without AES encryption (only RC4 encryption is available). See http://technet.microsoft.com/en-us/library/cc738822%28v=ws.10%29.aspx for Windows specifics. In order to raise forest functional level one needs to open 'Active Directory Domains and Trusts' snap-in and right-click on 'Active Directory Domains and Trusts' root in the left pane. Then select 'Raise forest functional level ...' and use "Windows Server 2003" as the level to raise. After that you can try establishing trust from IPA side. Here is IPA behavior (the output corresponds to FreeIPA 3.2 but behavior should be the same in RHEL 6.4): # ipa trust-add ad.domain --admin Administrator --password Active directory domain administrator's password: ipa: ERROR: invalid 'AD domain controller': unsupported functional level (went and raised forest functional level) # ipa trust-add ad.domain --admin Administrator --password Active directory domain administrator's password: -------------------------------------------------- Added Active Directory trust for realm "ad.domain" -------------------------------------------------- Realm name: ad.domain Domain NetBIOS name: ADP Domain Security Identifier: S-1-5-21-426902846-1951547570-376736459 SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 Trust direction: Two-way trust Trust type: Active Directory domain Trust status: Established and verified Note that there will be all kinds of issues due to AES encryption keys are missing -- you would not be able to use IPA credentials to obtain Kerberos tickets against Windows services, for example. This whole experiment is rather of a limited value. But at least, log-in with PuTTY 0.62 works. -- / Alexander Bokovoy From dpal at redhat.com Wed Jun 19 16:43:35 2013 From: dpal at redhat.com (Dmitri Pal) Date: Wed, 19 Jun 2013 12:43:35 -0400 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: <20130619163505.GL24492@redhat.com> References: <20130619125901.GI24492@redhat.com> <20130619163505.GL24492@redhat.com> Message-ID: <51C1DFB7.7090404@redhat.com> On 06/19/2013 12:35 PM, Alexander Bokovoy wrote: > On Wed, 19 Jun 2013, Aly Khimji wrote: >> So as others have mentioned windows obviously isn't my area of focus >> here >> either, however we have this working with 2003r2, but I do notice odd >> behaviour with "id" returning odd results sometimes depending on what >> system I am logged in from or initial logins failing the first time and >> working the second time, would this be a result of 2003 trust vs 2008 >> trust? > Ok, so I have tried another time and went through Windows Server 2003 R2 > setup again. > > You need to select domain functional level Windows Server 2003 and after > that raise forest functional level to Windows Server 2003. > > Only in this case it will work, though without AES encryption (only RC4 > encryption is available). > > See http://technet.microsoft.com/en-us/library/cc738822%28v=ws.10%29.aspx > for Windows specifics. > > In order to raise forest functional level one needs to open 'Active > Directory Domains and Trusts' snap-in and right-click on 'Active > Directory Domains and Trusts' root in the left pane. Then select 'Raise > forest functional level ...' and use "Windows Server 2003" as the level > to raise. > > After that you can try establishing trust from IPA side. > > Here is IPA behavior (the output corresponds to FreeIPA 3.2 but behavior > should be the same in RHEL 6.4): > > # ipa trust-add ad.domain --admin Administrator --password > Active directory domain administrator's password: ipa: ERROR: invalid > 'AD domain controller': unsupported functional level > > (went and raised forest functional level) > # ipa trust-add ad.domain --admin Administrator > --password > Active directory domain administrator's password: > -------------------------------------------------- > Added Active Directory trust for realm "ad.domain" > -------------------------------------------------- > Realm name: ad.domain > Domain NetBIOS name: ADP > Domain Security Identifier: S-1-5-21-426902846-1951547570-376736459 > SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, > S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, > S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, > S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, > S-1-5-17, > S-1-5-18, S-1-5-19, S-1-5-20 > SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, > S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, > S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, > S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, > S-1-5-17, > S-1-5-18, S-1-5-19, S-1-5-20 > Trust direction: Two-way trust > Trust type: Active Directory domain > Trust status: Established and verified > > > Note that there will be all kinds of issues due to AES encryption keys > are missing -- you would not be able to use IPA credentials to obtain > Kerberos tickets against Windows services, for example. This whole > experiment is rather of a limited value. > > But at least, log-in with PuTTY 0.62 works. > Should we put this on wiki as a how to? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From dpal at redhat.com Wed Jun 19 16:45:35 2013 From: dpal at redhat.com (Dmitri Pal) Date: Wed, 19 Jun 2013 12:45:35 -0400 Subject: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem In-Reply-To: References: Message-ID: <51C1E02F.9020406@redhat.com> On 06/19/2013 10:32 AM, Vitaly wrote: > > ipa-client-install fails with "Cannot resolve network address for KDC" > message. > I don't have SRV records, but I provide IPA server name via > "--server" param. > any ideas? > > TIA, > Vitaly > > 2013-06-19 13:58:39,113 DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2013-06-19 13:58:39,113 DEBUG [ipacheckldap] > 2013-06-19 13:58:39,113 DEBUG Init ldap with: > ldap://serv02.prod.example.com:389 > 2013-06-19 13:58:39,193 DEBUG Search rootdse > 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in > dc=prod,dc=example,dc=com(base) > 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', > {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', > 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': > ['prod.example.com '], 'dc': ['prod'], > 'nisDomain': ['prod.example.com ']})] > 2013-06-19 13:58:39,272 DEBUG Search for > (objectClass=krbRealmContainer) in dc=prod,dc=example,dc=com(sub) > 2013-06-19 13:58:39,313 DEBUG Found: [('cn=PROD.EXAMPLE.COM > ,cn=kerberos,dc=prod,dc=example,dc=com', > {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': > ['PROD.EXAMPLE.COM '], > 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', > 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': > ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': > ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', > 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', > 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', > 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', > 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', > 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], > 'krbMaxRenewableAge': ['604800']})] > 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit > vm4.stage.example.com at PROD.EXAMPLE.COM > > 2013-06-19 13:58:52,032 INFO stdout= > 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network > address for KDC in realm PROD.EXAMPLE.COM > while getting initial credentials > > 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy > 2013-06-19 13:58:52,065 INFO stdout= > 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache > found while destroying cache > ~ > ~ > ~ > ~ > ~ > ~ > ~ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users Is KDC resolvable from the client? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Wed Jun 19 16:47:55 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 19 Jun 2013 19:47:55 +0300 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: <51C1DFB7.7090404@redhat.com> References: <20130619125901.GI24492@redhat.com> <20130619163505.GL24492@redhat.com> <51C1DFB7.7090404@redhat.com> Message-ID: <20130619164755.GN24492@redhat.com> On Wed, 19 Jun 2013, Dmitri Pal wrote: >On 06/19/2013 12:35 PM, Alexander Bokovoy wrote: >> On Wed, 19 Jun 2013, Aly Khimji wrote: >>> So as others have mentioned windows obviously isn't my area of focus >>> here >>> either, however we have this working with 2003r2, but I do notice odd >>> behaviour with "id" returning odd results sometimes depending on what >>> system I am logged in from or initial logins failing the first time and >>> working the second time, would this be a result of 2003 trust vs 2008 >>> trust? >> Ok, so I have tried another time and went through Windows Server 2003 R2 >> setup again. >> >> You need to select domain functional level Windows Server 2003 and after >> that raise forest functional level to Windows Server 2003. >> >> Only in this case it will work, though without AES encryption (only RC4 >> encryption is available). >> >> See http://technet.microsoft.com/en-us/library/cc738822%28v=ws.10%29.aspx >> for Windows specifics. >> >> In order to raise forest functional level one needs to open 'Active >> Directory Domains and Trusts' snap-in and right-click on 'Active >> Directory Domains and Trusts' root in the left pane. Then select 'Raise >> forest functional level ...' and use "Windows Server 2003" as the level >> to raise. >> >> After that you can try establishing trust from IPA side. >> >> Here is IPA behavior (the output corresponds to FreeIPA 3.2 but behavior >> should be the same in RHEL 6.4): >> >> # ipa trust-add ad.domain --admin Administrator --password >> Active directory domain administrator's password: ipa: ERROR: invalid >> 'AD domain controller': unsupported functional level >> >> (went and raised forest functional level) >> # ipa trust-add ad.domain --admin Administrator >> --password >> Active directory domain administrator's password: >> -------------------------------------------------- >> Added Active Directory trust for realm "ad.domain" >> -------------------------------------------------- >> Realm name: ad.domain >> Domain NetBIOS name: ADP >> Domain Security Identifier: S-1-5-21-426902846-1951547570-376736459 >> SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, >> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, >> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, >> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, >> S-1-5-17, >> S-1-5-18, S-1-5-19, S-1-5-20 >> SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, >> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, >> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, >> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, >> S-1-5-17, >> S-1-5-18, S-1-5-19, S-1-5-20 >> Trust direction: Two-way trust >> Trust type: Active Directory domain >> Trust status: Established and verified >> >> >> Note that there will be all kinds of issues due to AES encryption keys >> are missing -- you would not be able to use IPA credentials to obtain >> Kerberos tickets against Windows services, for example. This whole >> experiment is rather of a limited value. >> >> But at least, log-in with PuTTY 0.62 works. >> > >Should we put this on wiki as a how to? Definitely. If nobody beats me through the night, adding it to http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup, I'll do it tomorrow. -- / Alexander Bokovoy From aly.khimji at gmail.com Wed Jun 19 17:39:46 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Wed, 19 Jun 2013 13:39:46 -0400 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: <20130619164755.GN24492@redhat.com> References: <20130619125901.GI24492@redhat.com> <20130619163505.GL24492@redhat.com> <51C1DFB7.7090404@redhat.com> <20130619164755.GN24492@redhat.com> Message-ID: hey guys, so at this point in time we haven't been having any issues, but I am not 100% if the odd issues we have been having have been related to 2003 vs 2008 issue when we joined our IPA server to the 2003r2 we got the following output [root at didmsvrua01 ~]# ipa trust-add --type=ad corpnonprd.xxxx.com --admin Administrator --password Active directory domain administrator's password: -------------------------------------------------------------- Added Active Directory trust for realm "CorpNonPrd.xxxx.com" -------------------------------------------------------------- Realm name: CorpNonPrd.xxxx.com Domain NetBIOS name: CORPNONPRD Domain Security Identifier: S-1-5-21-417068303-3117552414-2168216644 Trust direction: Two-way trust Trust type: Active Directory domain Trust status: Established and verified [root at didmsvrua01 ~]# This looks slightly different than yours, does this look like a properly established trust? I don't' seem to have any issues in regards to AES, and trust users can log into clients however there are issues where the first attempt takes a long time to login to the point of timeout and the second one works Aly On Wed, Jun 19, 2013 at 12:47 PM, Alexander Bokovoy wrote: > On Wed, 19 Jun 2013, Dmitri Pal wrote: > >> On 06/19/2013 12:35 PM, Alexander Bokovoy wrote: >> >>> On Wed, 19 Jun 2013, Aly Khimji wrote: >>> >>>> So as others have mentioned windows obviously isn't my area of focus >>>> here >>>> either, however we have this working with 2003r2, but I do notice odd >>>> behaviour with "id" returning odd results sometimes depending on what >>>> system I am logged in from or initial logins failing the first time and >>>> working the second time, would this be a result of 2003 trust vs 2008 >>>> trust? >>>> >>> Ok, so I have tried another time and went through Windows Server 2003 R2 >>> setup again. >>> >>> You need to select domain functional level Windows Server 2003 and after >>> that raise forest functional level to Windows Server 2003. >>> >>> Only in this case it will work, though without AES encryption (only RC4 >>> encryption is available). >>> >>> See http://technet.microsoft.com/**en-us/library/cc738822%28v=ws.** >>> 10%29.aspx >>> for Windows specifics. >>> >>> In order to raise forest functional level one needs to open 'Active >>> Directory Domains and Trusts' snap-in and right-click on 'Active >>> Directory Domains and Trusts' root in the left pane. Then select 'Raise >>> forest functional level ...' and use "Windows Server 2003" as the level >>> to raise. >>> >>> After that you can try establishing trust from IPA side. >>> >>> Here is IPA behavior (the output corresponds to FreeIPA 3.2 but behavior >>> should be the same in RHEL 6.4): >>> >>> # ipa trust-add ad.domain --admin Administrator --password >>> Active directory domain administrator's password: ipa: ERROR: invalid >>> 'AD domain controller': unsupported functional level >>> >>> (went and raised forest functional level) >>> # ipa trust-add ad.domain --admin Administrator >>> --password >>> Active directory domain administrator's password: >>> ------------------------------**-------------------- >>> Added Active Directory trust for realm "ad.domain" >>> ------------------------------**-------------------- >>> Realm name: ad.domain >>> Domain NetBIOS name: ADP >>> Domain Security Identifier: S-1-5-21-426902846-1951547570-**376736459 >>> SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, >>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, >>> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, >>> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, >>> S-1-5-17, >>> S-1-5-18, S-1-5-19, S-1-5-20 >>> SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, >>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, >>> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, >>> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, >>> S-1-5-17, >>> S-1-5-18, S-1-5-19, S-1-5-20 >>> Trust direction: Two-way trust >>> Trust type: Active Directory domain >>> Trust status: Established and verified >>> >>> >>> Note that there will be all kinds of issues due to AES encryption keys >>> are missing -- you would not be able to use IPA credentials to obtain >>> Kerberos tickets against Windows services, for example. This whole >>> experiment is rather of a limited value. >>> >>> But at least, log-in with PuTTY 0.62 works. >>> >>> >> Should we put this on wiki as a how to? >> > Definitely. If nobody beats me through the night, adding it to > http://www.freeipa.org/page/**Howto/IPAv3_AD_trust_setup, > I'll do it > tomorrow. > > > -- > / Alexander Bokovoy > > > ______________________________**_________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/**mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Wed Jun 19 17:55:21 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 19 Jun 2013 19:55:21 +0200 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <20130619124255.GG5923@hendrix.brq.redhat.com> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> <20130619124255.GG5923@hendrix.brq.redhat.com> Message-ID: <20130619175521.GJ5923@hendrix.brq.redhat.com> On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote: > On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: > > Thank you for your response. As you suggested I > > checked /etc/nsswitch.conf. ipa-client-automount left the line looking > > like: > > > > automount: sss files > > If it did, then I would consider it to be ipa-client-automount, I think ^^^^^^^^^^^^^^ "to be ipa-client-automount *bug*". Sorry for the typo > we should always let local files override centrally defined maps. The > same goes for other (real) NSS maps like passwd or groups. > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From rcritten at redhat.com Wed Jun 19 18:00:23 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 19 Jun 2013 14:00:23 -0400 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <20130619175521.GJ5923@hendrix.brq.redhat.com> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> <20130619124255.GG5923@hendrix.brq.redhat.com> <20130619175521.GJ5923@hendrix.brq.redhat.com> Message-ID: <51C1F1B7.4010601@redhat.com> Jakub Hrozek wrote: > On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote: >> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: >>> Thank you for your response. As you suggested I >>> checked /etc/nsswitch.conf. ipa-client-automount left the line looking >>> like: >>> >>> automount: sss files >> >> If it did, then I would consider it to be ipa-client-automount, I think > ^^^^^^^^^^^^^^ > "to be ipa-client-automount *bug*". Sorry for the typo https://fedorahosted.org/freeipa/ticket/3733 I guess I'd check the system logs to see if /home/local was attempted to be mounted at all. Does it exist on the NFS server? I find running automount in foreground mode with debugging to be very useful in tracking down these issues. rob From abokovoy at redhat.com Wed Jun 19 18:52:02 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Wed, 19 Jun 2013 21:52:02 +0300 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: References: <20130619125901.GI24492@redhat.com> <20130619163505.GL24492@redhat.com> <51C1DFB7.7090404@redhat.com> <20130619164755.GN24492@redhat.com> Message-ID: <20130619185202.GB10478@redhat.com> On Wed, 19 Jun 2013, Aly Khimji wrote: >hey guys, > >so at this point in time we haven't been having any issues, but I am not >100% if the odd issues we have been having have been related to 2003 vs >2008 issue > >when we joined our IPA server to the 2003r2 we got the following output > >[root at didmsvrua01 ~]# ipa trust-add --type=ad corpnonprd.xxxx.com --admin >Administrator --password >Active directory domain administrator's password: >-------------------------------------------------------------- >Added Active Directory trust for realm "CorpNonPrd.xxxx.com" >-------------------------------------------------------------- > Realm name: CorpNonPrd.xxxx.com > Domain NetBIOS name: CORPNONPRD > Domain Security Identifier: S-1-5-21-417068303-3117552414-2168216644 > Trust direction: Two-way trust > Trust type: Active Directory domain > Trust status: Established and verified >[root at didmsvrua01 ~]# > > >This looks slightly different than yours, does this look like a properly >established trust? I don't' seem to have any issues in regards to AES, and >trust users can log into clients however there are issues where the first >attempt takes a long time to login to the point of timeout and the second >one works As I said, my output corresponds to 3.2 version, yours -- to 3.0. That's fine. -- / Alexander Bokovoy From akrivoka at redhat.com Wed Jun 19 19:24:51 2013 From: akrivoka at redhat.com (Ana Krivokapic) Date: Wed, 19 Jun 2013 21:24:51 +0200 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: <20130619164755.GN24492@redhat.com> References: <20130619125901.GI24492@redhat.com> <20130619163505.GL24492@redhat.com> <51C1DFB7.7090404@redhat.com> <20130619164755.GN24492@redhat.com> Message-ID: <51C20583.3060204@redhat.com> On 06/19/2013 06:47 PM, Alexander Bokovoy wrote: > On Wed, 19 Jun 2013, Dmitri Pal wrote: >> On 06/19/2013 12:35 PM, Alexander Bokovoy wrote: >>> On Wed, 19 Jun 2013, Aly Khimji wrote: >>>> So as others have mentioned windows obviously isn't my area of focus >>>> here >>>> either, however we have this working with 2003r2, but I do notice odd >>>> behaviour with "id" returning odd results sometimes depending on what >>>> system I am logged in from or initial logins failing the first time and >>>> working the second time, would this be a result of 2003 trust vs 2008 >>>> trust? >>> Ok, so I have tried another time and went through Windows Server 2003 R2 >>> setup again. >>> >>> You need to select domain functional level Windows Server 2003 and after >>> that raise forest functional level to Windows Server 2003. >>> >>> Only in this case it will work, though without AES encryption (only RC4 >>> encryption is available). >>> >>> See http://technet.microsoft.com/en-us/library/cc738822%28v=ws.10%29.aspx >>> for Windows specifics. >>> >>> In order to raise forest functional level one needs to open 'Active >>> Directory Domains and Trusts' snap-in and right-click on 'Active >>> Directory Domains and Trusts' root in the left pane. Then select 'Raise >>> forest functional level ...' and use "Windows Server 2003" as the level >>> to raise. >>> >>> After that you can try establishing trust from IPA side. >>> >>> Here is IPA behavior (the output corresponds to FreeIPA 3.2 but behavior >>> should be the same in RHEL 6.4): >>> >>> # ipa trust-add ad.domain --admin Administrator --password >>> Active directory domain administrator's password: ipa: ERROR: invalid >>> 'AD domain controller': unsupported functional level >>> >>> (went and raised forest functional level) >>> # ipa trust-add ad.domain --admin Administrator >>> --password >>> Active directory domain administrator's password: >>> -------------------------------------------------- >>> Added Active Directory trust for realm "ad.domain" >>> -------------------------------------------------- >>> Realm name: ad.domain >>> Domain NetBIOS name: ADP >>> Domain Security Identifier: S-1-5-21-426902846-1951547570-376736459 >>> SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, >>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, >>> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, >>> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, >>> S-1-5-17, >>> S-1-5-18, S-1-5-19, S-1-5-20 >>> SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, >>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, >>> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, >>> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, >>> S-1-5-17, >>> S-1-5-18, S-1-5-19, S-1-5-20 >>> Trust direction: Two-way trust >>> Trust type: Active Directory domain >>> Trust status: Established and verified >>> >>> >>> Note that there will be all kinds of issues due to AES encryption keys >>> are missing -- you would not be able to use IPA credentials to obtain >>> Kerberos tickets against Windows services, for example. This whole >>> experiment is rather of a limited value. >>> >>> But at least, log-in with PuTTY 0.62 works. >>> >> >> Should we put this on wiki as a how to? > Definitely. If nobody beats me through the night, adding it to > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup, I'll do it > tomorrow. > > The wiki page has been updated with this information. http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Trusts_and_Windows_Server_2003_R2 -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. From mbarr at snap-interactive.com Wed Jun 19 19:36:42 2013 From: mbarr at snap-interactive.com (Matthew Barr) Date: Wed, 19 Jun 2013 15:36:42 -0400 Subject: [Freeipa-users] GlobalKnownHostsFile changes produce unexpected behavior Message-ID: This may need to be passed upstream to the SSH maintainers or openssh folks, but: (Centos 6.4, ipa-client 3.0.0-26, openssh-5.3p1-84.1 ) IPA (sssd) when installed is to modify the /etc/ssh/ssh_config file, by adding (at least) a line : GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts Default behavior of SSH when that isn't present is to check both /etc/ssh/ssh_known_hosts2 & /etc/ssh/ssh_known_hosts for keys. This is documented in the ssh_config man page. However, when the line is present with the sssd change, the OS only checks for /etc/ssh/ssh_known_hosts2, plus the file in /var/lib/sss. It still checks for both $HOME/.ssh/known_hosts & $HOME/.ssh/known_hosts, either way. (that's controlled by a different option.) Should IPA / SSSD be adding back in the default value, until such time as it's fixed in the upstream? Matthew Barr Technical Architect E: mbarr at snap-interactive.com AIM: matthewbarr1 c: (646) 727-0535 -------------- next part -------------- An HTML attachment was scrubbed... URL: From aly.khimji at gmail.com Wed Jun 19 20:01:32 2013 From: aly.khimji at gmail.com (Aly Khimji) Date: Wed, 19 Jun 2013 16:01:32 -0400 Subject: [Freeipa-users] FreeIPA trusts with 2003 R2 In-Reply-To: <51C20583.3060204@redhat.com> References: <20130619125901.GI24492@redhat.com> <20130619163505.GL24492@redhat.com> <51C1DFB7.7090404@redhat.com> <20130619164755.GN24492@redhat.com> <51C20583.3060204@redhat.com> Message-ID: Great I basically said just advised that if they want to make all the IDM bells and whistles work with AD and Elevated access they need to move on from a 2k3 as its just not being supported upstream really. Thanks guys. On Wed, Jun 19, 2013 at 3:24 PM, Ana Krivokapic wrote: > On 06/19/2013 06:47 PM, Alexander Bokovoy wrote: > > On Wed, 19 Jun 2013, Dmitri Pal wrote: > >> On 06/19/2013 12:35 PM, Alexander Bokovoy wrote: > >>> On Wed, 19 Jun 2013, Aly Khimji wrote: > >>>> So as others have mentioned windows obviously isn't my area of focus > >>>> here > >>>> either, however we have this working with 2003r2, but I do notice odd > >>>> behaviour with "id" returning odd results sometimes depending on what > >>>> system I am logged in from or initial logins failing the first time > and > >>>> working the second time, would this be a result of 2003 trust vs 2008 > >>>> trust? > >>> Ok, so I have tried another time and went through Windows Server 2003 > R2 > >>> setup again. > >>> > >>> You need to select domain functional level Windows Server 2003 and > after > >>> that raise forest functional level to Windows Server 2003. > >>> > >>> Only in this case it will work, though without AES encryption (only RC4 > >>> encryption is available). > >>> > >>> See > http://technet.microsoft.com/en-us/library/cc738822%28v=ws.10%29.aspx > >>> for Windows specifics. > >>> > >>> In order to raise forest functional level one needs to open 'Active > >>> Directory Domains and Trusts' snap-in and right-click on 'Active > >>> Directory Domains and Trusts' root in the left pane. Then select 'Raise > >>> forest functional level ...' and use "Windows Server 2003" as the level > >>> to raise. > >>> > >>> After that you can try establishing trust from IPA side. > >>> > >>> Here is IPA behavior (the output corresponds to FreeIPA 3.2 but > behavior > >>> should be the same in RHEL 6.4): > >>> > >>> # ipa trust-add ad.domain --admin Administrator --password > >>> Active directory domain administrator's password: ipa: ERROR: invalid > >>> 'AD domain controller': unsupported functional level > >>> > >>> (went and raised forest functional level) > >>> # ipa trust-add ad.domain --admin Administrator > >>> --password > >>> Active directory domain administrator's password: > >>> -------------------------------------------------- > >>> Added Active Directory trust for realm "ad.domain" > >>> -------------------------------------------------- > >>> Realm name: ad.domain > >>> Domain NetBIOS name: ADP > >>> Domain Security Identifier: S-1-5-21-426902846-1951547570-376736459 > >>> SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, > >>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, > >>> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, > S-1-5-12, > >>> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, > >>> S-1-5-17, > >>> S-1-5-18, S-1-5-19, S-1-5-20 > >>> SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, > >>> S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, > >>> S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, > S-1-5-12, > >>> S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, > >>> S-1-5-17, > >>> S-1-5-18, S-1-5-19, S-1-5-20 > >>> Trust direction: Two-way trust > >>> Trust type: Active Directory domain > >>> Trust status: Established and verified > >>> > >>> > >>> Note that there will be all kinds of issues due to AES encryption keys > >>> are missing -- you would not be able to use IPA credentials to obtain > >>> Kerberos tickets against Windows services, for example. This whole > >>> experiment is rather of a limited value. > >>> > >>> But at least, log-in with PuTTY 0.62 works. > >>> > >> > >> Should we put this on wiki as a how to? > > Definitely. If nobody beats me through the night, adding it to > > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup, I'll do it > > tomorrow. > > > > > > The wiki page has been updated with this information. > > > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Trusts_and_Windows_Server_2003_R2 > > -- > Regards, > > Ana Krivokapic > Associate Software Engineer > FreeIPA team > Red Hat Inc. > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua at azariah.com Wed Jun 19 20:33:39 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Wed, 19 Jun 2013 12:33:39 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C153AE.4040708@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <51C153AE.4040708@redhat.com> Message-ID: <1657998.iYQoQi8vAQ@hosanna> Thank you so much! A few questions below. On Wednesday, June 19, 2013 08:46:06 Martin Kosek wrote: > This is the migration plan that should work: > > 0) We have IPA server(s) of aging version (2.0 in your case) > > 1) On one of your servers, create a replica (ipa-replica-prepare) and copy > the replica file to the new server/VM which will host the updated IPA > version > > 2) You install the up-to-date FreeIPA server (ipa-replica-install). It > should have all the services as the original server had, i.e. > - if original server had CA installed (it probably did), you will also add > "--setup-ca" option > - if original server had DNS installed , you will also add "--setup-dns" > option - Am I correct in understanding that the replica file won't inform the replica which services to create? - We do have DNS running on our IPA nodes, but it is not controlled by IPA. I assume I don't setup DNS in that case. > The new server should now have all the capability of the aging servers + it > will have features introduced in the new version. > > 4) (Optional but recommended) If the installation went well and you are > satisfied with the new server and plan to migrate, you may also spin off > some replicas from it just to keep the redundancy in case this server break > in any way. > > 5) If the new server was properly installed, you stop all the old IPA > servers: # ipactl stop > - this step is important, this will prevent loosing data in case the new > server misses something and let you test the new server > > 6) On your client(s), you verify that they continue to function as before. > If you use DNS with IPA, this should be easy as they should fallback to the > new IPA servers automatically simply by reading new server address from DNS > SRV records. If you do not use automatic DNS discovery and you use a fixed > list of servers, you would have to update these lists in > /etc/sssd/sssd.conf and /etc/krb5.conf and other configuration files you > used. IPA doesn't control DNS, but I think we may use DNS auto discovery. We have this in our DNS records: ; DNS-discovery service entries _kerberos IN TXT LAB.WHAMCLOUD.COM ; name prio weight port target _kerberos._udp IN SRV 10 0 88 ipa0 _kerberos-master._udp IN SRV 0 0 88 ipa0 _kerberos-adm._tcp IN SRV 0 0 749 ipa0 _kpasswd._udp IN SRV 0 0 464 ipa0 _ldap._tcp IN SRV 10 0 389 ipa0 If I add another set of records, but using ipa_new (for example), will the sssd clients be able to see both servers? > 7) When you verify that clients keep functioning properly, you remove the > old IPA servers, i.e: > - log in to the new ipa server and delete the old servers > $ ipa-replica-manage list > $ ipa-replica-manage del old.ipa.server.fqdn > > 8) You can now uninstall old IPA servers (ipa-server-install --uninstall) or > discard their VMs/machines > > 9) You successfully migrated! What are some good tests to run against the replica? The basic ones like ipa user-find, listing groups, listing automounts, etc? How do I make sure my test queries are going against the new IPA server instead of the old one? For the ipa commands is there a way (similar to dig's @) to direct a query against a specific IPA server? > Please note that this procedure works only if your FreeIPA basic settings > (like REALM) stays intact. Nope, everything is staying the same. > Any comments? Does this procedure make sense to you? It does make sense. Thank you so much for walking me through this. I'll let you know if I hit any glitches. j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From lawrenaj at plu.edu Wed Jun 19 20:39:31 2013 From: lawrenaj at plu.edu (Alex Lawrence) Date: Wed, 19 Jun 2013 13:39:31 -0700 Subject: [Freeipa-users] migrate-ds "is not a POSIX user" Message-ID: Hello! I'm working on trying to migrate users into FreeIPA 3.1.5 (Fedora 18) from DS389 (CentOS 6) 1.2.2. I've enabled migration on DS389 and I'm attempting to migrate a subset of people using: ipa migrate-ds --user-container="ou=Systems & Networking,ou=Personnel,dc=plu,dc=edu" --ignore* ldap://LDAP-SERVER:389 The out put is: ----------- migrate-ds: ----------- Migrated: Failed user: %UID%: %UID% is not a POSIX user %UID%: %UID% is not a POSIX user %UID%: %UID% is not a POSIX user And so on. I've imported my schema into FreeIPA so that it knows my additional attributes; however, just to be safe I've also tried running the import ignoring any objectclass in use with the same output. --user-ignore-objectclass=pluEduPerson,mailRecipient,eduPerson,posixAccount,inetOrgPerson,organizationalPerson I've added the posixAccount object class to a handful of accounts in question on my DS389 side to be sure that was not an issue either and that gives me the same result. I'm sure this is something simple that I'm missing, any suggestions would be appreciated. Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Wed Jun 19 20:42:24 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 19 Jun 2013 16:42:24 -0400 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <1657998.iYQoQi8vAQ@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <51C153AE.4040708@redhat.com> <1657998.iYQoQi8vAQ@hosanna> Message-ID: <51C217B0.4040708@redhat.com> Joshua J. Kugler wrote: > Thank you so much! A few questions below. > > On Wednesday, June 19, 2013 08:46:06 Martin Kosek wrote: >> This is the migration plan that should work: >> >> 0) We have IPA server(s) of aging version (2.0 in your case) >> >> 1) On one of your servers, create a replica (ipa-replica-prepare) and copy >> the replica file to the new server/VM which will host the updated IPA >> version >> >> 2) You install the up-to-date FreeIPA server (ipa-replica-install). It >> should have all the services as the original server had, i.e. >> - if original server had CA installed (it probably did), you will also add >> "--setup-ca" option >> - if original server had DNS installed , you will also add "--setup-dns" >> option > > - Am I correct in understanding that the replica file won't inform the replica > which services to create? By default it configures Apache, 389-ds and Kerberos and some things used by IPA. DNS, NTP and a CA are optional. > - We do have DNS running on our IPA nodes, but it is not controlled by IPA. I > assume I don't setup DNS in that case. Right. > >> The new server should now have all the capability of the aging servers + it >> will have features introduced in the new version. >> >> 4) (Optional but recommended) If the installation went well and you are >> satisfied with the new server and plan to migrate, you may also spin off >> some replicas from it just to keep the redundancy in case this server break >> in any way. >> >> 5) If the new server was properly installed, you stop all the old IPA >> servers: # ipactl stop >> - this step is important, this will prevent loosing data in case the new >> server misses something and let you test the new server >> >> 6) On your client(s), you verify that they continue to function as before. >> If you use DNS with IPA, this should be easy as they should fallback to the >> new IPA servers automatically simply by reading new server address from DNS >> SRV records. If you do not use automatic DNS discovery and you use a fixed >> list of servers, you would have to update these lists in >> /etc/sssd/sssd.conf and /etc/krb5.conf and other configuration files you >> used. > > IPA doesn't control DNS, but I think we may use DNS auto discovery. We have > this in our DNS records: > > ; DNS-discovery service entries > _kerberos IN TXT LAB.WHAMCLOUD.COM > ; name prio weight port target > _kerberos._udp IN SRV 10 0 88 ipa0 > _kerberos-master._udp IN SRV 0 0 88 ipa0 > _kerberos-adm._tcp IN SRV 0 0 749 ipa0 > _kpasswd._udp IN SRV 0 0 464 ipa0 > _ldap._tcp IN SRV 10 0 389 ipa0 > > If I add another set of records, but using ipa_new (for example), will the > sssd clients be able to see both servers? Yes. It is just an extra task to remember to update the SRV records whenever you add or remove IPA servers. > >> 7) When you verify that clients keep functioning properly, you remove the >> old IPA servers, i.e: >> - log in to the new ipa server and delete the old servers >> $ ipa-replica-manage list >> $ ipa-replica-manage del old.ipa.server.fqdn >> >> 8) You can now uninstall old IPA servers (ipa-server-install --uninstall) or >> discard their VMs/machines >> >> 9) You successfully migrated! > > What are some good tests to run against the replica? The basic ones like ipa > user-find, listing groups, listing automounts, etc? How do I make sure my test > queries are going against the new IPA server instead of the old one? For the > ipa commands is there a way (similar to dig's @) to direct a query against a > specific IPA server? ipa -e xmlrpc_uri=https://otherserver.example.com/ipa/xml user-show admin A server configures the client on itself to talk to itself, so if you do the tests on the replica itself you can be assured it is local data. I'd exercise both the IPA framework (user-show, etc) and nss in general, getent passwd admin, id somebody, test logins, etc. Testing sudo, automount, Kerberos, etc is probably wise too. Password changes as well. >> Please note that this procedure works only if your FreeIPA basic settings >> (like REALM) stays intact. > > Nope, everything is staying the same. > >> Any comments? Does this procedure make sense to you? > > It does make sense. Thank you so much for walking me through this. I'll let > you know if I hit any glitches. > > j > From deanhunter at comcast.net Wed Jun 19 21:34:56 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Wed, 19 Jun 2013 16:34:56 -0500 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <51C1F1B7.4010601@redhat.com> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> <20130619124255.GG5923@hendrix.brq.redhat.com> <20130619175521.GJ5923@hendrix.brq.redhat.com> <51C1F1B7.4010601@redhat.com> Message-ID: <1371677696.1683.33.camel@developer.hunter.org> On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote: > https://fedorahosted.org/freeipa/ticket/3733 > > I guess I'd check the system logs to see if /home/local was attempted to > be mounted at all. Does it exist on the NFS server? > > I find running automount in foreground mode with debugging to be very > useful in tracking down these issues. > > rob > Yes, /home/local exists on the NFS server. And I can mount it manually. I am suspicious that "sec=krb5p" is not valid with a user that is not authenticated by IPA. But I do not know how to configure an alternative for locally authenticated users. I am about to try the suggestions from Brian Cook and Elijah Elliott. [root at host ~]# ipa automountlocation-tofiles VM /etc/auto.master: /- /etc/auto.direct /home /etc/auto.home --------------------------- /etc/auto.direct: /mnt/Shared -fstype=nfs4,sec=krb5p host.hunter.org:/srv/nfs/Shared --------------------------- /etc/auto.home: * -fstype=nfs4,sec=krb5p host.hunter.org:/srv/nfs/home/& maps not connected to /etc/auto.master: [root at host ~]# cat /etc/exports # The file /etc/exports contains a table of local physical file systems # on an NFS server that are accessible to NFS clients. The contents of # the file are maintained by the server's system administrator. # # Each file system in this table has a list of options and an access con- # trol list. The table is used by exportfs(8) to give information to # mountd(8). # # Local File System Options Access Control List #------------------ ------------------------------ -------------------- /srv/nfs/home -rw,sec=krb5p:krb5i:sys *.hunter.org /srv/nfs/ISO -ro,sec=sys *.hunter.org /srv/nfs/Shared -rw,sec=krb5p:krb5i:sys *.hunter.org [root at host ~]# Please advise which system logs you would check as none of the ones I can find show any indication of a problem. And can you give me a pointer to documentation on how to run "automount in foreground mode with debugging"? -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua at azariah.com Wed Jun 19 21:47:13 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Wed, 19 Jun 2013 13:47:13 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C217B0.4040708@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <1657998.iYQoQi8vAQ@hosanna> <51C217B0.4040708@redhat.com> Message-ID: <1668067.IN8s9Ju0xR@hosanna> So, first roadblock encountered. One of the reasons we're migrating off of this machine (besides the fact that it is OLD) is that root CA cert has expired (the one used by Tomcat), and so far I haven't found any documentation on renewing it. Well that presents a problem (see attached). It can't create a cert for the replica, because the root CA cert is expired. :) Can someone point me to docs that outline the step for renewing the root CA cert? I would be most grateful. j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -------------- next part -------------- # ipa-replica-prepare ipan.lab.whamcloud.com Directory Manager (existing master) password: Preparing replica for ipan.lab.whamcloud.com from ipa0.lab.whamcloud.com Creating SSL certificate for the Directory Server ipa: INFO: sslget 'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient' ipa: ERROR: cert validation failed for "CN=ipa0.lab.whamcloud.com,O=LAB.WHAMCLOUD.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.) preparation of replica failed: cannot connect to 'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired. cannot connect to 'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired. File "/usr/sbin/ipa-replica-prepare", line 438, in main() File "/usr/sbin/ipa-replica-prepare", line 336, in main export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base) File "/usr/sbin/ipa-replica-prepare", line 135, in export_certdb raise e From joshua at azariah.com Thu Jun 20 00:04:04 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Wed, 19 Jun 2013 16:04:04 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C217B0.4040708@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <1657998.iYQoQi8vAQ@hosanna> <51C217B0.4040708@redhat.com> Message-ID: <2963993.PBHqpzGtom@hosanna> Hit more glitches. As to the expired CA cert, I set the clock back, then ran ipa-replica-prepare. That got me the bundle. Took that to the new one. Tried running ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg But that gave me: > Connection from replica to master is OK. > Start listening on required ports for remote master check > Get credentials to log in to remote master > admin at LAB.WHAMCLOUD.COM password: > > Cannot acquire Kerberos ticket: kinit: Cannot read password while getting > initial credentials > > Connection check failed! > Please fix your network settings according to error messages above. > If the check results are not valid it can be skipped with --skip-conncheck > parameter. I know the admin password is correct, as I just reset it. Is the connection check really failing, or is the ipa-install-replica script not passing the password to the kerberos client? Next, I tried: ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg -- skip-conncheck But I just got: ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on the remote master is operational. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. LDAP error: PROTOCOL_ERROR unsupported extended operation Siiiigh...I'm about to give up and just bring up a new system and tell everyone their passwords got reset. :( Ideas? j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From joshua at azariah.com Thu Jun 20 00:34:31 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Wed, 19 Jun 2013 16:34:31 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <2963993.PBHqpzGtom@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <51C217B0.4040708@redhat.com> <2963993.PBHqpzGtom@hosanna> Message-ID: <16138898.xjPubYr8y4@hosanna> OK, getting further. Turns out the admin password wasn't really reset when I thought it was reset. So, this command: ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg produces a bunch of encouraging output until it hits this: Check SSH connection to remote master Execute check on remote master Remote master check failed with following error message(s): bash: /usr/sbin/ipa-replica-conncheck: No such file or directory Connection check failed! Please fix your network settings according to error messages above. If the check results are not valid it can be skipped with --skip-conncheck parameter. HUH? # ls -l /usr/sbin/ipa-replica-conncheck -rwxr-xr-x 1 root root 17129 Jun 3 03:40 /usr/sbin/ipa-replica-conncheck It can't find a file that ls can find? :) This is Fedora 18, and the IPA packages therein. Any ideas? j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From loris at lgs.com.ve Thu Jun 20 00:59:39 2013 From: loris at lgs.com.ve (Loris Santamaria) Date: Wed, 19 Jun 2013 20:29:39 -0430 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <16138898.xjPubYr8y4@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <51C217B0.4040708@redhat.com> <2963993.PBHqpzGtom@hosanna> <16138898.xjPubYr8y4@hosanna> Message-ID: <1371689979.2099.45.camel@toron.pzo.lgs.com.ve> El mi?, 19-06-2013 a las 16:34 -0800, Joshua J. Kugler escribi?: [...] > Remote master check failed with following error message(s): > bash: /usr/sbin/ipa-replica-conncheck: No such file or directory > > Connection check failed! > Please fix your network settings according to error messages above. > If the check results are not valid it can be skipped with --skip-conncheck > parameter. > > HUH? > > # ls -l /usr/sbin/ipa-replica-conncheck > -rwxr-xr-x 1 root root 17129 Jun 3 03:40 /usr/sbin/ipa-replica-conncheck > > It can't find a file that ls can find? :) This is Fedora 18, and the IPA > packages therein. Any ideas? It probably doesn't exists on the remote (ipa 2.0) server. > j > > -- Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve ------------------------------------------------------------ "If I'd asked my customers what they wanted, they'd have said a faster horse" - Henry Ford -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6173 bytes Desc: not available URL: From joshua at azariah.com Thu Jun 20 01:09:09 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Wed, 19 Jun 2013 17:09:09 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <16138898.xjPubYr8y4@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <2963993.PBHqpzGtom@hosanna> <16138898.xjPubYr8y4@hosanna> Message-ID: <1551319.LsppMAaR0q@hosanna> On Wednesday, June 19, 2013 16:34:31 Joshua J. Kugler wrote: > Check SSH connection to remote master > Execute check on remote master > > Remote master check failed with following error message(s): > bash: /usr/sbin/ipa-replica-conncheck: No such file or directory > > Connection check failed! > Please fix your network settings according to error messages above. > If the check results are not valid it can be skipped with --skip-conncheck > parameter. OK, so it didn't click that it was trying to run ipa-replica-conncheck on the other machine, and that the error message was on the other machine. But, skipping the connection check, I'm still getting this: # ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg -- skip-conncheck Directory Manager (existing master) password: ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on the remote master is operational. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. LDAP error: PROTOCOL_ERROR unsupported extended operation I even brought over /etc/ipa/ca.crt file and did this: export LDAPTLS_CACERT=/etc/ipa/ca.crt; ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg --skip-conncheck Same error message. I'm lost. Help? j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From deanhunter at comcast.net Thu Jun 20 03:07:16 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Wed, 19 Jun 2013 22:07:16 -0500 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <1371677696.1683.33.camel@developer.hunter.org> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> <20130619124255.GG5923@hendrix.brq.redhat.com> <20130619175521.GJ5923@hendrix.brq.redhat.com> <51C1F1B7.4010601@redhat.com> <1371677696.1683.33.camel@developer.hunter.org> Message-ID: <1371697636.1683.43.camel@developer.hunter.org> Thanks to all for the suggestions. Adding a "local" key to "/etc/auto.home" resolved the problem: [root at host ~]# ipa automountlocation-tofiles VM /etc/auto.master: /- /etc/auto.direct /home /etc/auto.home --------------------------- /etc/auto.direct: /mnt/Shared -fstype=nfs4,sec=krb5p host.hunter.org:/srv/nfs/Shared --------------------------- /etc/auto.home: * -fstype=nfs4,sec=krb5p host.hunter.org:/srv/nfs/home/& local -fstype=nfs4,sec=sys host.hunter.org:/srv/nfs/home/local maps not connected to /etc/auto.master: [root at host ~]# The only thing that would be better is if "local" did not auto-mount at all. -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at karasik.org Thu Jun 20 07:34:13 2013 From: linux at karasik.org (Vitaly) Date: Thu, 20 Jun 2013 10:34:13 +0300 Subject: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem In-Reply-To: <51C1E02F.9020406@redhat.com> References: <51C1E02F.9020406@redhat.com> Message-ID: >Is KDC resolvable from the client? yes, there is DNS resolving for "serv02.prod.example.com" on client. >Do you have an AD DNS that might be actually serving records? no, I don't AD DNS for prod.example.com >What version of the client and what OS are you using? On the client: ipa-client-2.0-10.el5_6.1 Red Hat Enterprise Linux Server release 5.6 (Tikanga) On IPA server : ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-1.5.1-66.el6_2.3.x86_64 libipa_hbac-python-1.5.1-66.el6_2.3.x86_64 ipa-python-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 ipa-admintools-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 Red Hat Enterprise Linux Server release 6.2 (Santiago) Thank you, Vitaly On Wed, Jun 19, 2013 at 7:45 PM, Dmitri Pal wrote: > On 06/19/2013 10:32 AM, Vitaly wrote: > > > ipa-client-install fails with "Cannot resolve network address for KDC" > message. > I don't have SRV records, but I provide IPA server name via "--server" > param. > any ideas? > > TIA, > Vitaly > > 2013-06-19 13:58:39,113 DEBUG Loading Index file from > '/var/lib/ipa-client/sysrestore/sysrestore.index' > 2013-06-19 13:58:39,113 DEBUG [ipacheckldap] > 2013-06-19 13:58:39,113 DEBUG Init ldap with: > ldap://serv02.prod.example.com:389 > 2013-06-19 13:58:39,193 DEBUG Search rootdse > 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in > dc=prod,dc=example,dc=com(base) > 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', > {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', > 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': > ['prod.example.com'], 'dc': ['prod'], 'nisDomain': ['prod.example.com']})] > 2013-06-19 13:58:39,272 DEBUG Search for (objectClass=krbRealmContainer) in > dc=prod,dc=example,dc=com(sub) > 2013-06-19 13:58:39,313 DEBUG Found: > [('cn=PROD.EXAMPLE.COM,cn=kerberos,dc=prod,dc=example,dc=com', > {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': ['PROD.EXAMPLE.COM'], > 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', > 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', > 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], > 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', > 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', > 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', > 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', > 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], > 'krbMaxRenewableAge': ['604800']})] > 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit > vm4.stage.example.com at PROD.EXAMPLE.COM > 2013-06-19 13:58:52,032 INFO stdout= > 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network > address for KDC in realm PROD.EXAMPLE.COM while getting initial credentials > > 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy > 2013-06-19 13:58:52,065 INFO stdout= > 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache found > while destroying cache > ~ > ~ > ~ > ~ > ~ > ~ > ~ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Is KDC resolvable from the client? > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From elijah.elliott at moser-inc.com Thu Jun 20 03:37:32 2013 From: elijah.elliott at moser-inc.com (Elijah Elliott) Date: Thu, 20 Jun 2013 03:37:32 +0000 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <1371697636.1683.43.camel@developer.hunter.org> Message-ID: Just move the home directory out of /home if you don't want it auto mounted at all. # usermod -m -d /export/home/local local That will move it out of /home and copy the contents to the new location of /export/home. Since /export/home isn't in the auto.home map it will skip auto mounting. Or if the user is an IPA user its: # ipa-moduser -directory=/export/home/local local -Eli From: Dean Hunter > Date: Wednesday, June 19, 2013 11:07 PM To: "freeipa-users at redhat.com" > Subject: Re: [Freeipa-users] Auto-Mount Home Directory for Local Users? Resent-From: > Thanks to all for the suggestions. Adding a "local" key to "/etc/auto.home" resolved the problem: [root at host ~]# ipa automountlocation-tofiles VM /etc/auto.master: /- /etc/auto.direct /home /etc/auto.home --------------------------- /etc/auto.direct: /mnt/Shared -fstype=nfs4,sec=krb5p host.hunter.org:/srv/nfs/Shared --------------------------- /etc/auto.home: * -fstype=nfs4,sec=krb5p host.hunter.org:/srv/nfs/home/& local -fstype=nfs4,sec=sys host.hunter.org:/srv/nfs/home/local maps not connected to /etc/auto.master: [root at host ~]# The only thing that would be better is if "local" did not auto-mount at all. -------------- next part -------------- An HTML attachment was scrubbed... URL: From leah_zimmermann at web.de Thu Jun 20 14:04:06 2013 From: leah_zimmermann at web.de (Leah Zimmermann) Date: Thu, 20 Jun 2013 16:04:06 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <20130619130119.GL27655@localhost.localdomain> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> <20130613071814.GF4317@localhost.localdomain> <51B9B1CA.7090209@web.de> <20130614070853.GO4317@localhost.localdomain> <51BFF762.2020900@web.de> <20130619130119.GL27655@localhost.localdomain> Message-ID: <51C30BD6.1010203@web.de> On 06/19/2013 03:01 PM, Sumit Bose wrote: > On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote: >> On 06/14/2013 09:08 AM, Sumit Bose wrote: >>> On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote: >>>> Hello Sumit, >>>> Hello List Members, >>>> >>>> Am 13.06.2013 09:18, schrieb Sumit Bose: >>>>> On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: >>>>>> Am 12.06.2013 12:03, schrieb Sumit Bose: >>>>>>> On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: >>>>>>>> Dear List Members, >>>>>>>> >>>>>>>> I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted >>>>>>>> relationship to an AD-Domain. >>>>>>>> The users of the AD-Domain can login via ssh- or console-login. Then >>>>>>>> they can start the gnome desktop manually. But if they login via gdm >>>>>>>> they logged out immediatly. >>>>>>> Which name style are you using 'AD_NETBIOS\username' or >>>>>>> 'username at AD_DOMAIN' ? If you only tried one can you try the other? >>>>>> until now I tried only 'username at AD_DOMAIN', but >>>>>> 'AD_NETBIOS\username' does not work as well. >>>>>>> If this does not help, please send the relevant section of >>>>>>> /var/Log/secure and the sssd logs with a high debug level. >>>>>>> >>>>>>> >>>>>> As far as I can see, both styles causing the same results. >>>>>> >>>>>> Jun 12 13:27:56 ipa_hostname pam: gdm-password: >>>>>> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >>>>>> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >>>>>> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >>>>>> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >>>>>> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >>>>>> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >>>>>> pam_unix(gdm-password:session): session opened for user >>>>>> leah at AD_DOMAIN by (uid=0) >>>>>> Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered >>>>>> Authentication Agent for session >>>>>> /org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, >>>>>> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >>>>>> de_DE.UTF-8) (disconnected from bus) >>>>>> Jun 12 13:27:58 ipa_hostname pam: gdm-password: >>>>>> pam_unix(gdm-password:session): session closed for user >>>>>> leah at AD_DOMAIN >>>>>> Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered >>>>>> Authentication Agent for session >>>>>> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 >>>>>> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >>>>>> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >>>>>> >>>>>> >>>>>> Jun 12 13:32:56 ipa_hostname pam: gdm-password: >>>>>> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >>>>>> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >>>>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>>>> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >>>>>> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >>>>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>>>> pam_unix(gdm-password:session): session opened for user >>>>>> AD_NETBIOS\leah by (uid=0) >>>>>> Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered >>>>>> Authentication Agent for session >>>>>> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, >>>>>> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >>>>>> de_DE.UTF-8) (disconnected from bus) >>>>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>>>> pam_unix(gdm-password:session): session closed for user >>>>>> AD_NETBIOS\leah >>>>>> Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered >>>>>> Authentication Agent for session >>>>>> /org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 >>>>>> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >>>>>> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >>>>>> >>>>>> May be the Unregistered Authentication Agent is the problem. But >>>>>> what I have missed to do? >>>>> Do you have SELinux enabled? Can you check if there any audit messages >>>>> with DELinux denials? Can you check if the SELinux context of the users >>>>> home directory is right? >>>> SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux. >>>> I did that already, for eleminating this as the source of difficulties. >>>> I'm sorry. May be, I should have mentioned this earlier. >>>> >>>> If I set it to permissive mode I get >>>> >>>> drwxr-xr-x. leah at ad_domain leah at ad_domain >>>> unconfined_u:object_r:user_home_t:s0 leah >>>> drwxr-xr-x. user_xy at ad_domain user_xy at ad_domain >>>> unconfined_u:object_r:user_home_t:s0 user_xy >>>> ... >>>> >>>> All home directories of AD-Users looks like this. >>> The labels look good. Since this issue seems to be happen during the >>> open-session PAM step I'm quite confident that it is not related to >>> FreeIPA or SSSD, because they do not handle open-session. Do the log >>> files in /var/log/gdm contain any other information? Can you send your >>> gdm-passwd PAM configuration file and all include ones (password-auth) >>> to see if there is anything odd? >> ok, here are the files. Hopefully I haven't missed shomething. I cut >> out only the lines, which are appearing as soon as i logged in. The >> complete logs are really huge. >> > The PAM config looks ok and I didn't found anything obvious in the > logs, maybe except the odd looking message in :0-greeter.log. But I > think they are not critical. > > Have you tried if a gdm login with an IPA user is working on this > client? Yes. IPA users are not facing any problems to login via gdm. Login on text console and via ssh works for all users. After logged in via text console, even AD users can start X server, manually. But thats not really an option for us, because many users work on a terminal via XDMCP. Thanks Leah > bye, > Sumit > >> ########### >> /var/log/gdm/\:0-greeter.log: >> >> Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW >> message with a timestamp of 0 for 0x1c0002b (Login Wind) >> Window manager warning: meta_window_activate called by a pager with >> a 0 timestamp; the pager needs to be fixed. >> Window manager warning: CurrentTime used to choose focus window; >> focus window may not be correct. >> Window manager warning: Got a request to focus the no_focus_window >> with a timestamp of 0. This shouldn't happen! >> >> >> ########### >> /var/log/gdm/\:0-slave.log is empty >> >> Thanks >> >> Leah >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From deanhunter at comcast.net Thu Jun 20 17:36:16 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Thu, 20 Jun 2013 12:36:16 -0500 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <51C1F1B7.4010601@redhat.com> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> <20130619124255.GG5923@hendrix.brq.redhat.com> <20130619175521.GJ5923@hendrix.brq.redhat.com> <51C1F1B7.4010601@redhat.com> Message-ID: <1371749776.1683.54.camel@developer.hunter.org> On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote: > Jakub Hrozek wrote: > > On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote: > >> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: > >>> Thank you for your response. As you suggested I > >>> checked /etc/nsswitch.conf. ipa-client-automount left the line looking > >>> like: > >>> > >>> automount: sss files > >> > >> If it did, then I would consider it to be ipa-client-automount, I think > > ^^^^^^^^^^^^^^ > > "to be ipa-client-automount *bug*". Sorry for the typo > > https://fedorahosted.org/freeipa/ticket/3733 > > I guess I'd check the system logs to see if /home/local was attempted to > be mounted at all. Does it exist on the NFS server? > > I find running automount in foreground mode with debugging to be very > useful in tracking down these issues. > > rob > Which services need to be restarted after correcting the automount entry in /etc/nsswitch.conf? -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhrozek at redhat.com Thu Jun 20 19:37:59 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Thu, 20 Jun 2013 21:37:59 +0200 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <1371749776.1683.54.camel@developer.hunter.org> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> <20130619124255.GG5923@hendrix.brq.redhat.com> <20130619175521.GJ5923@hendrix.brq.redhat.com> <51C1F1B7.4010601@redhat.com> <1371749776.1683.54.camel@developer.hunter.org> Message-ID: <20130620193759.GK15195@hendrix.brq.redhat.com> On Thu, Jun 20, 2013 at 12:36:16PM -0500, Dean Hunter wrote: > On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote: > > > Jakub Hrozek wrote: > > > On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote: > > >> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: > > >>> Thank you for your response. As you suggested I > > >>> checked /etc/nsswitch.conf. ipa-client-automount left the line looking > > >>> like: > > >>> > > >>> automount: sss files > > >> > > >> If it did, then I would consider it to be ipa-client-automount, I think > > > ^^^^^^^^^^^^^^ > > > "to be ipa-client-automount *bug*". Sorry for the typo > > > > https://fedorahosted.org/freeipa/ticket/3733 > > > > I guess I'd check the system logs to see if /home/local was attempted to > > be mounted at all. Does it exist on the NFS server? > > > > I find running automount in foreground mode with debugging to be very > > useful in tracking down these issues. > > > > rob > > > > Which services need to be restarted after correcting the automount entry > in /etc/nsswitch.conf? > Primarily automounter. You can restart SSSD as well before you restart automounter to make sure SSSD is contacted for the right data from the right map. From ovalousek at vendavo.com Thu Jun 20 19:42:11 2013 From: ovalousek at vendavo.com (Ondrej Valousek) Date: Thu, 20 Jun 2013 19:42:11 +0000 Subject: [Freeipa-users] Auto-Mount Home Directory for Local Users? In-Reply-To: <1371749776.1683.54.camel@developer.hunter.org> References: <1371575529.1683.8.camel@developer.hunter.org> <1371599345.1683.15.camel@developer.hunter.org> <20130619124255.GG5923@hendrix.brq.redhat.com> <20130619175521.GJ5923@hendrix.brq.redhat.com> <51C1F1B7.4010601@redhat.com>, <1371749776.1683.54.camel@developer.hunter.org> Message-ID: <6px1pt7ovg9kg5nyn3f3fgws.1371757328784@email.android.com> Only automounter... Odesl?no ze Samsung Mobile -------- P?vodn? zpr?va -------- Od: Dean Hunter Datum: Komu: Rob Crittenden Kopie: freeipa-users at redhat.com P?edm?t: Re: [Freeipa-users] Auto-Mount Home Directory for Local Users? On Wed, 2013-06-19 at 14:00 -0400, Rob Crittenden wrote: Jakub Hrozek wrote: > On Wed, Jun 19, 2013 at 02:42:55PM +0200, Jakub Hrozek wrote: >> On Tue, Jun 18, 2013 at 06:49:05PM -0500, Dean Hunter wrote: >>> Thank you for your response. As you suggested I >>> checked /etc/nsswitch.conf. ipa-client-automount left the line looking >>> like: >>> >>> automount: sss files >> >> If it did, then I would consider it to be ipa-client-automount, I think > ^^^^^^^^^^^^^^ > "to be ipa-client-automount *bug*". Sorry for the typo https://fedorahosted.org/freeipa/ticket/3733 I guess I'd check the system logs to see if /home/local was attempted to be mounted at all. Does it exist on the NFS server? I find running automount in foreground mode with debugging to be very useful in tracking down these issues. rob Which services need to be restarted after correcting the automount entry in /etc/nsswitch.conf? -------------- next part -------------- An HTML attachment was scrubbed... URL: From bdwheele at indiana.edu Thu Jun 20 21:35:14 2013 From: bdwheele at indiana.edu (Brian Wheeler) Date: Thu, 20 Jun 2013 17:35:14 -0400 Subject: [Freeipa-users] possible to use a different kerberos server for some users? Message-ID: <51C37592.2020704@indiana.edu> Hello! So here's the situation I'm in. The university has its AD domain locked down pretty tight -- getting a trust is out of the question, creating new users isn't allowed, and they seem to have no interest in supporting linux management. I'd like to be able to leverage the AD kerberos server but manage users locally. So here's what I'm thinking about doing: putting my site users/groups and copies of the relevant AD users into IPA. The site users would have UIDs > 1 billion and the users from AD would have whatever unixuid attribute they have (only the uid is stored in AD -- they didn't do a full posix setup). The IDs will not conflict with each other, so I'm set there. I'd have two entries in sssd.conf: one entry would have a min/max id matching the AD users and the other would be 1 billion+ to match the local users/groups. The AD range would use the university's AD kerberos for authentication and IPA for everything else. The other would use IPA normally. I was able to get this working successfully when setting up 389 manually by using two nearly identical configs in sssd and making the AD one resolve first, but I can't seem to figure out the magic chant for making it work with IPA. So, is something like this even possible? Is there a better way to be able to use IPA and stay out of the password business for the real users of my system? If it comes down to it, I'll manually set up 389 and do it the way I prototyped it, but I'd really like to have something resembling a "standard" build. This is all on RHEL6. If a newer version of IPA is required I'd be ok with installing it. Brian From andrew at wasielewski.co.uk Thu Jun 20 21:32:05 2013 From: andrew at wasielewski.co.uk (Andrew Wasielewski) Date: Thu, 20 Jun 2013 22:32:05 +0100 Subject: [Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified." Message-ID: <1536903.RS2MtDNbk7@localhost.localdomain> Hello everyone, I am trying to install FreeIPA 2.2.2 on Fedora 17 (kernel 3.8.13-100.fc17.x86_64). Each time it fails in step 2/17 of "Configuring certificate server". The relevant portion of the log is appended below. It looks like the specific cause of the error is "Required parameter -client_token_name is not specified." I can't find anything on Google relating to this exact string so am requesting help here. All necessary package installs, DNS config etc. have been done, so there are no error messages during the info gathering part of the script. There has been no previous installation of Kerberos or any CA software. I did do some work with OpenLDAP to set up a user management directory - before I found out about FreeIPA - but that used slapd which is now disabled to avoid conflict with 389 Directory Server. Any advice much appreciated. Regards, Andrew 2013-06-20T21:12:27Z DEBUG stderr= 2013-06-20T21:12:27Z DEBUG duration: 0 seconds 2013-06-20T21:12:27Z DEBUG done configuring pkids. 2013-06-20T21:12:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2013-06-20T21:12:27Z DEBUG Configuring certificate server: Estimated time 3 minutes 30 seconds 2013-06-20T21:12:27Z DEBUG [1/17]: creating certificate server user 2013-06-20T21:12:27Z DEBUG ca user pkiuser exists 2013-06-20T21:12:27Z DEBUG duration: 0 seconds 2013-06-20T21:12:27Z DEBUG [2/17]: configuring certificate server instance 2013-06-20T21:12:27Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname server.wasielewski.co.uk -cs_port 9445 -client_certdb_dir /tmp/tmp-YYL2Te -client_certdb_pwd XXXXXXXX -preop_pin 1JbX3OUn0 TgehavAiRWv -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa- ca-agent,O=WASIELEWSKI.CO.UK -ldap_host server.wasielewski.co.uk -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WASIELEWSKI.CO.UK -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=WASIELEWSKI.CO.UK -ca_server_cert_subject_name CN=server.wasielewski.co.uk,O=WASIELEWSKI.CO.UK -ca_audit_signing_cert_subject_name CN=CA Audit,O=WASIELEWSKI.CO.UK -ca_sign_cert_subject_name CN=Certificate Authority,O=WASIELEWSKI.CO.UK -external false -clone false 2013-06-20T21:12:27Z DEBUG stdout=libpath=/usr/lib64 ####################################################################### Required parameter -client_token_name is not specified. Use -help for help information ####################################################################### 2013-06-20T21:12:27Z DEBUG stderr= 2013-06-20T21:12:27Z CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname server.wasielewski.co.uk -cs_port 9445 -client_certdb_dir /tmp/tmp-YYL2Te -client_certdb_pwd XXXXXXXX -preop_pin 1JbX3OUn0TgehavAiRWv -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=WASIELEWSKI.CO.UK -ldap_host server.wasielewski.co.uk -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WASIELEWSKI.CO.UK -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=WASIELEWSKI.CO.UK -ca_server_cert_subject_name CN=server.wasielewski.co.uk,O=WASIELEWSKI.CO.UK -ca_audit_signing_cert_subject_name CN=CA Audit,O=WASIELEWSKI.CO.UK -ca_sign_cert_subject_name CN=Certificate Authority,O=WASIELEWSKI.CO.UK -external false -clone false' returned non-zero exit status 255 2013-06-20T21:12:27Z DEBUG Configuration of CA failed File "/usr/sbin/ipa-server-install", line 1100, in rval = main() File "/usr/sbin/ipa-server-install", line 888, in main subject_base=options.subject) File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 531, in configure_instance self.start_creation("Configuring certificate server", 210) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 257, in start_creation method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 667, in __configure_instance raise RuntimeError('Configuration of CA failed') -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Jun 20 21:39:30 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 20 Jun 2013 17:39:30 -0400 Subject: [Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified." In-Reply-To: <1536903.RS2MtDNbk7@localhost.localdomain> References: <1536903.RS2MtDNbk7@localhost.localdomain> Message-ID: <51C37692.6010105@redhat.com> Andrew Wasielewski wrote: > Hello everyone, > > I am trying to install FreeIPA 2.2.2 on Fedora 17 (kernel > 3.8.13-100.fc17.x86_64). Each time it fails in step 2/17 of "Configuring > certificate server". The relevant portion of the log is appended below. > It looks like the specific cause of the error is "Required parameter > -client_token_name is not specified." I can't find anything on Google > relating to this exact string so am requesting help here. > > All necessary package installs, DNS config etc. have been done, so there > are no error messages during the info gathering part of the script. > There has been no previous installation of Kerberos or any CA software. > I did do some work with OpenLDAP to set up a user management directory - > before I found out about FreeIPA - but that used slapd which is now > disabled to avoid conflict with 389 Directory Server. > > Any advice much appreciated. I sure seems like the IPA installer isn't passing an option to the CA. What version of pki-ca do you have installed? rob From joshua at azariah.com Fri Jun 21 00:11:52 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Thu, 20 Jun 2013 16:11:52 -0800 Subject: [Freeipa-users] Trying to renew the CA cert, but NEWLY_ADDED_NEED_KEYINFO_READ_PIN Message-ID: <2877222.Xd1CSY2l0X@hosanna> So, ongoing saga of a FreeIPA 2.x system with an expired cert for the CA server: ca-error: Server failed request, will retry: 907 (RPC failed at server. cannot connect to 'https://ipa0.lab.whamcloud.com:9443/ca/agent/ca/displayBySerial': [Errno -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.). Figured out that it uses the certs in /var/lib/pki-ca/alias. Per https://docs.fedoraproject.org/en%2dUS/Fedora/15/html/FreeIPA_Guide/certmonger%2dtracking%2dcerts.html I tried adding it to cert monger: # ipa-getcert start-tracking -I CAServerCert -d /var/lib/pki-ca/alias/ -n Server-Cert -r New tracking request "CAServerCert" added. But ipa-getcert list now tells me: Request ID 'CAServerCert': status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN stuck: yes key pair storage: type=NSSDB,location='/var/lib/pki- ca/alias',nickname='Server-Cert' certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server- Cert' CA: IPA issuer: subject: expires: unknown track: yes auto-renew: yes Okie dokie...where might I be able to find the PIN for the cert? I see that the certs for httpd and slapd have a path to a pinfile, but I can't find anything like that for the CA cert. I'm quite stuck. This expired cert, I'm pretty sure, is what is preventing me from using this machine to migrate to a new 3.0 machine (via replication). Any ideas how to get the CA cert renewed? I know how to generate a CSR and a cert, but I'm not sure 1) how I would add it into the cert DB, and 2) how I can add it without invalidating all my other certs. Any help would be fantastic! j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From sbose at redhat.com Fri Jun 21 07:12:13 2013 From: sbose at redhat.com (Sumit Bose) Date: Fri, 21 Jun 2013 09:12:13 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <51C30BD6.1010203@web.de> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> <20130613071814.GF4317@localhost.localdomain> <51B9B1CA.7090209@web.de> <20130614070853.GO4317@localhost.localdomain> <51BFF762.2020900@web.de> <20130619130119.GL27655@localhost.localdomain> <51C30BD6.1010203@web.de> Message-ID: <20130621071212.GP27655@localhost.localdomain> On Thu, Jun 20, 2013 at 04:04:06PM +0200, Leah Zimmermann wrote: > On 06/19/2013 03:01 PM, Sumit Bose wrote: > >On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote: > >>On 06/14/2013 09:08 AM, Sumit Bose wrote: > >>>On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote: > >>>>Hello Sumit, > >>>>Hello List Members, > >>>> > >>>>Am 13.06.2013 09:18, schrieb Sumit Bose: > >>>>>On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: > >>>>>>Am 12.06.2013 12:03, schrieb Sumit Bose: > >>>>>>>On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: > >>>>>>>>Dear List Members, > >>>>>>>> > >>>>>>>>I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted > >>>>>>>>relationship to an AD-Domain. > >>>>>>>>The users of the AD-Domain can login via ssh- or console-login. Then > >>>>>>>>they can start the gnome desktop manually. But if they login via gdm > >>>>>>>>they logged out immediatly. > >>>>>>>Which name style are you using 'AD_NETBIOS\username' or > >>>>>>>'username at AD_DOMAIN' ? If you only tried one can you try the other? > >>>>>>until now I tried only 'username at AD_DOMAIN', but > >>>>>>'AD_NETBIOS\username' does not work as well. > >>>>>>>If this does not help, please send the relevant section of > >>>>>>>/var/Log/secure and the sssd logs with a high debug level. > >>>>>>> > >>>>>>> > >>>>>>As far as I can see, both styles causing the same results. > >>>>>> > >>>>>>Jun 12 13:27:56 ipa_hostname pam: gdm-password: > >>>>>>pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > >>>>>>euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > >>>>>>Jun 12 13:27:57 ipa_hostname pam: gdm-password: > >>>>>>pam_sss(gdm-password:auth): authentication success; logname= uid=0 > >>>>>>euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN > >>>>>>Jun 12 13:27:57 ipa_hostname pam: gdm-password: > >>>>>>pam_unix(gdm-password:session): session opened for user > >>>>>>leah at AD_DOMAIN by (uid=0) > >>>>>>Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered > >>>>>>Authentication Agent for session > >>>>>>/org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, > >>>>>>object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > >>>>>>de_DE.UTF-8) (disconnected from bus) > >>>>>>Jun 12 13:27:58 ipa_hostname pam: gdm-password: > >>>>>>pam_unix(gdm-password:session): session closed for user > >>>>>>leah at AD_DOMAIN > >>>>>>Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered > >>>>>>Authentication Agent for session > >>>>>>/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 > >>>>>>[/usr/libexec/polkit-gnome-authentication-agent-1], object path > >>>>>>/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > >>>>>> > >>>>>> > >>>>>>Jun 12 13:32:56 ipa_hostname pam: gdm-password: > >>>>>>pam_unix(gdm-password:auth): authentication failure; logname= uid=0 > >>>>>>euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > >>>>>>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>>>>>pam_sss(gdm-password:auth): authentication success; logname= uid=0 > >>>>>>euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah > >>>>>>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>>>>>pam_unix(gdm-password:session): session opened for user > >>>>>>AD_NETBIOS\leah by (uid=0) > >>>>>>Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered > >>>>>>Authentication Agent for session > >>>>>>/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, > >>>>>>object path /org/gnome/PolicyKit1/AuthenticationAgent, locale > >>>>>>de_DE.UTF-8) (disconnected from bus) > >>>>>>Jun 12 13:32:58 ipa_hostname pam: gdm-password: > >>>>>>pam_unix(gdm-password:session): session closed for user > >>>>>>AD_NETBIOS\leah > >>>>>>Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered > >>>>>>Authentication Agent for session > >>>>>>/org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 > >>>>>>[/usr/libexec/polkit-gnome-authentication-agent-1], object path > >>>>>>/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) > >>>>>> > >>>>>>May be the Unregistered Authentication Agent is the problem. But > >>>>>>what I have missed to do? > >>>>>Do you have SELinux enabled? Can you check if there any audit messages > >>>>>with DELinux denials? Can you check if the SELinux context of the users > >>>>>home directory is right? > >>>>SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux. > >>>>I did that already, for eleminating this as the source of difficulties. > >>>>I'm sorry. May be, I should have mentioned this earlier. > >>>> > >>>>If I set it to permissive mode I get > >>>> > >>>>drwxr-xr-x. leah at ad_domain leah at ad_domain > >>>>unconfined_u:object_r:user_home_t:s0 leah > >>>>drwxr-xr-x. user_xy at ad_domain user_xy at ad_domain > >>>>unconfined_u:object_r:user_home_t:s0 user_xy > >>>>... > >>>> > >>>>All home directories of AD-Users looks like this. > >>>The labels look good. Since this issue seems to be happen during the > >>>open-session PAM step I'm quite confident that it is not related to > >>>FreeIPA or SSSD, because they do not handle open-session. Do the log > >>>files in /var/log/gdm contain any other information? Can you send your > >>>gdm-passwd PAM configuration file and all include ones (password-auth) > >>>to see if there is anything odd? > >>ok, here are the files. Hopefully I haven't missed shomething. I cut > >>out only the lines, which are appearing as soon as i logged in. The > >>complete logs are really huge. > >> > >The PAM config looks ok and I didn't found anything obvious in the > >logs, maybe except the odd looking message in :0-greeter.log. But I > >think they are not critical. > > > >Have you tried if a gdm login with an IPA user is working on this > >client? > Yes. IPA users are not facing any problems to login via gdm. > Login on text console and via ssh works for all users. > After logged in via text console, even AD users can start X server, > manually. > But thats not really an option for us, because many users work on a > terminal via XDMCP. I've tried to reproduce it locally, but so far I didn't succeed. Can you send the version numbers of the gdm, sssd, and ipa packages you are using? Additionally if owuld be helpful if you can send the full sssd logs (everything in /var/log/sssd/) with a debug level of 10 or 0xFFF0 while you try to log in with gdm. bye, Sumit > > Thanks > > Leah > > > >bye, > >Sumit > > > >>########### > >>/var/log/gdm/\:0-greeter.log: > >> > >>Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW > >>message with a timestamp of 0 for 0x1c0002b (Login Wind) > >>Window manager warning: meta_window_activate called by a pager with > >>a 0 timestamp; the pager needs to be fixed. > >>Window manager warning: CurrentTime used to choose focus window; > >>focus window may not be correct. > >>Window manager warning: Got a request to focus the no_focus_window > >>with a timestamp of 0. This shouldn't happen! > >> > >> > >>########### > >>/var/log/gdm/\:0-slave.log is empty > >> > >>Thanks > >> > >>Leah > >> > >>_______________________________________________ > >>Freeipa-users mailing list > >>Freeipa-users at redhat.com > >>https://www.redhat.com/mailman/listinfo/freeipa-users > >_______________________________________________ > >Freeipa-users mailing list > >Freeipa-users at redhat.com > >https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From leah_zimmermann at web.de Fri Jun 21 09:01:45 2013 From: leah_zimmermann at web.de (Leah Zimmermann) Date: Fri, 21 Jun 2013 11:01:45 +0200 Subject: [Freeipa-users] Trusted AD Users login via gdm In-Reply-To: <20130621071212.GP27655@localhost.localdomain> References: <51B8427F.2060302@web.de> <20130612100328.GP6550@localhost.localdomain> <51B863D1.3050308@web.de> <20130613071814.GF4317@localhost.localdomain> <51B9B1CA.7090209@web.de> <20130614070853.GO4317@localhost.localdomain> <51BFF762.2020900@web.de> <20130619130119.GL27655@localhost.localdomain> <51C30BD6.1010203@web.de> <20130621071212.GP27655@localhost.localdomain> Message-ID: <51C41679.6080007@web.de> Am 21.06.2013 09:12, schrieb Sumit Bose: > On Thu, Jun 20, 2013 at 04:04:06PM +0200, Leah Zimmermann wrote: >> On 06/19/2013 03:01 PM, Sumit Bose wrote: >>> On Tue, Jun 18, 2013 at 08:00:02AM +0200, Leah Zimmermann wrote: >>>> On 06/14/2013 09:08 AM, Sumit Bose wrote: >>>>> On Thu, Jun 13, 2013 at 01:49:30PM +0200, Leah Zimmermann wrote: >>>>>> Hello Sumit, >>>>>> Hello List Members, >>>>>> >>>>>> Am 13.06.2013 09:18, schrieb Sumit Bose: >>>>>>> On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote: >>>>>>>> Am 12.06.2013 12:03, schrieb Sumit Bose: >>>>>>>>> On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: >>>>>>>>>> Dear List Members, >>>>>>>>>> >>>>>>>>>> I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted >>>>>>>>>> relationship to an AD-Domain. >>>>>>>>>> The users of the AD-Domain can login via ssh- or console-login. Then >>>>>>>>>> they can start the gnome desktop manually. But if they login via gdm >>>>>>>>>> they logged out immediatly. >>>>>>>>> Which name style are you using 'AD_NETBIOS\username' or >>>>>>>>> 'username at AD_DOMAIN' ? If you only tried one can you try the other? >>>>>>>> until now I tried only 'username at AD_DOMAIN', but >>>>>>>> 'AD_NETBIOS\username' does not work as well. >>>>>>>>> If this does not help, please send the relevant section of >>>>>>>>> /var/Log/secure and the sssd logs with a high debug level. >>>>>>>>> >>>>>>>>> >>>>>>>> As far as I can see, both styles causing the same results. >>>>>>>> >>>>>>>> Jun 12 13:27:56 ipa_hostname pam: gdm-password: >>>>>>>> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >>>>>>>> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >>>>>>>> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >>>>>>>> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >>>>>>>> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN >>>>>>>> Jun 12 13:27:57 ipa_hostname pam: gdm-password: >>>>>>>> pam_unix(gdm-password:session): session opened for user >>>>>>>> leah at AD_DOMAIN by (uid=0) >>>>>>>> Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered >>>>>>>> Authentication Agent for session >>>>>>>> /org/freedesktop/ConsoleKit/Session25 (system bus name :1.265, >>>>>>>> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >>>>>>>> de_DE.UTF-8) (disconnected from bus) >>>>>>>> Jun 12 13:27:58 ipa_hostname pam: gdm-password: >>>>>>>> pam_unix(gdm-password:session): session closed for user >>>>>>>> leah at AD_DOMAIN >>>>>>>> Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered >>>>>>>> Authentication Agent for session >>>>>>>> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275 >>>>>>>> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >>>>>>>> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >>>>>>>> >>>>>>>> >>>>>>>> Jun 12 13:32:56 ipa_hostname pam: gdm-password: >>>>>>>> pam_unix(gdm-password:auth): authentication failure; logname= uid=0 >>>>>>>> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >>>>>>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>>>>>> pam_sss(gdm-password:auth): authentication success; logname= uid=0 >>>>>>>> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah >>>>>>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>>>>>> pam_unix(gdm-password:session): session opened for user >>>>>>>> AD_NETBIOS\leah by (uid=0) >>>>>>>> Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered >>>>>>>> Authentication Agent for session >>>>>>>> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275, >>>>>>>> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale >>>>>>>> de_DE.UTF-8) (disconnected from bus) >>>>>>>> Jun 12 13:32:58 ipa_hostname pam: gdm-password: >>>>>>>> pam_unix(gdm-password:session): session closed for user >>>>>>>> AD_NETBIOS\leah >>>>>>>> Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered >>>>>>>> Authentication Agent for session >>>>>>>> /org/freedesktop/ConsoleKit/Session29 (system bus name :1.285 >>>>>>>> [/usr/libexec/polkit-gnome-authentication-agent-1], object path >>>>>>>> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) >>>>>>>> >>>>>>>> May be the Unregistered Authentication Agent is the problem. But >>>>>>>> what I have missed to do? >>>>>>> Do you have SELinux enabled? Can you check if there any audit messages >>>>>>> with DELinux denials? Can you check if the SELinux context of the users >>>>>>> home directory is right? >>>>>> SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux. >>>>>> I did that already, for eleminating this as the source of difficulties. >>>>>> I'm sorry. May be, I should have mentioned this earlier. >>>>>> >>>>>> If I set it to permissive mode I get >>>>>> >>>>>> drwxr-xr-x. leah at ad_domain leah at ad_domain >>>>>> unconfined_u:object_r:user_home_t:s0 leah >>>>>> drwxr-xr-x. user_xy at ad_domain user_xy at ad_domain >>>>>> unconfined_u:object_r:user_home_t:s0 user_xy >>>>>> ... >>>>>> >>>>>> All home directories of AD-Users looks like this. >>>>> The labels look good. Since this issue seems to be happen during the >>>>> open-session PAM step I'm quite confident that it is not related to >>>>> FreeIPA or SSSD, because they do not handle open-session. Do the log >>>>> files in /var/log/gdm contain any other information? Can you send your >>>>> gdm-passwd PAM configuration file and all include ones (password-auth) >>>>> to see if there is anything odd? >>>> ok, here are the files. Hopefully I haven't missed shomething. I cut >>>> out only the lines, which are appearing as soon as i logged in. The >>>> complete logs are really huge. >>>> >>> The PAM config looks ok and I didn't found anything obvious in the >>> logs, maybe except the odd looking message in :0-greeter.log. But I >>> think they are not critical. >>> >>> Have you tried if a gdm login with an IPA user is working on this >>> client? >> Yes. IPA users are not facing any problems to login via gdm. >> Login on text console and via ssh works for all users. >> After logged in via text console, even AD users can start X server, >> manually. >> But thats not really an option for us, because many users work on a >> terminal via XDMCP. > I've tried to reproduce it locally, but so far I didn't succeed. Can you > send the version numbers of the gdm, sssd, and ipa packages you are > using? Additionally if owuld be helpful if you can send the full sssd > logs (everything in /var/log/sssd/) with a debug level of 10 or 0xFFF0 > while you try to log in with gdm. > > bye, > Sumit Yes of course. Everything should be the freshest Package from the CentOS-Repository gdm-2.30.4-39.el6.x86_64 gdm-libs-2.30.4-39.el6.x86_64 gdm-plugin-fingerprint-2.30.4-39.el6.x86_64 gdm-user-switch-applet-2.30.4-39.el6.x86_64 ipa-admintools-3.0.0-26.el6_4.4.x86_64 ipa-client-3.0.0-26.el6_4.4.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-26.el6_4.4.x86_64 ipa-server-3.0.0-26.el6_4.4.x86_64 ipa-server-selinux-3.0.0-26.el6_4.4.x86_64 ipa-server-trust-ad-3.0.0-26.el6_4.4.x86_64 sssd-1.9.2-82.7.el6_4.x86_64 sssd-client-1.9.2-82.7.el6_4.x86_64 The logs are attached. I hesitated a little bit, because I thought attachments are not appropriate for maillists. But i think, if I paste in the mail ist self, it grows to the same size. I'm sorry, if I angered someone. Thanks Leah >> Thanks >> >> Leah >> >> >>> bye, >>> Sumit >>> >>>> ########### >>>> /var/log/gdm/\:0-greeter.log: >>>> >>>> Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW >>>> message with a timestamp of 0 for 0x1c0002b (Login Wind) >>>> Window manager warning: meta_window_activate called by a pager with >>>> a 0 timestamp; the pager needs to be fixed. >>>> Window manager warning: CurrentTime used to choose focus window; >>>> focus window may not be correct. >>>> Window manager warning: Got a request to focus the no_focus_window >>>> with a timestamp of 0. This shouldn't happen! >>>> >>>> >>>> ########### >>>> /var/log/gdm/\:0-slave.log is empty >>>> >>>> Thanks >>>> >>>> Leah >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [main] (0x0400): krb5_child started. (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [unpack_buffer] (0x1000): total buffer size: [116] (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [unpack_buffer] (0x0100): cmd [241] uid [1119800004] gid [1119800004] validate [true] offline [false] UPN [leah at IPA_DOMAIN] (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1119800004_dhF4lE] keytab: [/etc/krb5.keytab] (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [krb5_child_setup] (0x0400): Will perform online auth (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [krb5_child_setup] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [krb5_child_setup] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [krb5_set_canonicalize] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [krb5_child_setup] (0x0100): Not using FAST. (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [IPA_DOMAIN] (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.847193: Getting initial credentials for leah at IPA_DOMAIN (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.847437: Sending request (173 bytes) to IPA_DOMAIN (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.848593: Sending initial UDP request to dgram 192.168.30.10:88 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.851889: Received answer from dgram 192.168.30.10:88 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.852003: Response was from master KDC (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.852057: Received error from KDC: -1765328359/Additional pre-authentication required (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.852128: Processing preauth types: 136, 19, 2, 133 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.852617: Selected etype info: etype aes256-cts, salt "IPA_DOMAINleah", params "" (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.852646: Received cookie: MIT (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.865223: AS key obtained for encrypted timestamp: aes256-cts/8240 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.865320: Encrypted timestamp (for 1371801580.865249): plain 301AA011180F32303133303632313037353934305AA10502030D33E1, encrypted 10047FF068CE3605F60BCFBE6A3D8F46E3C24ADAF14342EB0AAE06A6DB459315B493C667FAE59B9511E824C757E23EBB8E6A08D29968C1AD (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.865355: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.865372: Produced preauth for next request: 133, 2 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.865400: Sending request (268 bytes) to IPA_DOMAIN (master) (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.865495: Sending initial UDP request to dgram 192.168.30.10:88 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.940393: Received answer from dgram 192.168.30.10:88 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.940526: Processing preauth types: 19 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.940565: Selected etype info: etype aes256-cts, salt "IPA_DOMAINleah", params "" (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.940589: Produced preauth for next request: (empty) (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.940617: AS key determined by preauth: aes256-cts/8240 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.940707: Decrypted AS reply; session key is: aes256-cts/D818 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.940756: FAST negotiation: available (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [6997223] (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential. (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941012: Retrieving host/ipa_hostname.ipa_domain at IPA_DOMAIN from FILE:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941046: Resolving unique ccache of type MEMORY (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941088: Initializing MEMORY:6lEuSWx with default princ leah at IPA_DOMAIN (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941120: Removing leah at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN from MEMORY:6lEuSWx (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941145: Storing leah at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN in MEMORY:6lEuSWx (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941190: Getting credentials leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN using ccache MEMORY:6lEuSWx (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941247: Retrieving leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN from MEMORY:6lEuSWx with result: -1765328243/Matching credential not found (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941328: Retrieving leah at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN from MEMORY:6lEuSWx with result: 0/Success (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941363: Found cached TGT for service realm: leah at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941390: Requesting tickets for host/ipa_hostname.ipa_domain at IPA_DOMAIN, referrals on (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941440: Generated subkey for TGS request: aes256-cts/2137 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941472: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941593: Sending request (1229 bytes) to IPA_DOMAIN (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.941743: Sending initial UDP request to dgram 192.168.30.10:88 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.945711: Received answer from dgram 192.168.30.10:88 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.945834: Response was from master KDC (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.945925: TGS reply is for leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN with session key aes256-cts/0E63 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.945976: TGS request result: 0/Success (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.946001: Received creds for desired service host/ipa_hostname.ipa_domain at IPA_DOMAIN (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.946027: Removing leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN from MEMORY:6lEuSWx (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.946053: Storing leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN in MEMORY:6lEuSWx (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.946117: Creating authenticator for leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN, seqnum 0, subkey (null, session key aes256-cts/0E63 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.946249: Retrieving host/ipa_hostname.ipa_domain at IPA_DOMAIN from FILE:/etc/krb5.keytab (vno 2, enctype aes256-cts) with result: 0/Success (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.946381: Decrypted AP-REQ with specified server principal host/ipa_hostname.ipa_domain at IPA_DOMAIN: aes256-cts/21B5 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.946422: AP-REQ ticket: leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN, session key aes256-cts/0E63 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.947443: Negotiated enctype based on authenticator: aes256-cts (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.947495: Initializing MEMORY:rd_req2 with default princ leah at IPA_DOMAIN (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.947529: Removing leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN from MEMORY:rd_req2 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.947556: Storing leah at IPA_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN in MEMORY:rd_req2 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.947592: Destroying ccache MEMORY:6lEuSWx (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [validate_tgt] (0x0400): TGT verified using key for [host/ipa_hostname.ipa_domain at IPA_DOMAIN]. (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.947688: Destroying ccache MEMORY:rd_req2 (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [become_user] (0x0200): Trying to become user [1119800004][1119800004]. (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [create_ccache_file] (0x0200): Creating ccache at [FILE:/tmp/krb5cc_1119800004_dhF4lE] (Fri Jun 21 09:59:40 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801580.948344: Initializing FILE:/tmp/.krb5cc_dummy_wavIeo with default princ leah at IPA_DOMAIN (Fri Jun 21 09:59:41 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801581.84230: Removing leah at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN from FILE:/tmp/.krb5cc_dummy_wavIeo (Fri Jun 21 09:59:41 2013) [[sssd[krb5_child[8232]]]] [sss_child_krb5_trace_cb] (0x4000): [8232] 1371801581.84264: Storing leah at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN in FILE:/tmp/.krb5cc_dummy_wavIeo (Fri Jun 21 09:59:41 2013) [[sssd[krb5_child[8232]]]] [create_ccache_file] (0x1000): Created ccache file: [FILE:/tmp/krb5cc_1119800004_dhF4lE] (Fri Jun 21 09:59:41 2013) [[sssd[krb5_child[8232]]]] [prepare_response_message] (0x0400): Building response for result [0] (Fri Jun 21 09:59:41 2013) [[sssd[krb5_child[8232]]]] [pack_response_packet] (0x2000): response packet size: [137] (Fri Jun 21 09:59:41 2013) [[sssd[krb5_child[8232]]]] [sendresponse] (0x4000): Response sent. (Fri Jun 21 09:59:41 2013) [[sssd[krb5_child[8232]]]] [main] (0x0400): krb5_child completed successfully (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [main] (0x0400): krb5_child started. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [unpack_buffer] (0x1000): total buffer size: [120] (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [unpack_buffer] (0x0100): cmd [241] uid [907001104] gid [907001104] validate [true] offline [false] UPN [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_907001104_XXXXXX] keytab: [/etc/krb5.keytab] (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [krb5_child_setup] (0x0400): Will perform online auth (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [krb5_child_setup] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [krb5_child_setup] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [krb5_set_canonicalize] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [krb5_child_setup] (0x0100): Not using FAST. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.357373: Getting initial credentials for user_xy at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.358531: Sending request (176 bytes) to AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.374435: Resolving hostname ads.ad_domain. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.391447: Sending initial UDP request to dgram 192.168.30.5:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.393302: Received answer from dgram 192.168.30.5:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.393632: Response was not from master KDC (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.393701: Received error from KDC: -1765328359/Additional pre-authentication required (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.393792: Processing preauth types: 16, 15, 19, 2 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.393848: Selected etype info: etype aes256-cts, salt "AD_DOMAINuser_xy", params "" (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.409485: AS key obtained for encrypted timestamp: aes256-cts/1904 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.409558: Encrypted timestamp (for 1371801617.409513): plain 301AA011180F32303133303632313038303031375AA1050203063FA9, encrypted 8B4493ED1705775DB27231417046660851C6D0E2CD311AD0108AB49C103B4B6BC8A84BD2D750CF0D858FA379633E08A982A6E2DCA9BAC66F (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.409588: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.409614: Produced preauth for next request: 2 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.409643: Sending request (254 bytes) to AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.410141: Resolving hostname ads.ad_domain. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.410548: Sending initial UDP request to dgram 192.168.30.5:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.412989: Received answer from dgram 192.168.30.5:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413204: Response was not from master KDC (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413260: Processing preauth types: 19 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413306: Selected etype info: etype aes256-cts, salt "AD_DOMAINuser_xy", params "" (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413328: Produced preauth for next request: (empty) (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413348: AS key determined by preauth: aes256-cts/1904 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413429: Decrypted AS reply; session key is: aes256-cts/8123 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413450: FAST negotiation: unavailable (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [2691032] (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [validate_tgt] (0x2000): Keytab entry with the realm of the credential not found in keytab. Using the last entry. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413765: Retrieving host/ipa_hostname.ipa_domain at IPA_DOMAIN from FILE:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.413789: Resolving unique ccache of type MEMORY (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414315: Initializing MEMORY:CSQzvHa with default princ user_xy at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414348: Removing user_xy at AD_DOMAIN -> krbtgt/AD_DOMAIN at AD_DOMAIN from MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414367: Storing user_xy at AD_DOMAIN -> krbtgt/AD_DOMAIN at AD_DOMAIN in MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414408: Getting credentials user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN using ccache MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414458: Retrieving user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN from MEMORY:CSQzvHa with result: -1765328243/Matching credential not found (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414491: Retrieving user_xy at AD_DOMAIN -> krbtgt/IPA_DOMAIN at AD_DOMAIN from MEMORY:CSQzvHa with result: -1765328243/Matching credential not found (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414520: Retrieving user_xy at AD_DOMAIN -> krbtgt/AD_DOMAIN at AD_DOMAIN from MEMORY:CSQzvHa with result: 0/Success (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414546: Starting with TGT for client realm: user_xy at AD_DOMAIN -> krbtgt/AD_DOMAIN at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414577: Retrieving user_xy at AD_DOMAIN -> krbtgt/IPA_DOMAIN at AD_DOMAIN from MEMORY:CSQzvHa with result: -1765328243/Matching credential not found (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414597: Requesting TGT krbtgt/IPA_DOMAIN at AD_DOMAIN using TGT krbtgt/AD_DOMAIN at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414644: Generated subkey for TGS request: aes256-cts/B496 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414668: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.414754: Sending request (1379 bytes) to AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.415272: Resolving hostname ads.ad_domain. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.415677: Sending initial UDP request to dgram 192.168.30.5:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.468222: Received answer from dgram 192.168.30.5:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472099: Response was not from master KDC (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472201: TGS reply is for user_xy at AD_DOMAIN -> krbtgt/IPA_DOMAIN at AD_DOMAIN with session key rc4-hmac/85BC (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472254: TGS request result: 0/Success (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472319: Removing user_xy at AD_DOMAIN -> krbtgt/IPA_DOMAIN at AD_DOMAIN from MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472354: Storing user_xy at AD_DOMAIN -> krbtgt/IPA_DOMAIN at AD_DOMAIN in MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472388: Received TGT for service realm: krbtgt/IPA_DOMAIN at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472429: Requesting tickets for host/ipa_hostname.ipa_domain at IPA_DOMAIN, referrals on (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472467: Generated subkey for TGS request: rc4-hmac/4085 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472500: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472605: Sending request (1350 bytes) to IPA_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.472755: Sending initial UDP request to dgram 192.168.30.10:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.597060: Received answer from dgram 192.168.30.10:88 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.597883: Response was from master KDC (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.597967: TGS reply is for user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN with session key aes256-cts/2E41 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598034: TGS request result: 0/Success (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598062: Received creds for desired service host/ipa_hostname.ipa_domain at IPA_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598088: Removing user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN from MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598115: Storing user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN in MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598194: Creating authenticator for user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN, seqnum 0, subkey (null, session key aes256-cts/2E41 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598368: Retrieving host/ipa_hostname.ipa_domain at IPA_DOMAIN from FILE:/etc/krb5.keytab (vno 2, enctype aes256-cts) with result: 0/Success (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598473: Decrypted AP-REQ with specified server principal host/ipa_hostname.ipa_domain at IPA_DOMAIN: aes256-cts/21B5 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598509: AP-REQ ticket: user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN, session key aes256-cts/2E41 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598871: Negotiated enctype based on authenticator: aes256-cts (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598918: Initializing MEMORY:rd_req2 with default princ user_xy at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598953: Removing user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN from MEMORY:rd_req2 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.598981: Storing user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN in MEMORY:rd_req2 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.599021: Removing user_xy at AD_DOMAIN -> krbtgt/IPA_DOMAIN at AD_DOMAIN from MEMORY:rd_req2 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.599048: Storing user_xy at AD_DOMAIN -> krbtgt/IPA_DOMAIN at AD_DOMAIN in MEMORY:rd_req2 (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.599093: Destroying ccache MEMORY:CSQzvHa (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [validate_tgt] (0x0400): TGT verified using key for [host/ipa_hostname.ipa_domain at IPA_DOMAIN]. (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.599212: Retrieving user_xy at AD_DOMAIN -> host/ipa_hostname.ipa_domain at IPA_DOMAIN from MEMORY:rd_req2 with result: 0/Success (Fri Jun 21 10:00:17 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801617.599513: Retrieving host/ipa_hostname.ipa_domain at IPA_DOMAIN from FILE:/etc/krb5.keytab (vno 2, enctype aes256-cts) with result: 0/Success (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801618.259715: Destroying ccache MEMORY:rd_req2 (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [become_user] (0x0200): Trying to become user [907001104][907001104]. (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [create_ccache_file] (0x0200): Creating ccache at [FILE:/tmp/krb5cc_907001104_XXXXXX] (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801618.260470: Initializing FILE:/tmp/.krb5cc_dummy_Q1yqKa with default princ user_xy at AD_DOMAIN (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801618.384571: Removing user_xy at AD_DOMAIN -> krbtgt/AD_DOMAIN at AD_DOMAIN from FILE:/tmp/.krb5cc_dummy_Q1yqKa (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [sss_child_krb5_trace_cb] (0x4000): [8320] 1371801618.384602: Storing user_xy at AD_DOMAIN -> krbtgt/AD_DOMAIN at AD_DOMAIN in FILE:/tmp/.krb5cc_dummy_Q1yqKa (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [create_ccache_file] (0x1000): Created ccache file: [FILE:/tmp/krb5cc_907001104_CJBuxU] (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [prepare_response_message] (0x0400): Building response for result [0] (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [pack_response_packet] (0x2000): response packet size: [139] (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [sendresponse] (0x4000): Response sent. (Fri Jun 21 10:00:18 2013) [[sssd[krb5_child[8320]]]] [main] (0x0400): krb5_child completed successfully -------------- next part -------------- (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [main] (0x0400): ldap_child started. (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [main] (0x2000): context initialized (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [unpack_buffer] (0x1000): total buffer size: 47 (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [unpack_buffer] (0x1000): realm_str size: 9 (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [unpack_buffer] (0x1000): got realm_str: IPA_DOMAIN (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [unpack_buffer] (0x1000): princ_str size: 22 (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [unpack_buffer] (0x1000): got princ_str: host/ipa_hostname.IPA_DOMAIN (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [unpack_buffer] (0x1000): keytab_name size: 0 (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [unpack_buffer] (0x1000): lifetime: 86400 (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [main] (0x2000): getting TGT sync (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x2000): Kerberos context initialized (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [IPA_DOMAIN] (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/ipa_hostname.IPA_DOMAIN at IPA_DOMAIN] (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [default] (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_IPA_DOMAIN] (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801538.971441: Getting initial credentials for host/ipa_hostname.IPA_DOMAIN at IPA_DOMAIN (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801538.971802: Looked up etypes in keytab: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801538.971878: Sending request (191 bytes) to IPA_DOMAIN (Fri Jun 21 09:58:58 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801538.973743: Sending initial UDP request to dgram 192.168.30.10:88 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.8767: Received answer from dgram 192.168.30.10:88 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.8855: Response was from master KDC (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.8897: Received error from KDC: -1765328359/Additional pre-authentication required (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.8950: Processing preauth types: 136, 19, 2, 133 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.8976: Selected etype info: etype aes256-cts, salt "(null)", params "" (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.8992: Received cookie: MIT (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.9047: Retrieving host/ipa_hostname.IPA_DOMAIN at IPA_DOMAIN from FILE:/etc/krb5.keytab (vno 0, enctype aes256-cts) with result: 0/Success (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.9087: AS key obtained for encrypted timestamp: aes256-cts/21B5 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.9154: Encrypted timestamp (for 1371801539.9104): plain 3019A011180F32303133303632313037353835395AA10402022390, encrypted 32A1077F995BCBC1341A9F3920B86A483ECEA5A36EEA1A4922D28B06D4A9454858CA4D1B61553D6BC3E2EB4E6353A1B41D9C5BA2C0E19A (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.9186: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.9203: Produced preauth for next request: 133, 2 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.9230: Sending request (286 bytes) to IPA_DOMAIN (master) (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.9352: Sending initial UDP request to dgram 192.168.30.10:88 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.125442: Received answer from dgram 192.168.30.10:88 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.125569: Processing preauth types: 19 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.125606: Selected etype info: etype aes256-cts, salt "(null)", params "" (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.125630: Produced preauth for next request: (empty) (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.126075: Salt derived from principal: IPA_DOMAINhostipa_hostname.IPA_DOMAIN (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.126119: AS key determined by preauth: aes256-cts/21B5 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.126232: Decrypted AS reply; session key is: aes256-cts/EF9C (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.126316: FAST negotiation: available (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.126829: Initializing FILE:/var/lib/sss/db/ccache_IPA_DOMAIN with default princ host/ipa_hostname.IPA_DOMAIN at IPA_DOMAIN (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.302439: Removing host/ipa_hostname.IPA_DOMAIN at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN from FILE:/var/lib/sss/db/ccache_IPA_DOMAIN (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [sss_child_krb5_trace_cb] (0x4000): [8224] 1371801539.302483: Storing host/ipa_hostname.IPA_DOMAIN at IPA_DOMAIN -> krbtgt/IPA_DOMAIN at IPA_DOMAIN in FILE:/var/lib/sss/db/ccache_IPA_DOMAIN (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [prepare_response] (0x0400): Building response for result [0] (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [pack_buffer] (0x2000): response size: 57 (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [37] msg [FILE:/var/lib/sss/db/ccache_IPA_DOMAIN] (Fri Jun 21 09:58:59 2013) [[sssd[ldap_child[8224]]]] [main] (0x0400): ldap_child completed successfully -------------- next part -------------- (Fri Jun 21 10:00:16 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:00:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:16 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:00:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:16 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:00:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:16 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:00:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:16 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:00:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:00:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:00:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:00:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:00:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:00:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:00:26 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:00:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:26 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:00:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:26 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:00:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:26 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:00:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:26 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:00:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:00:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:00:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:00:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:00:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:00:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:00:36 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:00:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:36 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:00:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:36 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:00:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:36 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:00:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:36 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:00:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:00:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:00:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:00:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:00:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:00:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:00:46 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:00:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:46 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:00:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:46 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:00:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:46 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:00:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:46 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:00:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:00:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:00:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:00:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:00:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:00:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:00:56 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:00:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:56 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:00:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:56 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:00:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:56 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:00:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:56 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:00:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:00:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:00:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:00:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:00:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:00:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:01:06 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:01:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:01:06 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:01:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:01:06 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:01:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:01:06 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:01:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:06 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:01:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:01:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:01:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:01:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:01:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:01:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:01:16 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:01:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:01:16 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:01:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:16 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:01:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:01:16 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:01:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:01:16 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:01:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc421c0 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:01:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:01:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42e70 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:01:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ed0 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:01:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc39e20 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:01:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:01:25 2013) [sssd] [message_type] (0x0200): netlink Message type: 24 (Fri Jun 21 10:01:25 2013) [sssd] [route_msg_handler] (0x2000): Discarding multicast route message (Fri Jun 21 10:01:26 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:01:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc3c8b0 (Fri Jun 21 10:01:26 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:01:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc3df20 (Fri Jun 21 10:01:26 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:01:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37530 (Fri Jun 21 10:01:26 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:01:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42d20 (Fri Jun 21 10:01:26 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:01:26 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc3c8b0 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:01:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc3df20 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:01:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37530 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:01:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42d20 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:01:26 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:01:26 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:01:36 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:01:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:36 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:01:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42d20 (Fri Jun 21 10:01:36 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:01:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37530 (Fri Jun 21 10:01:36 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:01:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc3df20 (Fri Jun 21 10:01:36 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:01:36 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:01:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42d20 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:01:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37530 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:01:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc3df20 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:01:36 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:01:36 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:01:46 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:01:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:01:46 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:01:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc3df20 (Fri Jun 21 10:01:46 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:01:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37530 (Fri Jun 21 10:01:46 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:01:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42d20 (Fri Jun 21 10:01:46 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:01:46 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:01:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc3df20 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:01:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37530 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:01:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42d20 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:01:46 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc41fe0 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:01:46 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:01:55 2013) [sssd] [message_type] (0x0200): netlink Message type: 25 (Fri Jun 21 10:01:55 2013) [sssd] [route_msg_handler] (0x2000): Discarding multicast route message (Fri Jun 21 10:01:56 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:01:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43380 (Fri Jun 21 10:01:56 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:01:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ab0 (Fri Jun 21 10:01:56 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:01:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43260 (Fri Jun 21 10:01:56 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:01:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:01:56 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:01:56 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43590 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43380 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:01:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ab0 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:01:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43260 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:01:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:01:56 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43590 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:01:56 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:02:06 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:02:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43590 (Fri Jun 21 10:02:06 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:02:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:02:06 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:02:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43260 (Fri Jun 21 10:02:06 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:02:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ab0 (Fri Jun 21 10:02:06 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:02:06 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43380 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43590 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:02:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:02:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43260 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:02:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ab0 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:02:06 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43380 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:02:06 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping (Fri Jun 21 10:02:16 2013) [sssd] [service_send_ping] (0x0100): Pinging ipa_domain (Fri Jun 21 10:02:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43380 (Fri Jun 21 10:02:16 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Fri Jun 21 10:02:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc42ab0 (Fri Jun 21 10:02:16 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Fri Jun 21 10:02:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43260 (Fri Jun 21 10:02:16 2013) [sssd] [service_send_ping] (0x0100): Pinging ssh (Fri Jun 21 10:02:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:02:16 2013) [sssd] [service_send_ping] (0x0100): Pinging pac (Fri Jun 21 10:02:16 2013) [sssd] [sbus_add_timeout] (0x2000): 0xc43590 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43380 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C384E0 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd] [ping_check] (0x0100): Service ipa_domain replied to ping (Fri Jun 21 10:02:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc42ab0 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3FF50 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Fri Jun 21 10:02:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43260 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3B420 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Fri Jun 21 10:02:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc37b50 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3A290 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Fri Jun 21 10:02:16 2013) [sssd] [sbus_remove_timeout] (0x2000): 0xc43590 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): dbus conn: C3D650 (Fri Jun 21 10:02:16 2013) [sssd] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd] [ping_check] (0x0100): Service pac replied to ping -------------- next part -------------- (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [fo_context_init] (0x0400): Created new fail over context, retry timeout is 30 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [confdb_get_domain_internal] (0x0400): No enumeration for [ipa_domain]! (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sysdb_domain_init_internal] (0x0200): DB File for ipa_domain: /var/lib/sss/db/cache_ipa_domain.ldb (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x15fabb0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x15fcfc0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x15fcfc0 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x15fabb0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x15fabb0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x15fd930 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x15fd930 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x15fabb0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16127e0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612890 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612890 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16127e0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_init_connection] (0x0200): Adding connection 1612EA0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_add_watch] (0x2000): 0x16132d0/0x16103b0 (15), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x16132d0/0x15fad20 (15), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_ipa_domain,1) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_add_timeout] (0x2000): 0x1613600 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x16132d0/0x15fad20 (15), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x16132d0/0x16103b0 (15), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sss_names_init] (0x0100): Using re [(((?P[^\\]+)\\(?P.+$))|((?P[^@]+)@(?P.+$))|(^(?P[^@\\]+)$))]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_ipa_domain.8214 to a link /var/lib/sss/pipes/private/sbus-dp_ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_new_server] (0x0400): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_ipa_domain.8214,guid=4f40b1ad8b79663e39f2da4a000106df (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_add_watch] (0x2000): 0x1611c00/0x1613dd0 (16), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Loading backend [ipa] with path [/usr/lib64/sssd/libsss_ipa.so]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_domain has value ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_server has value ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_backup_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_hostname has value ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_dyndns_update is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_dyndns_iface has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_hbac_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_host_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_selinux_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_subdomains_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_master_domain_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_realm has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_hbac_refresh has value 5 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_hbac_treat_deny_as has value DENY_ALL (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_hbac_support_srchost is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_automount_location has value default (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ipa_ranges_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [fo_new_service] (0x0400): Creating new service 'IPA' (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [fo_add_server] (0x0080): Adding new server 'ipa_hostname.ipa_domain', to service 'IPA' (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_servers_init] (0x0400): Added Server ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_backup_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_default_bind_dn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_default_authtok_type has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_default_authtok has no binary value. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_search_timeout has value 6 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_network_timeout has value 6 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_opt_timeout has value 6 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_reqcert has value hard (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_user_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_user_search_scope has value sub (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_user_search_filter has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_search_scope has value sub (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_search_filter has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_service_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_full_refresh_interval has value 21600 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has value 900 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_use_host_filter is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_hostnames has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_ip has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_include_netgroups is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_include_regexp is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_autofs_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_schema has value ipa_v1 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_offline_timeout has value 60 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_force_upper_case_realm is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has value 300 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 3600 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cacert has value /etc/ipa/ca.crt (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cacertdir has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cert has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_key has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cipher_suite has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_id_use_start_tls is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_id_mapping is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_mech has value GSSAPI (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_authid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_realm has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_minssf has value 56 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_krb5_keytab has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_krb5_init_creds is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_backup_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_realm has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_canonicalize is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_pwd_policy has value none (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_referrals is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option account_cache_expiration has value 0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_dns_service_name has value ldap (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_krb5_ticket_lifetime has value 86400 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_access_filter has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_netgroup_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_nesting_level has value 2 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_deref has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_account_expire_policy has value ipa (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_access_order has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_backup_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_dns_service_name has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_update_last_change is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_enumeration_search_timeout has value 60 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_auth_disable_tls_never_use_in_production is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_page_size has value 1000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_deref_threshold has value 10 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_canonicalize is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_connection_expire_timeout has value 900 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_disable_paging is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_range_min has value 200000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_range_max has value 2000200000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_range_size has value 200000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_autorid_compat is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_default_domain has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_default_domain_sid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_groups_use_matching_rule_in_chain is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_initgroups_use_matching_rule_in_chain is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_rfc2307_fallback_to_local_users is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option krb5_realm set to IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_set_sasl_options] (0x0100): Will look for ipa_hostname.ipa_domain at IPA_DOMAIN in default keytab (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x4000): Trying to find principal ipa_hostname.ipa_domain at IPA_DOMAIN in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x0400): No principal matching ipa_hostname.ipa_domain at IPA_DOMAIN found in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x4000): Trying to find principal FREEIPA$@IPA_DOMAIN in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x0400): No principal matching FREEIPA$@IPA_DOMAIN found in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/ipa_hostname.ipa_domain at IPA_DOMAIN in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [match_principal] (0x1000): Principal matched to the sample (host/ipa_hostname.ipa_domain at IPA_DOMAIN). (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [select_principal_from_keytab] (0x0200): Selected primary: host/ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [select_principal_from_keytab] (0x0200): Selected realm: IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to host/ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_user_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [USER][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_group_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_sudo_search_base set to ou=SUDOers,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][ou=SUDOers,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_netgroup_search_base set to cn=ng,cn=alt,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][cn=ng,cn=alt,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0100): Option ipa_host_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HOST][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ipa_hbac_search_base set to cn=hbac,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HBAC][cn=hbac,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0100): Option ipa_selinux_search_base set to cn=selinux,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SELINUX][cn=selinux,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_group_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0100): Option ipa_subdomains_search_base set to cn=trusts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SUBDOMAINS][cn=trusts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0100): Option ipa_master_domain_search_base set to cn=ad,cn=etc,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0100): Option ipa_ranges_search_base set to cn=ranges,cn=etc,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_RANGES][cn=ranges,cn=etc,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_entry_usn has value entryUSN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_rootdse_last_usn has value lastUSN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_object_class has value posixAccount (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_name has value uid (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_pwd has value userPassword (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_gid_number has value gidNumber (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_home_directory has value homeDirectory (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_principal has value krbPrincipalName (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_fullname has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_member_of has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_uuid has value nsUniqueId (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_objectsid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_primary_group has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_modify_timestamp has value modifyTimestamp (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_entry_usn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_last_change has value shadowLastChange (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_min has value shadowMin (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_max has value shadowMax (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_warning has value shadowWarning (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_inactive has value shadowInactive (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_expire has value shadowExpire (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_flag has value shadowFlag (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_krb_last_pwd_change has value krbLastPwdChange (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_krb_password_expiration has value krbPasswordExpiration (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_pwd_attribute has value pwdAttribute (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_authorized_service has value authorizedService (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_ad_account_expires has value accountExpires (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_ad_user_account_control has value userAccountControl (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_ns_account_lock has value nsAccountLock (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_authorized_host has value host (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_disabled has value loginDisabled (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_expiration_time has value loginExpirationTime (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_allowed_time_map has value loginAllowedTimeMap (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_ssh_public_key has value ipaSshPubKey (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_object_class has value posixGroup (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_pwd has value userPassword (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_member has value member (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_uuid has value nsUniqueId (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_objectsid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_modify_timestamp has value modifyTimestamp (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_entry_usn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_object_class has value ipaNisNetgroup (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member has value member (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_of has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_user has value memberUser (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_host has value memberHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_ext_host has value externalHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_domain has value nisDomainName (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_object_class has value ipaHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_fqdn has value fqdn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_serverhostname has value serverHostname (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_member_of has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_ssh_public_key has value ipaSshPubKey (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_objectclass has value ipaHostgroup (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_member has value member (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_memberof has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_object_class has value ipService (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_port has value ipServicePort (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_proto has value ipServiceProtocol (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_entry_usn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_object_class has value ipaselinuxusermap (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_user has value memberUser (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_host has value memberHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_see_also has value seeAlso (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_selinux_user has value ipaSELinuxUser (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_enabled has value ipaEnabledFlag (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_user_category has value userCategory (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_host_category has value hostCategory (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ldap_id_cleanup_set_timer] (0x0400): Scheduling next cleanup at 1371801516.619055 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x2000): ID backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Backend [ipa] already loaded. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_domain has value ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_server has value ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_backup_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hostname has value ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_dyndns_update is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_dyndns_iface has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_search_base has value cn=hbac,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_host_search_base has value cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_selinux_search_base has value cn=selinux,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_subdomains_search_base has value cn=trusts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_master_domain_search_base has value cn=ad,cn=etc,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option krb5_realm has value IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_refresh has value 5 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_treat_deny_as has value DENY_ALL (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_support_srchost is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_automount_location has value default (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_ranges_search_base has value cn=ranges,cn=etc,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_backup_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_realm has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_ccachedir has value /tmp (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_ccname_template has value FILE:%d/krb5cc_%U_XXXXXX (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_auth_timeout has value 15 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_keytab has value /etc/krb5.keytab (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_validate is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_kpasswd has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_backup_kpasswd has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_store_password_if_offline is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_renewable_lifetime has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_lifetime has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_renew_interval has value 0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_use_fast has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_fast_principal has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_canonicalize is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy option (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_auth_options] (0x0400): Option krb5_realm set to IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_backup_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_default_bind_dn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_default_authtok_type has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_default_authtok has no binary value. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_search_timeout has value 6 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_network_timeout has value 6 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_opt_timeout has value 6 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_reqcert has value hard (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_user_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_user_search_scope has value sub (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_user_search_filter has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_search_scope has value sub (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_search_filter has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_service_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_full_refresh_interval has value 21600 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has value 900 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_use_host_filter is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_hostnames has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_ip has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_include_netgroups is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sudo_include_regexp is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_autofs_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_schema has value ipa_v1 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_offline_timeout has value 60 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_force_upper_case_realm is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has value 300 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 3600 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cacert has value /etc/ipa/ca.crt (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cacertdir has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cert has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_key has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_tls_cipher_suite has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_id_use_start_tls is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_id_mapping is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_mech has value GSSAPI (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_authid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_realm has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_minssf has value 56 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_krb5_keytab has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_krb5_init_creds is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_backup_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_realm has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option krb5_canonicalize is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_pwd_policy has value none (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_referrals is TRUE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option account_cache_expiration has value 0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_dns_service_name has value ldap (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_krb5_ticket_lifetime has value 86400 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_access_filter has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_netgroup_search_base has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_group_nesting_level has value 2 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_deref has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_account_expire_policy has value ipa (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_access_order has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_backup_uri has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_dns_service_name has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_chpass_update_last_change is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_enumeration_search_timeout has value 60 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_auth_disable_tls_never_use_in_production is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_page_size has value 1000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_deref_threshold has value 10 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_sasl_canonicalize is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_connection_expire_timeout has value 900 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_disable_paging is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_range_min has value 200000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_range_max has value 2000200000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_range_size has value 200000 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_autorid_compat is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_default_domain has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_idmap_default_domain_sid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_groups_use_matching_rule_in_chain is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_initgroups_use_matching_rule_in_chain is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_get_options] (0x0400): Option ldap_rfc2307_fallback_to_local_users is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option krb5_realm set to IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_set_sasl_options] (0x0100): Will look for ipa_hostname.ipa_domain at IPA_DOMAIN in default keytab (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x4000): Trying to find principal ipa_hostname.ipa_domain at IPA_DOMAIN in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x0400): No principal matching ipa_hostname.ipa_domain at IPA_DOMAIN found in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x4000): Trying to find principal FREEIPA$@IPA_DOMAIN in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x0400): No principal matching FREEIPA$@IPA_DOMAIN found in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/ipa_hostname.ipa_domain at IPA_DOMAIN in keytab. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [match_principal] (0x1000): Principal matched to the sample (host/ipa_hostname.ipa_domain at IPA_DOMAIN). (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [select_principal_from_keytab] (0x0200): Selected primary: host/ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [select_principal_from_keytab] (0x0200): Selected realm: IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to host/ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_user_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [USER][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_group_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_sudo_search_base set to ou=SUDOers,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][ou=SUDOers,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_netgroup_search_base set to cn=ng,cn=alt,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][cn=ng,cn=alt,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HOST][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HBAC][cn=hbac,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SELINUX][cn=selinux,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_id_options] (0x0400): Option ldap_group_search_base set to cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][cn=accounts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SUBDOMAINS][cn=trusts,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [IPA_RANGES][cn=ranges,cn=etc,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_entry_usn has value entryUSN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_rootdse_last_usn has value lastUSN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_object_class has value posixAccount (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_name has value uid (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_pwd has value userPassword (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_gid_number has value gidNumber (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_home_directory has value homeDirectory (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_principal has value krbPrincipalName (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_fullname has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_member_of has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_uuid has value nsUniqueId (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_objectsid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_primary_group has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_modify_timestamp has value modifyTimestamp (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_entry_usn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_last_change has value shadowLastChange (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_min has value shadowMin (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_max has value shadowMax (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_warning has value shadowWarning (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_inactive has value shadowInactive (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_expire has value shadowExpire (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_flag has value shadowFlag (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_krb_last_pwd_change has value krbLastPwdChange (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_krb_password_expiration has value krbPasswordExpiration (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_pwd_attribute has value pwdAttribute (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_authorized_service has value authorizedService (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_ad_account_expires has value accountExpires (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_ad_user_account_control has value userAccountControl (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_ns_account_lock has value nsAccountLock (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_authorized_host has value host (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_disabled has value loginDisabled (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_expiration_time has value loginExpirationTime (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_allowed_time_map has value loginAllowedTimeMap (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_user_ssh_public_key has value ipaSshPubKey (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_object_class has value posixGroup (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_pwd has value userPassword (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_member has value member (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_uuid has value nsUniqueId (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_objectsid has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_modify_timestamp has value modifyTimestamp (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_group_entry_usn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_object_class has value ipaNisNetgroup (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member has value member (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_of has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_user has value memberUser (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_host has value memberHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_ext_host has value externalHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_domain has value nisDomainName (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_netgroup_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_object_class has value ipaHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_fqdn has value fqdn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_serverhostname has value serverHostname (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_member_of has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_ssh_public_key has value ipaSshPubKey (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_host_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_objectclass has value ipaHostgroup (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_member has value member (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_memberof has value memberOf (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_hostgroup_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_object_class has value ipService (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_port has value ipServicePort (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_proto has value ipServiceProtocol (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_service_entry_usn has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_object_class has value ipaselinuxusermap (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_name has value cn (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_user has value memberUser (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_host has value memberHost (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_see_also has value seeAlso (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_selinux_user has value ipaSELinuxUser (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_enabled has value ipaEnabledFlag (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_user_category has value userCategory (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_host_category has value hostCategory (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_uuid has value ipaUniqueID (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [check_and_export_lifetime] (0x0200): No lifetime configured. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [check_and_export_lifetime] (0x0200): No lifetime configured. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [check_and_export_options] (0x0100): No KDC explicitly configured, using defaults. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [check_and_export_options] (0x0100): No kpasswd server explicitly configured, using the KDC or defaults. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [check_and_export_options] (0x0100): ccache is of type FILE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x2000): AUTH backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Backend [ipa] already loaded. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_domain has value ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_server has value ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_backup_server has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hostname has value ipa_hostname.ipa_domain (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_dyndns_update is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_dyndns_iface has no value (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_search_base has value cn=hbac,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_host_search_base has value cn=accounts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_selinux_search_base has value cn=selinux,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_subdomains_search_base has value cn=trusts,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_master_domain_search_base has value cn=ad,cn=etc,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option krb5_realm has value IPA_DOMAIN (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_refresh has value 5 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_treat_deny_as has value DENY_ALL (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_hbac_support_srchost is FALSE (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_automount_location has value default (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [dp_copy_options] (0x0400): Option ipa_ranges_search_base has value cn=ranges,cn=etc,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x2000): ACCESS backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Backend [ipa] already loaded. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x2000): CHPASS backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init_sudo] (0x0400): SUDO is not listed in services, disabling SUDO module. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x0080): No SUDO module provided for [ipa_domain] !! (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x0200): no module name found in confdb, using [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Backend [ipa] already loaded. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sssm_ipa_autofs_init] (0x2000): Initializing IPA autofs handler (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_autofs_init] (0x2000): Initializing autofs LDAP back end (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [ipa_get_autofs_options] (0x1000): Option ldap_autofs_search_base set to cn=default,cn=automount,dc=ipa_netbios,dc=fh (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][cn=default,cn=automount,dc=ipa_netbios,dc=fh][SUBTREE][] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_autofs_map_object_class has value automountMap (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_autofs_map_name has value automountMapName (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_object_class has value automount (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_key has value automountKey (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_value has value automountInformation (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x2000): autofs backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x0200): no module name found in confdb, using [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Backend [ipa] already loaded. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x4000): selinux backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x0200): no module name found in confdb, using [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Backend [ipa] already loaded. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x4000): HOST backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x0200): no module name found in confdb, using [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [load_backend_module] (0x1000): Backend [ipa] already loaded. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [get_config_status] (0x4000): IPA subdomain provider is configured implicit. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_process_init] (0x4000): Get-Subdomains backend target successfully loaded from provider [ipa]. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [main] (0x0400): Backend provider (ipa_domain) started! (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x16132d0/0x15fad20 (15), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x16132d0/0x16103b0 (15), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x16132d0/0x15fad20 (15), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x16132d0/0x16103b0 (15), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_remove_timeout] (0x2000): 0x1613600 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Entering. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x162a740. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_init_connection] (0x0200): Adding connection 162A740 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_add_watch] (0x2000): 0x1613b50/0x16135b0 (19), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1613b50/0x161bdf0 (19), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Got a connection (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x162aa80] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Entering. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x1624f90. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_init_connection] (0x0200): Adding connection 1624F90 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_add_watch] (0x2000): 0x1629400/0x16284b0 (20), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1629400/0x1628500 (20), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Got a connection (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x162a350] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1624F90 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1613b50/0x161bdf0 (19), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1613b50/0x16135b0 (19), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1613b50/0x161bdf0 (19), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1613b50/0x16135b0 (19), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1629400/0x1628500 (20), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1629400/0x16284b0 (20), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1629400/0x1628500 (20), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1629400/0x16284b0 (20), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [RegisterService] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Cancel DP ID timeout [0x162aa80] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Added Frontend client [PAM] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Entering. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x16305c0. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_init_connection] (0x0200): Adding connection 16305C0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_add_watch] (0x2000): 0x1630be0/0x16110f0 (21), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1630be0/0x1630030 (21), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Got a connection (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x1630e50] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 16305C0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1630be0/0x1630030 (21), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1630be0/0x16110f0 (21), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1630be0/0x1630030 (21), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1630be0/0x16110f0 (21), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 16305C0 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [RegisterService] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Cancel DP ID timeout [0x1630e50] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Added Frontend client [PAC] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Entering. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x1632450. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_init_connection] (0x0200): Adding connection 1632450 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_add_watch] (0x2000): 0x1633080/0x1630cd0 (22), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1633080/0x1630d20 (22), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_server_init_new_connection] (0x0200): Got a connection (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x16332f0] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1624F90 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [RegisterService] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Cancel DP ID timeout [0x162a350] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Added Frontend client [SSH] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1633080/0x1630d20 (22), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1633080/0x1630cd0 (22), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1633080/0x1630d20 (22), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_toggle_watch] (0x4000): 0x1633080/0x1630cd0 (22), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [RegisterService] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Cancel DP ID timeout [0x16332f0] (Fri Jun 21 09:58:26 2013) [sssd[be[ipa_domain]]] [client_registration] (0x0100): Added Frontend client [NSS] (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [cleanup_users] (0x4000): Cache expiration is set to 0 days (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1371801516)(!(lastLogin=*)))) (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x163f660 (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f780 (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f780 "ltdb_timeout" (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x163f660 "ltdb_callback" (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [sysdb_search_users] (0x2000): No such entry (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1371801516))) (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16419e0 (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f5c0 (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f5c0 "ltdb_timeout" (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16419e0 "ltdb_callback" (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [cleanup_groups] (0x0100): Found 1 expired group entries! (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16419e0 (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163e3d0 (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163e3d0 "ltdb_timeout" (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16419e0 "ltdb_callback" (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:58:36 2013) [sssd[be[ipa_domain]]] [ldap_id_cleanup_set_timer] (0x0400): Scheduling next cleanup at 1371805116.620352 (Fri Jun 21 09:58:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:58:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:46 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:58:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:56 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [be_get_subdomains] (0x0400): Got get subdomains [not forced][] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): beginning to connect (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'name not resolved' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [get_port_status] (0x1000): Port status of port 0 for server 'ipa_hostname.ipa_domain' is 'neutral' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'name not resolved' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [resolv_is_address] (0x4000): [ipa_hostname.ipa_domain] does not look like an IP address (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'ipa_hostname.ipa_domain' in files (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [set_server_common_status] (0x0100): Marking server 'ipa_hostname.ipa_domain' as 'resolving name' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [set_server_common_status] (0x0100): Marking server 'ipa_hostname.ipa_domain' as 'name resolved' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x0200): Found address for server ipa_hostname.ipa_domain: [192.168.30.10] TTL 7200 (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ipa_hostname.ipa_domain' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sss_ldap_init_send] (0x4000): Using file descriptor [23] for LDAP connection. (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://ipa_hostname.ipa_domain:389/??base] with fd [23]. (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1 (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16418b0], ldap[0x163e630] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: []. (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [namingContexts] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [defaultnamingcontext] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedExtension] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedSASLMechanisms] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [vendorName] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [vendorVersion] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [dataversion] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [netscapemdsuffix] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [lastusn] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16418b0], ldap[0x163e630] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_rootdse_done] (0x2000): Got rootdse (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 1717 (int: 1717) (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, host/ipa_hostname.ipa_domain, IPA_DOMAIN, 86400) (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service IPA (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'name resolved' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'name resolved' (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x0200): Found address for server ipa_hostname.ipa_domain: [192.168.30.10] TTL 7200 (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT... (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [create_tgt_req_send_buffer] (0x1000): buffer size: 47 (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [8224] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [child_handler_setup] (0x2000): Signal handler set up for pid [8224] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:58:58 2013) [sssd[be[ipa_domain]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_IPA_DOMAIN], expired on [1371887937] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_cli_auth_step] (0x1000): the connection will expire at 1371802439 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: host/ipa_hostname.ipa_domain (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [child_sig_handler] (0x1000): Waiting for child [8224]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [child_sig_handler] (0x0100): child [8224] finished successfully. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sss_child_handler] (0x2000): waitpid failed [10]: Keine Kind-Prozesse (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'ipa_hostname.ipa_domain' as 'working' (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [set_server_common_status] (0x0100): Marking server 'ipa_hostname.ipa_domain' as 'working' (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_done] (0x4000): notify connected to op #1 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_done] (0x4000): caching successful connection after 1 notifies (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16332f0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=AD_DOMAIN,cn=ad,cn=trusts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16332f0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1644a40 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1644a40 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSecondaryBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 6 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x163fcb0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x163fcb0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=IPA_DOMAIN_id_range,cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSecondaryBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x163fcb0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=AD_DOMAIN_id_range,cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x163fcb0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1640730 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1650190 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1650190 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1640730 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1643320 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16514a0 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16514a0 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1643320 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTSecurityIdentifier] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 7 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x163f480], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ipa_domain,cn=ad,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTSecurityIdentifier] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x163f480], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1650230 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16502e0 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16502e0 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1650230 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, ) [Success] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16332f0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=AD_DOMAIN,cn=ad,cn=trusts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16332f0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSecondaryBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1644a40], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1644a40], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=IPA_DOMAIN_id_range,cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSecondaryBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1644a40], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=AD_DOMAIN_id_range,cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTTrustedDomainSID] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1644a40], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1650ba0 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1650c50 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1650c50 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1650ba0 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16490a0 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1640e20 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1640e20 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16490a0 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTSecurityIdentifier] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16332f0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16332f0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ipa_domain,cn=ad,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTSecurityIdentifier] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16332f0], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1650cf0 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1650da0 (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1650da0 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1650cf0 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:58:59 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:59:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:06 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:59:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:16 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:59:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:26 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:59:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:36 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [3][1][name=leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16400d0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16332f0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16332f0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16400d0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16400d0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653120 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653120 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16400d0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=leah)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 11 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1650a90], ldap[0x163e630] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [uid=leah,cn=users,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [uid] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [uidNumber] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [gecos] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [loginShell] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [nsUniqueId] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [entryUSN] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [krbPasswordExpiration] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1650a90], ldap[0x163e630] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Storing the user (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x4000): Save user (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x2000): Adding originalDN [uid=leah,cn=users,cn=accounts,dc=ipa_netbios,dc=fh] to attributes of [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x1000): Adding original memberOf attributes to [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp [20130621074331Z] to attributes of [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x1000): Adding user principal [leah at IPA_DOMAIN] to attributes of [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowMin is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowWarning is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowExpire is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding krbLastPwdChange [20130612074003Z] to attributes of [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding krbPasswordExpiration [20130910074003Z] to attributes of [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): pwdAttribute is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): adAccountExpires is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): nsAccountLock is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): authorizedHost is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginExpirationTime is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginAllowedTimeMap is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available for [leah]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x0400): Storing info for user leah (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165d650 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165d700 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165d700 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165d650 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165e5f0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1652b90 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1652b90 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165e5f0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [userPassword] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666ff0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165de60 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165de60 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666ff0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowLastChange] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16630f0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1666fc0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1666fc0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16630f0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMin] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1667150 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667300 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667300 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1667150 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMax] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666fc0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16672e0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16672e0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666fc0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowWarning] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165e960 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165de60 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165de60 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165e960 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowInactive] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165e960 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667150 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667150 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165e960 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowExpire] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165e960 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165de60 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165de60 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165e960 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowFlag] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1663370 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1666cb0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1666cb0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1663370 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [pwdAttribute] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1662fb0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1662d70 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1662d70 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1662fb0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedService] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666cb0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1662d70 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1662d70 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666cb0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [adAccountExpires] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666cb0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165de60 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165de60 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666cb0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [adUserAccountControl] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666cb0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16633f0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16633f0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666cb0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [nsAccountLock] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165de60 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165e9e0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165e9e0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165de60 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedHost] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666cb0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1662d70 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1662d70 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666cb0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginDisabled] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165e9e0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1662d70 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1662d70 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165e9e0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginExpirationTime] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165de60 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16635e0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16635e0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165de60 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginAllowedTimeMap] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165da40 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1663490 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1663490 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165da40 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [sshPublicKey] from [leah] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165de60 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165e9e0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165e9e0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165de60 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Commit change (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165dd30 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165de50 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165de50 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165dd30 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Process user's groups (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=posixGroup)(cn=*))][cn=ipausers,cn=groups,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 12 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1652d00], ldap[0x163e630] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_initgr_nested_search] (0x0040): Search for group cn=ipausers,cn=groups,cn=accounts,dc=ipa_netbios,dc=fh, returned 0 results. Skipping (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_initgr_store_user_memberships] (0x1000): The user leah is a direct member of 0 LDAP groups (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_get_direct_parents] (0x2000): searching sysdb with filter [(&(objectClass=group)(member=name=leah,cn=users,cn=ipa_domain,cn=sysdb))] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165d990 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x165dab0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x165dab0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165d990 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sysdb_get_direct_parents] (0x1000): leah is a member of 0 sysdb groups (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_initgr_store_user_memberships] (0x2000): Updating memberships for leah (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_done] (0x4000): Initgroups done (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_add_timeout] (0x2000): 0x1645d90 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_remove_timeout] (0x2000): 0x1645d90 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 1 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 8 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x165d6c0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16521d0 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16521d0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x165d6c0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [cc_residual_is_used] (0x1000): User [1119800004] is still active, reusing ccache [/tmp/krb5cc_1119800004_dhF4lE]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [check_for_valid_tgt] (0x1000): TGT end time [1371887011]. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [check_for_valid_tgt] (0x0080): TGT is valid. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [krb5_auth_send] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_1119800004_dhF4lE] and is active and TGT is valid. (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'working' (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [get_port_status] (0x1000): Port status of port 0 for server 'ipa_hostname.ipa_domain' is 'working' (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'working' (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x0200): Found address for server ipa_hostname.ipa_domain: [192.168.30.10] TTL 7200 (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ipa_hostname.ipa_domain' (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [krb5_find_ccache_step] (0x0080): Saved ccache FILE:/tmp/krb5cc_1119800004_dhF4lE if of different type than ccache in configuration file, reusing the old ccache (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [8232] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [child_handler_setup] (0x2000): Signal handler set up for pid [8232] (Fri Jun 21 09:59:40 2013) [sssd[be[ipa_domain]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][3][46]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741822][15]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741823][32]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): TGT times are [1371801580][1371801580][1371887980][0]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][6][8]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'ipa_hostname.ipa_domain' as 'working' (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [set_server_common_status] (0x0100): Marking server 'ipa_hostname.ipa_domain' as 'working' (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, no one will be deleted. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [krb5_mod_ccname] (0x4000): Save ccname [FILE:/tmp/krb5cc_1119800004_dhF4lE] for user [leah]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1648f60 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x164e0a0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x164e0a0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1648f60 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1671ed0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1671ff0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1671ff0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1671ed0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, ) [Success] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sending result [0][ipa_domain] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sent result [0][ipa_domain] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [child_sig_handler] (0x1000): Waiting for child [8232]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [child_sig_handler] (0x0100): child [8232] finished successfully. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sss_child_handler] (0x2000): waitpid failed [10]: Keine Kind-Prozesse (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_access_send] (0x0400): Performing access check for user [leah] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1653120 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1650c20 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1650c20 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1653120 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user [leah] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_account_expired_rhds] (0x4000): Account for user [leah] is not locked. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_retry] (0x4000): Connection status is [online]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaHost)(fqdn=ipa_hostname.ipa_domain))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [fqdn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 13 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [fqdn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_x_deref_search_send] (0x0400): Dereferencing entry [fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh] using OpenLDAP deref (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_x_deref_parse_entry] (0x0400): Got deref control (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_x_deref_parse_entry] (0x0400): All deref results from a single control parsed (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_service_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=ipa_netbios,dc=fh][2][(objectClass=ipaHBACService)] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectClass=ipaHBACService)][cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 15 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=sshd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ftp,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=su,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=login,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=su-l,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=sudo,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=sudo-i,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=gdm,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=gdm-password,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=kdm,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=gssftp,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=proftpd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=vsftpd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_servicegroup_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=ipa_netbios,dc=fh][2][(objectClass=ipaHBACServiceGroup)] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 16 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1611760], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1611760], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [member] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1611760], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [member] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1611760], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_rule_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=ipa_netbios,dc=fh][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh)))] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh)))][cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaenabledflag] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accessRuleType] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberService] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serviceCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHost] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHostCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalHost] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 17 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x166d620], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x166d620], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [ipaUniqueID=b919d792-d1a8-11e2-8d2a-00163e000023,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaenabledflag] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [accessRuleType] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [userCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [serviceCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [sourceHostCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [hostCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x166d620], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166eb00 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f190 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f190 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166eb00 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [1] items to delete. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=ipa_hostname.ipa_domain,cn=hbac_hosts,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1667770 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667820 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167de30 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16682c0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667820 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1667770 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16682c0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167de30 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [ipa_hostname.ipa_domain]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f190 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f190 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1683820 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16838d0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16838d0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1683820 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167cda0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1641f00 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1641f00 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167cda0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [14] items to delete. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=vsftpd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168cc30 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168cd50 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168d1c0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168d270 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168cd50 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168cc30 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168d270 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168d1c0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=pure-ftpd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168dd10 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168d600 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692000 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16920b0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168d600 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168dd10 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16920b0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692000 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=ftp,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168d710 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168fe60 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168c3b0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168c8a0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168fe60 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168d710 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168c8a0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168c3b0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=proftpd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168d710 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168c310 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1693cd0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1693d80 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168c310 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168d710 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1693d80 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1693cd0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=sudo-i,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168fec0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696630 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16966e0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168fec0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16966e0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696630 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=sshd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168c770 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1695120 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1693cd0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1696550 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1695120 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168c770 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1696550 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1693cd0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=sudo,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168c770 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696880 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169a320 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168c770 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169a320 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696880 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=kdm,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696880 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1696550 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169a2f0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169a5e0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1696550 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696880 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169a5e0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169a2f0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=login,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168fec0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169a4f0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169a5a0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168fec0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169a5a0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169a4f0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=gdm-password,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696550 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168fec0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696880 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1696760 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168fec0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696550 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1696760 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696880 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=su-l,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696880 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696af0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169a230 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696880 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169a230 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696af0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=gdm,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169a230 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1696af0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696760 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169ca30 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1696af0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169a230 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169ca30 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696760 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=gssftp,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696af0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169cbf0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168c8a0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696af0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168c8a0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169cbf0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=su,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169cbf0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16a09a0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16a4f80 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16a09a0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169cbf0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16a4f80 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [sshd]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [su]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [login]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168bb20 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168bb20 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [su-l]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [sudo]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [sudo-i]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [gdm]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [gdm-password]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [kdm]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [gssftp]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166deb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692520 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [pure-ftpd]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168cdb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168cdb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d620 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16a1f80 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1668080 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1668080 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16a1f80 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [proftpd]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166deb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d620 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166deb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168cdb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d620 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168cdb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [vsftpd]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168cdb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168cdb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d620 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168cdb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d620 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168cdb0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168cdb0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168cdb0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d620 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [2] items to delete. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=Sudo,cn=hbac_servicegroups,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1694f60 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1695010 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168d910 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1693c60 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1695010 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1694f60 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1693c60 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168d910 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=ftp,cn=hbac_servicegroups,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1682e10 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1668400 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1693c60 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169ca30 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1668400 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1682e10 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169ca30 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1693c60 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [Sudo]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16896f0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16896f0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d620 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16904e0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168d710 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168d710 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16904e0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16896f0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16896f0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d620 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169a450 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169a500 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169a500 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169a450 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d620 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16896f0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16896f0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d620 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [1] items to delete. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=b919d792-d1a8-11e2-8d2a-00163e000023,cn=hbac_rules,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16835c0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16682a0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1693d10 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16a3610 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16682a0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16835c0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16a3610 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1693d10 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [b919d792-d1a8-11e2-8d2a-00163e000023]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168dab0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16a3610 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16a3610 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168dab0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166f880 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1689410 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1689410 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166f880 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1611760 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f190 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f190 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1611760 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_attrs_to_rule] (0x1000): Processing rule [allow_all] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_user_attrs_to_rule] (0x1000): Processing users for rule [allow_all] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_service_attrs_to_rule] (0x1000): Processing PAM services for rule [allow_all] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_thost_attrs_to_rule] (0x1000): Processing target hosts for rule [allow_all] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x163f930 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1643320 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1643320 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x163f930 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_eval_user_element] (0x1000): [1] groups for [leah] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [hbac_eval_user_element] (0x1000): Added group [ipausers] for user [leah] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1611760 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1611760 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1611760 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1611760 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [allow_all] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, ) [Success] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666880 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666880 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1666880 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16707b0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16707b0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1666880 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_get_selinux_send] (0x0400): Retrieving SELinux user mapping (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_get_selinux_send] (0x2000): Connection status is [online]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaMigrationEnabled] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSELinuxUserMapDefault] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSELinuxUserMapOrder] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 18 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1652d30], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ipaConfig,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaMigrationEnabled] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSELinuxUserMapDefault] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSELinuxUserMapOrder] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1652d30], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_selinux_get_maps_next] (0x0400): Trying to fetch SELinux maps with following parameters: [2][(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [seeAlso] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSELinuxUser] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaEnabledFlag] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 19 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1652d30], ldap[0x163e630] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ipa_selinux_get_maps_done] (0x0400): No SELinux user maps found! (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x163ff70 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16426b0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16426b0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x163ff70 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [1] items to delete. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [cn=selinux,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16535b0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653660 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16708f0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16709a0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653660 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16535b0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16709a0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16708f0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16426b0 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1668a80 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1668a80 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16426b0 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x163ff70 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1668970 (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1668970 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x163ff70 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:41 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success) [Success] (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sending result [0][ipa_domain] (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sent result [0][ipa_domain] (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:42 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Sending result [0][ipa_domain] (Fri Jun 21 09:59:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:59:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:46 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [3][1][name=leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1643320 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16426b0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16426b0 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1643320 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16426b0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1643320 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1643320 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16426b0 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=leah)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 20 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1611620], ldap[0x163e630] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [uid=leah,cn=users,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [uid] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [uidNumber] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [gecos] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [loginShell] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [nsUniqueId] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [entryUSN] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [krbPasswordExpiration] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1611620], ldap[0x163e630] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Storing the user (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x4000): Save user (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x2000): Adding originalDN [uid=leah,cn=users,cn=accounts,dc=ipa_netbios,dc=fh] to attributes of [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x1000): Adding original memberOf attributes to [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp [20130621075940Z] to attributes of [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x1000): Adding user principal [leah at IPA_DOMAIN] to attributes of [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowMin is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowWarning is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowExpire is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding krbLastPwdChange [20130612074003Z] to attributes of [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding krbPasswordExpiration [20130910074003Z] to attributes of [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): pwdAttribute is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): adAccountExpires is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): nsAccountLock is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): authorizedHost is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginExpirationTime is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginAllowedTimeMap is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available for [leah]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_save_user] (0x0400): Storing info for user leah (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1667a60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667e60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667e60 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1667a60 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166bd10 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166bdc0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166bdc0 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166bd10 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [userPassword] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166aec0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166c3d0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166c3d0 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166aec0 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowLastChange] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166e280 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166a3e0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166a3e0 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166e280 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMin] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1668550 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1671970 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1671970 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1668550 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMax] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166e280 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166eb40 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166eb40 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166e280 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowWarning] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166d3f0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1668550 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1668550 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166d3f0 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowInactive] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166d3f0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667e60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667e60 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166d3f0 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowExpire] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166a130 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166df50 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166df50 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166a130 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowFlag] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1667e60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166df50 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166df50 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1667e60 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [pwdAttribute] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1668550 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166d7f0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166d7f0 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1668550 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedService] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166a250 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667770 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667770 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166a250 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [adAccountExpires] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166f830 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667770 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667770 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166f830 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [adUserAccountControl] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166f830 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667e60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667e60 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166f830 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [nsAccountLock] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166f830 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166a0f0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166a0f0 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166f830 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedHost] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1668550 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667e60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667e60 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1668550 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginDisabled] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1668550 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166f830 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166f830 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1668550 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginExpirationTime] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1668550 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667e60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667e60 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1668550 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginAllowedTimeMap] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1668550 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166ff80 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166ff80 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1668550 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_remove_attrs] (0x2000): Removing attribute [sshPublicKey] from [leah] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166f830 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667e60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667e60 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166f830 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Commit change (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1667b90 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1668050 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1668050 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1667b90 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Process user's groups (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=posixGroup)(cn=*))][cn=ipausers,cn=groups,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 21 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1667e60], ldap[0x163e630] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_initgr_nested_search] (0x0040): Search for group cn=ipausers,cn=groups,cn=accounts,dc=ipa_netbios,dc=fh, returned 0 results. Skipping (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_initgr_store_user_memberships] (0x1000): The user leah is a direct member of 0 LDAP groups (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_get_direct_parents] (0x2000): searching sysdb with filter [(&(objectClass=group)(member=name=leah,cn=users,cn=ipa_domain,cn=sysdb))] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1667a60 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1667b80 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1667b80 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1667a60 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sysdb_get_direct_parents] (0x1000): leah is a member of 0 sysdb groups (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_initgr_store_user_memberships] (0x2000): Updating memberships for leah (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_done] (0x4000): Initgroups done (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_add_timeout] (0x2000): 0x1641f90 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_remove_timeout] (0x2000): 0x1641f90 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_CLOSE_SESSION (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 7920 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Sending result [0][ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 7920 (Fri Jun 21 09:59:47 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Sending result [0][ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=gdm] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x163f930 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1643320 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1643320 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x163f930 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=gdm)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 22 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1652d30], ldap[0x163e630] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1643320 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1643320 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=gdm)) (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1643320 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653120 (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653120 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1643320 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): No such entry (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:48 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4097][1][idnumber=907001104] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uidNumber=907001104)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 23 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x16552b0], ldap[0x163e630] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1611760 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1611760 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_uid] (0x0400): No such entry (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4097][1][idnumber=907001110] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uidNumber=907001110)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 24 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16401e0 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653330 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653330 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16401e0 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_uid] (0x0400): No such entry (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=tst] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=tst)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 25 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1643320 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1643320 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=tst)) (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1643320 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f930 (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f930 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1643320 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): No such entry (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:50 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=__other] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=__other)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 26 (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1611620], ldap[0x163e630] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1653330 (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653120 (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653120 "ltdb_timeout" (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1653330 "ltdb_callback" (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=__other)) (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1653330 (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f190 (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f190 "ltdb_timeout" (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1653330 "ltdb_callback" (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): No such entry (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 09:59:54 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 09:59:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 09:59:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:56 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:00:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:06 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:00:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [be_get_subdomains] (0x0400): Got get subdomains [forced][AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 27 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=AD_DOMAIN,cn=ad,cn=trusts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTTrustedDomainSID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSecondaryBaseRID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 28 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=IPA_DOMAIN_id_range,cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSecondaryBaseRID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=AD_DOMAIN_id_range,cn=ranges,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTTrustedDomainSID] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16426b0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16672f0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16672f0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16426b0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16426b0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653330 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653330 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16426b0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTSecurityIdentifier] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 29 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ipa_domain,cn=ad,cn=etc,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTSecurityIdentifier] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x15fda20], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1671590 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1671640 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1671640 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1671590 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, ) [Success] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 1 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 10 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1653330 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16445d0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16445d0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1653330 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [cc_residual_is_used] (0x0400): User [907001104] is not active (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [check_for_valid_tgt] (0x0020): krb5_cc_retrieve_cred failed. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [krb5_auth_send] (0x4000): Ccache_file is [FILE:/tmp/krb5cc_907001104_FZhYF1] and is not active and TGT is not valid. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'working' (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [get_port_status] (0x1000): Port status of port 0 for server 'ipa_hostname.ipa_domain' is 'working' (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [get_server_status] (0x1000): Status of server 'ipa_hostname.ipa_domain' is 'working' (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [be_resolve_server_process] (0x0200): Found address for server ipa_hostname.ipa_domain: [192.168.30.10] TTL 7200 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ipa_hostname.ipa_domain' (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [krb5_find_ccache_step] (0x4000): Recreating ccache file. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [8320] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [child_handler_setup] (0x2000): Signal handler set up for pid [8320] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 16305C0 (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [be_get_subdomains] (0x0400): Got get subdomains [forced][AD_NETBIOS] (Fri Jun 21 10:00:17 2013) [sssd[be[ipa_domain]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, ) [Success] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][3][45]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741822][18]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741823][32]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): TGT times are [1371801617][1371801617][1371837617][1371888017]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [parse_krb5_child_response] (0x1000): child response [0][6][8]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'ipa_hostname.ipa_domain' as 'working' (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [set_server_common_status] (0x0100): Marking server 'ipa_hostname.ipa_domain' as 'working' (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [krb5_mod_ccname] (0x4000): Save ccname [FILE:/tmp/krb5cc_907001104_CJBuxU] for user [user_xy at AD_DOMAIN]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1670cf0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1670da0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1670da0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1670cf0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x163ffa0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16400c0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16400c0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x163ffa0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, ) [Success] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sending result [0][AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sent result [0][AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [child_sig_handler] (0x1000): Waiting for child [8320]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [child_sig_handler] (0x0100): child [8320] finished successfully. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sss_child_handler] (0x2000): waitpid failed [10]: Keine Kind-Prozesse (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [3][1][name=user_xy] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x160fe70 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653120 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653120 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x160fe70 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_get_subdomain_account_info_send] (0x0400): Initgroups requests are not handled by the IPA provider but are resolved by the responder directly from the cache. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_access_send] (0x0400): Performing access check for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16670b0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16513d0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16513d0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16670b0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_account_expired_rhds] (0x4000): Account for user [user_xy at AD_DOMAIN] is not locked. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_retry] (0x4000): Connection status is [online]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaHost)(fqdn=ipa_hostname.ipa_domain))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [fqdn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 30 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [fqdn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_x_deref_search_send] (0x0400): Dereferencing entry [fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh] using OpenLDAP deref (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 31 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1668f40], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_x_deref_parse_entry] (0x0400): Got deref control (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_x_deref_parse_entry] (0x0400): All deref results from a single control parsed (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1668f40], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_service_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=ipa_netbios,dc=fh][2][(objectClass=ipaHBACService)] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectClass=ipaHBACService)][cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 32 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=sshd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ftp,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=su,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=login,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=su-l,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=sudo,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=sudo-i,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=gdm,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=gdm-password,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=kdm,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=gssftp,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=proftpd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=vsftpd,cn=hbacservices,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_servicegroup_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=ipa_netbios,dc=fh][2][(objectClass=ipaHBACServiceGroup)] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 33 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [member] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [member] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_rule_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=ipa_netbios,dc=fh][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh)))] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=ipa_hostname.ipa_domain,cn=computers,cn=accounts,dc=ipa_netbios,dc=fh)))][cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaenabledflag] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accessRuleType] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberService] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serviceCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHost] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHostCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalHost] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 34 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_entry] (0x4000): OriginalDN: [ipaUniqueID=b919d792-d1a8-11e2-8d2a-00163e000023,cn=hbac,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectclass] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaenabledflag] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [accessRuleType] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [userCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [serviceCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [sourceHostCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_parse_range] (0x2000): No sub-attributes for [hostCategory] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x160fe70 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653120 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653120 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x160fe70 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [1] items to delete. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=ipa_hostname.ipa_domain,cn=hbac_hosts,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16683d0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1668480 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167c940 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167c9f0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1668480 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16683d0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167c9f0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167c940 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [ipa_hostname.ipa_domain]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1687e20 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166ece0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166ece0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1687e20 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1653120 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16670b0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16670b0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1653120 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1689990 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166ece0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166ece0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1689990 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [14] items to delete. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=vsftpd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168d8e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168d990 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168e3a0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168e450 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168d990 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168d8e0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168e450 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168e3a0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=pure-ftpd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168eb00 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168ebb0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692520 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168d280 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168ebb0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168eb00 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168d280 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692520 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=ftp,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168e360 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168e410 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168d090 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168d3e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168e410 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168e360 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168d3e0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168d090 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=proftpd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168db00 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16903a0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696470 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1690450 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16903a0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168db00 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1690450 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696470 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=sudo-i,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168d280 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16925e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168cfa0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1697a60 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16925e0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168d280 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1697a60 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168cfa0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=sshd,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168e980 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16903a0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169a0e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1699c80 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16903a0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168e980 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1699c80 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169a0e0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=sudo,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692260 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1693b70 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168e420 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692410 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1693b70 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692260 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692410 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168e420 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=kdm,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1697ab0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168dfb0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692260 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169beb0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168dfb0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1697ab0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169beb0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692260 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=login,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1699d90 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1696400 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169bd70 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16979a0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1696400 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1699d90 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16979a0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169bd70 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=gdm-password,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692410 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168cfc0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168e430 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169be50 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168cfc0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692410 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169be50 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168e430 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=su-l,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1690770 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168e430 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1693cb0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1693d60 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168e430 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1690770 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1693d60 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1693cb0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=gdm,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169a540 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1699d90 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1696400 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1696210 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1699d90 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169a540 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1696210 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1696400 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=gssftp,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169ba20 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1690770 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16a25b0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169a540 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1690770 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169ba20 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169a540 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16a25b0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=su,cn=hbac_services,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168dfb0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169be40 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16a24b0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16a2560 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169be40 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168dfb0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16a2560 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16a24b0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [sshd]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x169e2a0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x169e2a0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [su]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [login]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168aed0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168aed0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [su-l]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [sudo]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [sudo-i]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [gdm]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16a3910 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16a3910 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [gdm-password]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [kdm]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [gssftp]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [pure-ftpd]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [proftpd]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [vsftpd]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x167d920 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167d920 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612690 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167d920 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [2] items to delete. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=Sudo,cn=hbac_servicegroups,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x167e170 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169b780 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16a3b10 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16960a0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169b780 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x167e170 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16960a0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16a3b10 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=ftp,cn=hbac_servicegroups,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1689910 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692260 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1690250 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168d540 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692260 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1689910 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168d540 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1690250 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [Sudo]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16a3c70 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166ece0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166ece0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16a3c70 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1692260 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1683800 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1683800 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1692260 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1683800 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1692260 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1692260 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1683800 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168c330 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168b820 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168b820 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168c330 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x166ece0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1683800 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1683800 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x166ece0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Found [1] items to delete. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=b919d792-d1a8-11e2-8d2a-00163e000023,cn=hbac_rules,cn=custom,cn=ipa_domain,cn=sysdb]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1689db0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x168e360 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168bc90 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x169b840 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x168e360 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1689db0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x169b840 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168bc90 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_save_list] (0x4000): Object name: [b919d792-d1a8-11e2-8d2a-00163e000023]. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x166ece0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x166ece0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x168eb00 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16a26b0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16a26b0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x168eb00 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 3) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x160fe70 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x160fe70 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_attrs_to_rule] (0x1000): Processing rule [allow_all] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_user_attrs_to_rule] (0x1000): Processing users for rule [allow_all] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_service_attrs_to_rule] (0x1000): Processing PAM services for rule [allow_all] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_thost_attrs_to_rule] (0x1000): Processing target hosts for rule [allow_all] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_get_category] (0x0200): Category is set to 'all'. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1653740 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f190 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f190 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1653740 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_eval_user_element] (0x1000): [1] groups for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [hbac_eval_user_element] (0x1000): Added group [ad_users] for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16509e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16509e0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1612690 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1653740 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1653740 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1612690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [allow_all] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, ) [Success] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1670490 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16509e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16509e0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x1670490 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sss_selinux_extract_user] (0x0040): sysdb_search_user_by_name failed. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_selinux_handler] (0x0040): Cannot create op context (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, ) [Internal Error (Systemfehler)] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sending result [0][AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler_callback] (0x0100): Sent result [0][AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=user_xy] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612120 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612120 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_get_subdomain_account_info_send] (0x0400): Initgroups requests are not handled by the IPA provider but are resolved by the responder directly from the cache. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [3][1][name=user_xy] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612120 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612120 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [ipa_get_subdomain_account_info_send] (0x0400): Initgroups requests are not handled by the IPA provider but are resolved by the responder directly from the cache. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:18 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Sending result [0][AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [3][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612120 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612120 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ipa_get_subdomain_account_info_send] (0x0400): Initgroups requests are not handled by the IPA provider but are resolved by the responder directly from the cache. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Sending result [0][AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612120 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612120 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ipa_get_subdomain_account_info_send] (0x0400): Initgroups requests are not handled by the IPA provider but are resolved by the responder directly from the cache. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [3][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612120 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612120 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ipa_get_subdomain_account_info_send] (0x0400): Initgroups requests are not handled by the IPA provider but are resolved by the responder directly from the cache. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_CLOSE_SESSION (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Sending result [0][AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [3][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612120 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612120 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [ipa_get_subdomain_account_info_send] (0x0400): Initgroups requests are not handled by the IPA provider but are resolved by the responder directly from the cache. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,95,User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 162A740 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): ruser: (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): rhost: (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[be[ipa_domain]]] [be_pam_handler] (0x0100): Sending result [0][AD_DOMAIN] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=gdm] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1612120 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x1612120 "ltdb_timeout" (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=gdm)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 35 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x162ffe0], ldap[0x163e630] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16445d0 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16505e0 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16505e0 "ltdb_timeout" (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16445d0 "ltdb_callback" (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=gdm)) (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x160fe70 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16505e0 (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16505e0 "ltdb_timeout" (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x160fe70 "ltdb_callback" (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): No such entry (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 10:00:20 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=tst] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=tst)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 36 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1652d30], ldap[0x163e630] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x160fe70 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f190 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f190 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x160fe70 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=tst)) (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16445d0 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x160fe70 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x160fe70 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16445d0 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): No such entry (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1632450 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=__other] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa_netbios,dc=fh] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=__other)(objectclass=posixAccount))][cn=accounts,dc=ipa_netbios,dc=fh]. (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 37 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[0x1652d30], ldap[0x163e630] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x16505e0 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x16445d0 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x16445d0 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x16505e0 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=__other)) (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x160fe70 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x163f190 (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Destroying timer event 0x163f190 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [ldb] (0x4000): Ending timer event 0x160fe70 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_search_groups] (0x2000): No such entry (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sysdb_delete_user] (0x0400): Error: 2 (Datei oder Verzeichnis nicht gefunden) (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: sh[0x1640b70], connected[1], ops[(nil)], ldap[0x163e630] (Fri Jun 21 10:00:21 2013) [sssd[be[ipa_domain]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Jun 21 10:00:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:00:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:00:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:00:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:00:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:01:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:01:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:01:26 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:01:36 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:01:46 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:01:56 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:02:06 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): dbus conn: 1612EA0 (Fri Jun 21 10:02:16 2013) [sssd[be[ipa_domain]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd[be[ipa_domain]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] -------------- next part -------------- (Fri Jun 21 09:58:26 2013) [sssd[nss]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Fri Jun 21 09:58:26 2013) [sssd[nss]] [confdb_get_domain_internal] (0x0400): No enumeration for [ipa_domain]! (Fri Jun 21 09:58:26 2013) [sssd[nss]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_init_connection] (0x0200): Adding connection 6BC2B0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_add_watch] (0x2000): 0x6bdf50/0x6ba6f0 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bdf50/0x6b9f80 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [monitor_common_send_id] (0x0100): Sending ID: (nss,1) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bdf50/0x6b9f80 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bdf50/0x6ba6f0 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_names_init] (0x0100): Using re [(((?P[^\\]+)\\(?P.+$))|((?P[^@]+)@(?P.+$))|(^(?P[^@\\]+)$))]. (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_init_connection] (0x0200): Adding connection 6BCBB0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_add_watch] (0x2000): 0x6bead0/0x6ba8b0 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bead0/0x6bc010 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [dp_common_send_id] (0x0100): Sending ID to DP: (1,NSS) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bd420 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bead0/0x6bc010 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bead0/0x6ba8b0 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sysdb_domain_init_internal] (0x0200): DB File for ipa_domain: /var/lib/sss/db/cache_ipa_domain.ldb (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c1560 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1610 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1610 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c1560 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bc9d0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bca80 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bca80 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bc9d0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c1630 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c16e0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c16e0 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c1630 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_process_init] (0x0400): Responder Initialization complete (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/root] to negative cache permanently (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/ipa_domain/root] to negative cache permanently (Fri Jun 21 09:58:26 2013) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell /bin/sh in /etc/shells (Fri Jun 21 09:58:26 2013) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell /bin/bash in /etc/shells (Fri Jun 21 09:58:26 2013) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell /sbin/nologin in /etc/shells (Fri Jun 21 09:58:26 2013) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell /bin/dash in /etc/shells (Fri Jun 21 09:58:26 2013) [sssd[nss]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Fri Jun 21 09:58:26 2013) [sssd[nss]] [nss_process_init] (0x0400): NSS Initialization complete (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bdf50/0x6b9f80 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bdf50/0x6ba6f0 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bead0/0x6bc010 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bead0/0x6ba8b0 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bdf50/0x6b9f80 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bdf50/0x6ba6f0 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bead0/0x6bc010 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_toggle_watch] (0x4000): 0x6bead0/0x6ba8b0 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[nss]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bd420 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:58:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[nss]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Fri Jun 21 09:58:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:58:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:36 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:58:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:46 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:58:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:56 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[1119800004] egid[1119800004] pid[8223]. (Fri Jun 21 09:58:58 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:58:58 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:58:58 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:58:58 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/1119800004] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x4339e0:domains at ipa_domain] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa_domain][not forced][] (Fri Jun 21 09:58:58 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6ba740 (Fri Jun 21 09:58:58 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x4339e0:domains at ipa_domain] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6ba740 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c88e0 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8990 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8990 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c88e0 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [process_subdomains] (0x0200): Adding subdomain [AD_DOMAIN] to the domain [ipa_domain]! (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8840 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c88f0 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c88f0 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8840 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [process_subdomains] (0x1000): Adding flat name [IPA_NETBIOS] to domain [ipa_domain]. (Fri Jun 21 09:58:59 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [1119800004 at ipa_domain] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c18c0 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6ca270 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6ca270 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c18c0 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:58:59 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0400): Returning info for uid [1119800004 at ipa_domain] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x4339e0:domains at ipa_domain] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/GID/1119800004] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [1119800004 at ipa_domain] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8840 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8960 (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8960 "ltdb_timeout" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8840 "ltdb_callback" (Fri Jun 21 09:58:59 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:58:59 2013) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0400): Returning info for gid [1119800004 at ipa_domain] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/GROUP/ipa_domain/leah] (Fri Jun 21 09:58:59 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:59:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:59:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:06 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:59:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:16 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:59:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:26 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:35 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc9d0][20] (Fri Jun 21 09:59:35 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:35 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6bc9d0][20] (Fri Jun 21 09:59:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:59:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:36 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:40 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:59:40 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:40 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [initgrCheck] (Fri Jun 21 09:59:40 2013) [sssd[nss]] [nss_memcache_initgr_check] (0x1000): Got request for [leah at ipa_domain] (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c92b0 (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9360 (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9360 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c92b0 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bec10 (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c48f0 (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c48f0 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bec10 "ltdb_callback" (Fri Jun 21 09:59:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:59:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:46 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[7868]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6caee0][20] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6caee0][20] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6caee0][20] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6caee0][20] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6caee0][20] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c88e0 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8990 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8990 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c88e0 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6caee0][20] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[1119800004] egid[1119800004] pid[8242]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bc970 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c0c90 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c0c90 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bc970 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:47 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c8840][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1119800004] pid[7920]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c0d30 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8840 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8840 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c0d30 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [initgrCheck] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [nss_memcache_initgr_check] (0x1000): Got request for [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6be090 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1e50 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1e50 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6be090 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9bf0 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6cb020 (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6cb020 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9bf0 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][21] (Fri Jun 21 09:59:47 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:47 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c03a0][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6caee0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:48 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6caee0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[2480]. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/1119800004] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [1119800004 at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bbaf0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9de0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9de0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bbaf0 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0400): Returning info for uid [1119800004 at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c1720 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c5240 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c1720 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1720 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1720 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/GID/1119800004] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [1119800004 at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9de0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bbaf0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bbaf0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9de0 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0400): Returning info for gid [1119800004 at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/GROUP/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8f50 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1720 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1720 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8f50 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c1720 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8f50 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8f50 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c1720 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be560 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be560 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be560 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be560 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be560 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be560 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be090 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be090 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be090 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be090 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be560 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be560 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be560 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be560 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be560 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be560 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bec10 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bec10 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bec10 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bec10 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bec10 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bec10 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6be7b0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6be7b0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bf230 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bf230 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [leah] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1440 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bec10 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bec10 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [leah at ipa_domain] completed (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[42] pid[8274]. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [gdm at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c1440 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c03a0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c03a0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c1440 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:3:gdm at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4099][1][name=gdm] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bb1a0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:3:gdm at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bb1a0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [gdm at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9210 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c92c0 (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c92c0 "ltdb_timeout" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9210 "ltdb_callback" (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/gdm] to negative cache (Fri Jun 21 09:59:48 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): No results for initgroups call (Fri Jun 21 09:59:48 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:3:gdm at ipa_domain] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cd860][21] (Fri Jun 21 09:59:48 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:48 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6cd860][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[42] egid[42] pid[8276]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[42] pid[8279]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8253]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [root] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/root] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [root] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [root], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:49 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:49 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[42] egid[42] pid[8318]. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/907001104] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [907001104 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8840 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8840 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:1:907001104 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4097][1][idnumber=907001104] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:1:907001104 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [907001104 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9790 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6cc910 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6cc910 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9790 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [907001104 at AD_DOMAIN] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6cc910 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c0fe0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c0fe0 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6cc910 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0400): Returning info for uid [907001104 at AD_DOMAIN] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy at ad_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:907001104 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/907001110] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [907001110 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c1bb0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9de0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9de0 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c1bb0 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:1:907001110 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4097][1][idnumber=907001110] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6ba740 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:1:907001110 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6ba740 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [907001110 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6ccb40 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6cc6e0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6cc6e0 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6ccb40 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [907001110 at AD_DOMAIN] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9de0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6ccb40 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6ccb40 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9de0 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0400): Returning info for uid [907001110 at AD_DOMAIN] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/leah at ad_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:907001110 at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:50 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[42] egid[42] pid[8299]. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'tst' matched without domain, user is tst (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [tst] from [] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/tst] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [tst at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c88e0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8f50 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8f50 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c88e0 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:1:tst at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4097][1][name=tst] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bb1a0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:1:tst at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bb1a0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/tst] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [tst at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c69c0 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c6a70 (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c6a70 "ltdb_timeout" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c69c0 "ltdb_callback" (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/tst] to negative cache (Fri Jun 21 09:59:50 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call (Fri Jun 21 09:59:50 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:tst at ipa_domain] (Fri Jun 21 09:59:50 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '__other' matched without domain, user is __other (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [__other] from [] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/__other] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [__other at ipa_domain] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c88e0 (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8f50 (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8f50 "ltdb_timeout" (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c88e0 "ltdb_callback" (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:1:__other at ipa_domain] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4097][1][name=__other] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:1:__other at ipa_domain] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/__other] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [__other at ipa_domain] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c6600 (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c66b0 (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c66b0 "ltdb_timeout" (Fri Jun 21 09:59:54 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c6600 "ltdb_callback" (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/__other] to negative cache (Fri Jun 21 09:59:54 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call (Fri Jun 21 09:59:54 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:__other at ipa_domain] (Fri Jun 21 09:59:54 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 09:59:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 09:59:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:56 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:00:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:06 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8316]. (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:11 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:11 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9a40 (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9210 (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9210 "ltdb_timeout" (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9a40 "ltdb_callback" (Fri Jun 21 10:00:11 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:11 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:11 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c92c0 (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c93e0 (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c93e0 "ltdb_timeout" (Fri Jun 21 10:00:11 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c92c0 "ltdb_callback" (Fri Jun 21 10:00:11 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:11 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:11 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:00:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:17 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c6ba0 (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8840 (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8840 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c6ba0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:17 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:17 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c98e0 (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9a00 (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9a00 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c98e0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:17 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c98e0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9a00 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9a00 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c98e0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8840 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8960 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8960 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8840 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8840 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8960 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8960 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8840 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c90a0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c6b70 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c6b70 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c90a0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8e00 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9000 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9000 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8e00 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c90a0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c70f0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c70f0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c90a0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6be090 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6ce240 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6cccf0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6ceb30 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6ce240 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6be090 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6be090 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6cebe0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6ceb30 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6cccf0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6cebe0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6be090 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [AD_DOMAIN][4099][1][name=user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6ba740 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6ba740 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 95 error message: User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_initgroups_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 95, User lookup failed Will try to return what we have in cache (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c0c90 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c88e0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c88e0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c0c90 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c90a0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c70f0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c70f0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c90a0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c90a0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c70f0 (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c70f0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c90a0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:18 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c70f0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c7210 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c7210 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c70f0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c0d30 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9000 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9000 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c0d30 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9000 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c70f0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c70f0 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9000 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9000 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c70f0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c70f0 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9000 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c70f0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c7210 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c7210 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c70f0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c70f0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c7210 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c7210 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c70f0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c0c90 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8e00 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8e00 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c0c90 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6bc970][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6bc970][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8327]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8840 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8840 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bc970 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8328]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c6b00 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c6b00 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bc970 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c71a0][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c14e0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bc970 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c14e0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c1440 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c0c90 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c0c90 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c1440 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bca20 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bca20 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bc970 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[907001104] egid[907001104] pid[8332]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bca10 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c8fc0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c8fc0 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bca10 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c8e80][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[907001104] egid[907001104] pid[8339]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at ad_domain' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c88e0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c6b00 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c6b00 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c88e0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c48f0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c0fe0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6ccb20 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6cea70 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c0fe0 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c48f0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c0680 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c0fe0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6cea70 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6ccb20 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c0fe0 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c0680 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [AD_DOMAIN][4099][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6ba740 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6ba740 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 95 error message: User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_initgroups_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 95, User lookup failed Will try to return what we have in cache (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[907001104] egid[907001104] pid[8346]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_endpwent] (0x0100): Terminating request info for all accounts (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c8840][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c7190 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c6b00 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c6b00 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c7190 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[907001104] egid[907001104] pid[8349]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9470 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bc970 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9470 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c70f0][23] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c70f0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c7210 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c7210 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c70f0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9470 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bc970 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9470 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c93d0 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bc970 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c93d0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [user_xy] from [AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/AD_DOMAIN/user_xy] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c9470 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6bc970 (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6bc970 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c9470 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Fri Jun 21 10:00:19 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c69c0][24] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c03a0][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[42] pid[8370]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [gdm at ipa_domain] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c5240 (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c1720 (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c1720 "ltdb_timeout" (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c5240 "ltdb_callback" (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:3:gdm at ipa_domain] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4099][1][name=gdm] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6be580 (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:3:gdm at ipa_domain] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6be580 (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [gdm at ipa_domain] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c94f0 (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9ad0 (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9ad0 "ltdb_timeout" (Fri Jun 21 10:00:20 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c94f0 "ltdb_callback" (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/gdm] to negative cache (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): No results for initgroups call (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:3:gdm at ipa_domain] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c0c90][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[42] egid[42] pid[8372]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][21] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[42] pid[8376]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:20 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:20 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:20 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8353]. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [root] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/root] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [root] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [root], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c0c90][22] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[42] egid[42] pid[8395]. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'tst' matched without domain, user is tst (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [tst] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/tst] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [tst at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bc970 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c70f0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c70f0 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bc970 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:1:tst at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4097][1][name=tst] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bb1a0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:1:tst at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bb1a0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/tst] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [tst at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8fe0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9090 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9090 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8fe0 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/tst] to negative cache (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:tst at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '__other' matched without domain, user is __other (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [__other] from [] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/__other] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [__other at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6bc970 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c70f0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c70f0 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6bc970 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x430590:1:__other at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][4097][1][name=__other] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x430590:1:__other at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6bd7b0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BCBB0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/__other] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [__other at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6c8fe0 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6c9090 (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x6c9090 "ltdb_timeout" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x6c8fe0 "ltdb_callback" (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/__other] to negative cache (Fri Jun 21 10:00:21 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call (Fri Jun 21 10:00:21 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:__other at ipa_domain] (Fri Jun 21 10:00:21 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c03a0][23] (Fri Jun 21 10:00:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:00:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:34 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:34 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:34 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'gdm' matched without domain, user is gdm (Fri Jun 21 10:00:34 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [gdm] from [] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/gdm] (Fri Jun 21 10:00:34 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [gdm] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:00:34 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [gdm], fail! (Fri Jun 21 10:00:34 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c8bd0][20] (Fri Jun 21 10:00:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:00:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:00:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:00:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1119800004] pid[8414]. (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [root] from [] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/root] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [root] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:01:01 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [root], fail! (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:01:01 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8427]. (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [nss_cmd_initgroups] (0x0100): Requesting info for [root] from [] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/root] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0040): User [root] does not exist in [ipa_domain]! (negative cache) (Fri Jun 21 10:01:01 2013) [sssd[nss]] [nss_cmd_initgroups_search] (0x0080): No matching domain found for [root], fail! (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c71a0][24] (Fri Jun 21 10:01:01 2013) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:01:01 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c71a0][24] (Fri Jun 21 10:01:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:01:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:01:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:20 2013) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x6c1440][21] (Fri Jun 21 10:01:20 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c1440][21] (Fri Jun 21 10:01:21 2013) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x6c0c90][22] (Fri Jun 21 10:01:21 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c0c90][22] (Fri Jun 21 10:01:21 2013) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x6c03a0][23] (Fri Jun 21 10:01:21 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c03a0][23] (Fri Jun 21 10:01:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:01:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:34 2013) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x6c8bd0][20] (Fri Jun 21 10:01:34 2013) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x6c8bd0][20] (Fri Jun 21 10:01:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:01:36 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:01:46 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:01:56 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8414]. (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:02:01 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [nss_cmd_setpwent_send] (0x0100): Received setpwent request (Fri Jun 21 10:02:01 2013) [sssd[nss]] [nss_cmd_setpwent_send] (0x0040): Enumeration disabled on all domains! (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [nss_cmd_getpwent] (0x0100): Requesting info for all accounts (Fri Jun 21 10:02:01 2013) [sssd[nss]] [nss_cmd_setpwent_send] (0x0100): Received setpwent request (Fri Jun 21 10:02:01 2013) [sssd[nss]] [nss_cmd_setpwent_send] (0x0040): Enumeration disabled on all domains! (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:01 2013) [sssd[nss]] [nss_cmd_endpwent] (0x0100): Terminating request info for all accounts (Fri Jun 21 10:02:01 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6c1440][20] (Fri Jun 21 10:02:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:02:06 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 6BC2B0 (Fri Jun 21 10:02:16 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd[nss]] [sbus_message_handler] (0x4000): Received SBUS method [ping] -------------- next part -------------- (Fri Jun 21 09:58:26 2013) [sssd[pac]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Fri Jun 21 09:58:26 2013) [sssd[pac]] [confdb_get_domain_internal] (0x0400): No enumeration for [ipa_domain]! (Fri Jun 21 09:58:26 2013) [sssd[pac]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_init_connection] (0x0200): Adding connection BDE0D0 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_add_watch] (0x2000): 0xbdf9e0/0xbdf560 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbdf9e0/0xbdcaa0 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [monitor_common_send_id] (0x0100): Sending ID: (pac,1) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_add_timeout] (0x2000): 0xbdf190 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbdf9e0/0xbdcaa0 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbdf9e0/0xbdf560 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sss_names_init] (0x0100): Using re [(((?P[^\\]+)\\(?P.+$))|((?P[^@]+)@(?P.+$))|(^(?P[^@\\]+)$))]. (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_init_connection] (0x0200): Adding connection BDDC20 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_add_watch] (0x2000): 0xbe0510/0xbdc990 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbe0510/0xbdc9e0 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [dp_common_send_id] (0x0100): Sending ID to DP: (1,PAC) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_add_timeout] (0x2000): 0xbddd60 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbe0510/0xbdc9e0 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbe0510/0xbdc990 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sysdb_domain_init_internal] (0x0200): DB File for ipa_domain: /var/lib/sss/db/cache_ipa_domain.ldb (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbe30e0 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbe3190 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbe3190 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbe30e0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbe18d0 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbe1980 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbe1980 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbe18d0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbe3110 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbe31c0 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbe31c0 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbe3110 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sss_process_init] (0x0400): Responder Initialization complete (Fri Jun 21 09:58:26 2013) [sssd[pac]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Fri Jun 21 09:58:26 2013) [sssd[pac]] [pac_process_init] (0x0400): PAC Initialization complete (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDDC20 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDDC20 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbdf9e0/0xbdcaa0 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbdf9e0/0xbdf560 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbe0510/0xbdc9e0 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbe0510/0xbdc990 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbdf9e0/0xbdcaa0 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbdf9e0/0xbdf560 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbe0510/0xbdc9e0 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_toggle_watch] (0x4000): 0xbe0510/0xbdc990 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_remove_timeout] (0x2000): 0xbdf190 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[pac]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_remove_timeout] (0x2000): 0xbddd60 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDDC20 (Fri Jun 21 09:58:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[pac]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Fri Jun 21 09:58:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:58:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:36 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:58:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:46 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:58:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:56 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:59:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:06 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:59:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:16 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:59:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:26 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:59:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:36 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:59:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:46 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 09:59:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:56 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:00:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:06 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:00:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8320]. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xbe1780][18] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 10:00:17 2013) [sssd[pac]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xbe1780][18] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xbe1780][18] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xbe1780][18] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xbe1780][18] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [responder_get_domain] (0x0040): Unknown domain [AD_NETBIOS], checking forpossible subdomains! (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41f6b0:domains at ipa_domain] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa_domain][forced][AD_NETBIOS] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sbus_add_timeout] (0x2000): 0xbdef90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41f6b0:domains at ipa_domain] (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sbus_remove_timeout] (0x2000): 0xbdef90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDDC20 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbea6a0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbea750 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbea750 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbea6a0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [process_subdomains] (0x0200): Adding subdomain [AD_DOMAIN] to the domain [ipa_domain]! (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbea310 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbea3c0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbea3c0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbea310 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [process_subdomains] (0x1000): Adding flat name [IPA_NETBIOS] to domain [ipa_domain]. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbea310 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbea3c0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbea3c0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbea310 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbe9710 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbecfa0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbecfa0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbe9710 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [new_and_cached_user_differs] (0x0400): Gecos fields differ.(Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbed7d0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbece20 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbece20 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbed7d0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbedd90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbef400 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbed1b0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbee000 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbef400 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbedd90 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xc086a0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xc08750 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbee000 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbed1b0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbed1b0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbee000 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xc08750 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xc086a0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xc08b40 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xc08f20 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbee000 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbed1b0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbed1b0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbee000 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xc08f20 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xc08b40 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbee000 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbed1b0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbea860 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbea860 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbeae90 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbea860 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeae90 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbea860 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sysdb_search_group_by_name] (0x0400): No such entry (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbec4a0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbee800 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbee800 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbec4a0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [sysdb_search_user_by_uid] (0x0400): No such entry (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbefdf0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeff10 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeff10 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbefdf0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeff10 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeff10 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbeae90 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbeff10 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeae90 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbeff10 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbea9e0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbea9e0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbeae90 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeee70 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeee70 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbeae90 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbeee70 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeae90 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbeee70 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbea9e0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeae90 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeae90 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbea9e0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [get_gids_from_pac] (0x4000): Found extra group with gid [1119800006]. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [get_gids_from_pac] (0x4000): Found extra group with gid [1119800006]. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [get_gids_from_pac] (0x4000): Found extra group with gid [907000513]. (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbea9e0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeee70 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeee70 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbea9e0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbed910 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeda30 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbef800 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbef310 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeda30 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbed910 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbefa80 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbefb30 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbef310 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbef800 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbfb830 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xc08020 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbefb30 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbefa80 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbff5e0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbfbbd0 (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xc08020 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbfb830 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbfbbd0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbff5e0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbee7e0 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbf05e0 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbf05e0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbee7e0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbec860 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbf07b0 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbf07b0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbec860 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbeed30 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbeee50 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbed910 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbed9c0 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbeee50 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbeed30 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbef9f0 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbefaa0 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbed9c0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbed910 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbfc170 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbfc220 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbefaa0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbef9f0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xbfe690 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xbfef80 (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbfc220 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbfc170 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Destroying timer event 0xbfef80 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): Ending timer event 0xbfe690 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pac]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[pac]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41f6b0:domains at ipa_domain] (Fri Jun 21 10:00:18 2013) [sssd[pac]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xbe1780][18] (Fri Jun 21 10:00:18 2013) [sssd[pac]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xbe1780][18] (Fri Jun 21 10:00:18 2013) [sssd[pac]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:18 2013) [sssd[pac]] [client_destructor] (0x2000): Terminated client [0xbe1780][18] (Fri Jun 21 10:00:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:00:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:00:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:00:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:00:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:01:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:01:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:01:26 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:01:36 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:01:46 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:01:56 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:02:06 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: BDE0D0 (Fri Jun 21 10:02:16 2013) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd[pac]] [sbus_message_handler] (0x4000): Received SBUS method [ping] -------------- next part -------------- (Fri Jun 21 09:58:26 2013) [sssd[pam]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Fri Jun 21 09:58:26 2013) [sssd[pam]] [confdb_get_domain_internal] (0x0400): No enumeration for [ipa_domain]! (Fri Jun 21 09:58:26 2013) [sssd[pam]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_init_connection] (0x0200): Adding connection 260B0F0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_add_watch] (0x2000): 0x260ca00/0x260c580 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260ca00/0x2609ac0 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [monitor_common_send_id] (0x0100): Sending ID: (pam,1) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260c1b0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260ca00/0x2609ac0 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260ca00/0x260c580 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_names_init] (0x0100): Using re [(((?P[^\\]+)\\(?P.+$))|((?P[^@]+)@(?P.+$))|(^(?P[^@\\]+)$))]. (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_init_connection] (0x0200): Adding connection 260AC40 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_add_watch] (0x2000): 0x260d530/0x26099b0 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260d530/0x2609a00 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [dp_common_send_id] (0x0100): Sending ID to DP: (1,PAM) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260d530/0x2609a00 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260d530/0x26099b0 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sysdb_domain_init_internal] (0x0200): DB File for ipa_domain: /var/lib/sss/db/cache_ipa_domain.ldb (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2610100 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x26101b0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x26101b0 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2610100 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x260e8f0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x260e9a0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x260e9a0 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x260e8f0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2610130 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x26101e0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x26101e0 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2610130 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_process_init] (0x0400): Responder Initialization complete (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa_domain/root] to negative cache permanently (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/ipa_domain/root] to negative cache permanently (Fri Jun 21 09:58:26 2013) [sssd[pam]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260ca00/0x2609ac0 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260ca00/0x260c580 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260d530/0x2609a00 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260d530/0x26099b0 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260ca00/0x2609ac0 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260ca00/0x260c580 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260d530/0x2609a00 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x260d530/0x26099b0 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260c1b0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[pam]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:58:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[pam]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Fri Jun 21 09:58:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:58:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:36 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:58:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:46 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:58:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:56 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:59:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:06 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:59:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:16 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:59:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:26 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:59:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:36 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[1119800004] egid[1119800004] pid[8230]. (Fri Jun 21 09:59:40 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:40 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Fri Jun 21 09:59:40 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 8 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:leah at ipa_domain] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][3][1][name=leah] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260c1b0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:leah at ipa_domain] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260c1b0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2617a70 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2617b90 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2617b90 "ltdb_timeout" (Fri Jun 21 09:59:40 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2617a70 "ltdb_callback" (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [leah] added to PAM initgroup cache (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 8 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x26107e0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 09:59:40 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:leah at ipa_domain] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x26107e0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ipa_domain] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2618060 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2617520 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2617520 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2618060 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 80 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt (Fri Jun 21 09:59:41 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:41 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x260f000 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x26109b0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x26109b0 "ltdb_timeout" (Fri Jun 21 09:59:41 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x260f000 "ltdb_callback" (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:59:41 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ipa_domain] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x260d2b0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x260cb40 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x260cb40 "ltdb_timeout" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x260d2b0 "ltdb_callback" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x260cb40 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x260d2b0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x260d2b0 "ltdb_timeout" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x260cb40 "ltdb_callback" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x260d2b0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x260cb40 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x260cb40 "ltdb_timeout" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x260d2b0 "ltdb_callback" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2618210 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2610990 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2610990 "ltdb_timeout" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2618210 "ltdb_callback" (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gnome-screensaver (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0.0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8230 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260d690 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260d690 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ipa_domain] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 09:59:42 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 09:59:42 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260c340][19] (Fri Jun 21 09:59:42 2013) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:42 2013) [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x260c340][19] (Fri Jun 21 09:59:45 2013) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [leah] removed from PAM initgroup cache (Fri Jun 21 09:59:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:59:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:46 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1119800004] pid[7920]. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering pam_cmd_close_session (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_CLOSE_SESSION (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7920 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa_domain][3][1][name=leah] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2610400 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2610520 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2610520 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2610400 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [leah] added to PAM initgroup cache (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_CLOSE_SESSION (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7920 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2617940 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2617940 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'leah' matched without domain, user is leah (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7920 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/ipa_domain/leah] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2618880 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x260c340 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x260c340 "ltdb_timeout" (Fri Jun 21 09:59:47 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2618880 "ltdb_callback" (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [leah at ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: ipa_domain (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): user: leah (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7920 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ipa_domain] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 09:59:47 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 09:59:47 2013) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 09:59:47 2013) [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x260f830][19] (Fri Jun 21 09:59:52 2013) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [leah] removed from PAM initgroup cache (Fri Jun 21 09:59:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 09:59:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:56 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:00:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:06 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:00:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[8316]. (Fri Jun 21 10:00:17 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Fri Jun 21 10:00:17 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Fri Jun 21 10:00:17 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_parse_in_data_v3] (0x0020): pam_parse_in_data_v2 failed. (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41e750:domains at ipa_domain] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa_domain][forced][AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41e750:domains at ipa_domain] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2618560 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2617820 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2617820 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2618560 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pam]] [process_subdomains] (0x0200): Adding subdomain [AD_DOMAIN] to the domain [ipa_domain]! (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x260c3e0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x26184c0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x26184c0 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x260c3e0 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pam]] [process_subdomains] (0x1000): Adding flat name [IPA_NETBIOS] to domain [ipa_domain]. (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 10 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2618560 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2619880 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2619880 "ltdb_timeout" (Fri Jun 21 10:00:17 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2618560 "ltdb_callback" (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is user_xy at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 10 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260dcc0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 10:00:17 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41e750:domains at ipa_domain] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260dcc0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2619580 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x261baa0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x261baa0 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2619580 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 79 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [AD_DOMAIN][3][1][name=user_xy] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 95 error message: User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 95, User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2619460 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2619580 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2619580 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2619460 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is user_xy at AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [user_xy at ad_domain] added to PAM initgroup cache (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x26183c0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x26183c0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2617cb0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x261c670 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x261c670 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2617cb0 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sysdb_search_selinux_config] (0x0400): No SELinux root entry found (Fri Jun 21 10:00:18 2013) [sssd[pam]] [process_selinux_mappings] (0x2000): No SELinux support found for the domain (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [AD_DOMAIN][3][1][name=user_xy] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260fe70 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260fe70 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 95 error message: User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 95, User lookup failed (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x261c170 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x261c290 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x261c290 "ltdb_timeout" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x261c170 "ltdb_callback" (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is user_xy at AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [user_xy at ad_domain] added to PAM initgroup cache (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260fc40 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260fc40 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][AD_DOMAIN] (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 10:00:18 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 10:00:18 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [AD_DOMAIN][3][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 95 error message: User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 95, User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2618780 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2610520 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2610520 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2618780 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [user_xy at ad_domain] added to PAM initgroup cache (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260fe70 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260fe70 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering pam_cmd_close_session (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_CLOSE_SESSION (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [AD_DOMAIN][3][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260fc40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260fc40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 95 error message: User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 95, User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x26104b0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x26105d0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x26105d0 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x26104b0 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [user_xy at ad_domain] added to PAM initgroup cache (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_CLOSE_SESSION (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260ad80 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'user_xy at AD_DOMAIN' matched expression for domain 'AD_DOMAIN', user is user_xy (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [AD_DOMAIN][3][1][name=user_xy] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260fe70 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260fe70 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 95 error message: User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 95, User lookup failed (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2618620 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x2618740 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x2618740 "ltdb_timeout" (Fri Jun 21 10:00:19 2013) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2618620 "ltdb_callback" (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [user_xy at ad_domain] added to PAM initgroup cache (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): domain: AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): user: user_xy at AD_DOMAIN (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 8316 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x260fc40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:user_xy at AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x260fc40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260AC40 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][AD_DOMAIN] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Fri Jun 21 10:00:19 2013) [sssd[pam]] [pam_reply] (0x0100): blen: 26 (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x260f830][19] (Fri Jun 21 10:00:19 2013) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Fri Jun 21 10:00:19 2013) [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x260f830][19] (Fri Jun 21 10:00:23 2013) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [user_xy at ad_domain] removed from PAM initgroup cache (Fri Jun 21 10:00:23 2013) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [user_xy at ad_domain] removed from PAM initgroup cache (Fri Jun 21 10:00:24 2013) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [user_xy at ad_domain] removed from PAM initgroup cache (Fri Jun 21 10:00:24 2013) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [user_xy at ad_domain] removed from PAM initgroup cache (Fri Jun 21 10:00:24 2013) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [user_xy at ad_domain] removed from PAM initgroup cache (Fri Jun 21 10:00:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:00:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:00:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:00:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:00:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:01:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:01:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:01:26 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:01:36 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:01:46 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:01:56 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:02:06 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 260B0F0 (Fri Jun 21 10:02:16 2013) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] -------------- next part -------------- (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [confdb_get_domain_internal] (0x0400): No enumeration for [ipa_domain]! (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_init_connection] (0x0200): Adding connection 19070D0 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_add_watch] (0x2000): 0x19089e0/0x1905ab0 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x19089e0/0x1908510 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [monitor_common_send_id] (0x0100): Sending ID: (ssh,1) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_add_timeout] (0x2000): 0x1905930 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x19089e0/0x1908510 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x19089e0/0x1905ab0 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sss_names_init] (0x0100): Using re [(((?P[^\\]+)\\(?P.+$))|((?P[^@]+)@(?P.+$))|(^(?P[^@\\]+)$))]. (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_init_connection] (0x0200): Adding connection 1907580 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_add_watch] (0x2000): 0x1908660/0x19059d0 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x1908660/0x1904f60 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [dp_common_send_id] (0x0100): Sending ID to DP: (1,SSH) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_add_timeout] (0x2000): 0x1909950 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x1908660/0x1904f60 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x1908660/0x19059d0 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sysdb_domain_init_internal] (0x0200): DB File for ipa_domain: /var/lib/sss/db/cache_ipa_domain.ldb (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x190c0c0 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x190c170 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x190c170 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Ending timer event 0x190c0c0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x19060e0 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x190a760 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x190a760 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Ending timer event 0x19060e0 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1906120 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x190c0f0 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x190c0f0 "ltdb_timeout" (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ldb] (0x4000): Ending timer event 0x1906120 "ltdb_callback" (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sss_process_init] (0x0400): Responder Initialization complete (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [ssh_process_init] (0x0400): SSH Initialization complete (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 1907580 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 1907580 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x19089e0/0x1908510 (13), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x19089e0/0x1905ab0 (13), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x1908660/0x1904f60 (14), R/- (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x1908660/0x19059d0 (14), -/W (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x19089e0/0x1908510 (13), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x19089e0/0x1905ab0 (13), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x1908660/0x1904f60 (14), R/- (enabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_toggle_watch] (0x4000): 0x1908660/0x19059d0 (14), -/W (disabled) (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_remove_timeout] (0x2000): 0x1905930 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_remove_timeout] (0x2000): 0x1909950 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 1907580 (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:26 2013) [sssd[ssh]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Fri Jun 21 09:58:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:58:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:36 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:58:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:46 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:58:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:58:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:58:56 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:59:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:06 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:59:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:16 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:59:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:26 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:59:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:36 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:59:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:46 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 09:59:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 09:59:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 09:59:56 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:00:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:06 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:00:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:16 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:00:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:26 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:00:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:36 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:00:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:46 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:00:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:00:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:00:56 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:01:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:06 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:01:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:16 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:01:26 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:26 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:01:36 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:36 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:01:46 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:46 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:01:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:01:56 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:01:56 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:02:06 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:06 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Jun 21 10:02:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 19070D0 (Fri Jun 21 10:02:16 2013) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Fri Jun 21 10:02:16 2013) [sssd[ssh]] [sbus_message_handler] (0x4000): Received SBUS method [ping] From andrew at wasielewski.co.uk Thu Jun 20 21:46:28 2013 From: andrew at wasielewski.co.uk (Andrew Wasielewski) Date: Thu, 20 Jun 2013 22:46:28 +0100 Subject: [Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified." In-Reply-To: <51C37692.6010105@redhat.com> References: <1536903.RS2MtDNbk7@localhost.localdomain> <51C37692.6010105@redhat.com> Message-ID: <152447780.n8ABSJQFa6@localhost.localdomain> Hi Rob, Thanks for the quick response. pki-ca is ver. 9.0.26, installed as a dependency by FreeIPA itself. Regards, Andrew On Thursday 20 June 2013 17:39:30 Rob Crittenden wrote: > Andrew Wasielewski wrote: > > Hello everyone, > > > > I am trying to install FreeIPA 2.2.2 on Fedora 17 (kernel > > 3.8.13-100.fc17.x86_64). Each time it fails in step 2/17 of "Configuring > > certificate server". The relevant portion of the log is appended below. > > It looks like the specific cause of the error is "Required parameter > > -client_token_name is not specified." I can't find anything on Google > > relating to this exact string so am requesting help here. > > > > All necessary package installs, DNS config etc. have been done, so there > > are no error messages during the info gathering part of the script. > > There has been no previous installation of Kerberos or any CA software. > > I did do some work with OpenLDAP to set up a user management directory - > > before I found out about FreeIPA - but that used slapd which is now > > disabled to avoid conflict with 389 Directory Server. > > > > Any advice much appreciated. > > I sure seems like the IPA installer isn't passing an option to the CA. > What version of pki-ca do you have installed? > > rob > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Jun 21 13:22:26 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 21 Jun 2013 09:22:26 -0400 Subject: [Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified." In-Reply-To: <152447780.n8ABSJQFa6@localhost.localdomain> References: <1536903.RS2MtDNbk7@localhost.localdomain> <51C37692.6010105@redhat.com> <152447780.n8ABSJQFa6@localhost.localdomain> Message-ID: <51C45392.2050604@redhat.com> Andrew Wasielewski wrote: > Hi Rob, > > Thanks for the quick response. pki-ca is ver. 9.0.26, installed as a > dependency by FreeIPA itself. It looks like the pki-ca package has added a new required option. I'll open a bug. pki-ca-9.0.25 works ok if you want to try that version. It is unfortunately not available via yum downgrade. The build is available at http://koji.fedoraproject.org/koji/buildinfo?buildID=372295 If you install the koji tool it is easier to fetch the packages: # cd /tmp # koji download-build --arch=noarch pki-core-9.0.25-1.fc17 # koji download-build --arch=x86_64 pki-core-9.0.25-1.fc17 Then force the older packages to be installed (note this is all in one line, I don't know how horribly my mail client will wrap this): # rpm -Uvh --force pki-ca-9.0.25-1.fc17.noarch.rpm pki-common-9.0.25-1.fc17.noarch.rpm pki-selinux-9.0.25-1.fc17.noarch.rpm pki-setup-9.0.25-1.fc17.noarch.rpm pki-symkey-9.0.25-1.fc17.x86_64.rpm pki-java-tools-9.0.25-1.fc17.noarch.rpm pki-util-9.0.25-1.fc17.noarch.rpm pki-native-tools-9.0.25-1.fc17.x86_64.rpm pki-silent-9.0.25-1.fc17.noarch.rpm rob From rcritten at redhat.com Fri Jun 21 13:26:36 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 21 Jun 2013 09:26:36 -0400 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <1551319.LsppMAaR0q@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <2963993.PBHqpzGtom@hosanna> <16138898.xjPubYr8y4@hosanna> <1551319.LsppMAaR0q@hosanna> Message-ID: <51C4548C.8020600@redhat.com> Joshua J. Kugler wrote: > On Wednesday, June 19, 2013 16:34:31 Joshua J. Kugler wrote: >> Check SSH connection to remote master >> Execute check on remote master >> >> Remote master check failed with following error message(s): >> bash: /usr/sbin/ipa-replica-conncheck: No such file or directory >> >> Connection check failed! >> Please fix your network settings according to error messages above. >> If the check results are not valid it can be skipped with --skip-conncheck >> parameter. > > OK, so it didn't click that it was trying to run ipa-replica-conncheck on the > other machine, and that the error message was on the other machine. > > But, skipping the connection check, I'm still getting this: > > # ipa-replica-install --setup-ca -N replica-info-ipan.lab.whamcloud.com.gpg -- > skip-conncheck > Directory Manager (existing master) password: > > ipa : CRITICAL CA DS schema check failed. Make sure the PKI service on > the remote master is operational. > > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > LDAP error: PROTOCOL_ERROR > unsupported extended operation > > I even brought over /etc/ipa/ca.crt file and did this: > > export LDAPTLS_CACERT=/etc/ipa/ca.crt; ipa-replica-install --setup-ca -N > replica-info-ipan.lab.whamcloud.com.gpg --skip-conncheck > > Same error message. > > I'm lost. Help? This is unrelated to passing in the CA certificate. We'd need to see /var/log/ipareplica-install.log to see what the LDAP error is. If you look on the remote master DS access log it may have additional information on what was requested. In 2.2 IPA and the CA each have separate 389-ds instances to store the LDAP data. They are combined in 3.1 which may be what the schema error means. What exact version is your current master and what are you trying to create a replica to? rob From rcritten at redhat.com Fri Jun 21 13:30:12 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 21 Jun 2013 09:30:12 -0400 Subject: [Freeipa-users] Trying to renew the CA cert, but NEWLY_ADDED_NEED_KEYINFO_READ_PIN In-Reply-To: <2877222.Xd1CSY2l0X@hosanna> References: <2877222.Xd1CSY2l0X@hosanna> Message-ID: <51C45564.4080601@redhat.com> Joshua J. Kugler wrote: > So, ongoing saga of a FreeIPA 2.x system with an expired cert for the CA > server: > > ca-error: Server failed request, will retry: 907 (RPC failed at server. cannot > connect to 'https://ipa0.lab.whamcloud.com:9443/ca/agent/ca/displayBySerial': > [Errno -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.). > I thought you said in a different thread that it wasn't the CA that was expired, but the tomcat cert. > Figured out that it uses the certs in /var/lib/pki-ca/alias. > > Per > > https://docs.fedoraproject.org/en%2dUS/Fedora/15/html/FreeIPA_Guide/certmonger%2dtracking%2dcerts.html > > I tried adding it to cert monger: > > # ipa-getcert start-tracking -I CAServerCert -d /var/lib/pki-ca/alias/ -n > Server-Cert -r > New tracking request "CAServerCert" added. > > But ipa-getcert list now tells me: > > Request ID 'CAServerCert': > status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN > stuck: yes > key pair storage: type=NSSDB,location='/var/lib/pki- > ca/alias',nickname='Server-Cert' > certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server- > Cert' > CA: IPA > issuer: > subject: > expires: unknown > track: yes > auto-renew: yes > > Okie dokie...where might I be able to find the PIN for the cert? I see that > the certs for httpd and slapd have a path to a pinfile, but I can't find > anything like that for the CA cert. I'm quite stuck. This expired cert, I'm > pretty sure, is what is preventing me from using this machine to migrate to a > new 3.0 machine (via replication). > > Any ideas how to get the CA cert renewed? > > I know how to generate a CSR and a cert, but I'm not sure 1) how I would add > it into the cert DB, and 2) how I can add it without invalidating all my other > certs. certmonger in F-17 doesn't know how to renew the CA-related certificates. We fixed this in the IPA 3.1 timeframe. I'm not sure if the certmonger requires dogtag 10 for this feature or not, but it may. You'll want to upgrade to 3.1+ if you can. So if it is just the tomcat cert that is expired, then for simplicity I'd set the time back on both systems (you'll need to kill ntp) to when the cert is valid and try that. I have the feeling you've already done this, but it is unclear what exactly you've tried. rob From joshua at azariah.com Fri Jun 21 18:17:26 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Fri, 21 Jun 2013 10:17:26 -0800 Subject: [Freeipa-users] Trying to renew the CA cert, but NEWLY_ADDED_NEED_KEYINFO_READ_PIN In-Reply-To: <51C45564.4080601@redhat.com> References: <2877222.Xd1CSY2l0X@hosanna> <51C45564.4080601@redhat.com> Message-ID: <2008874.ez1k462Jq5@hosanna> On Friday, June 21, 2013 09:30:12 Rob Crittenden wrote: > Joshua J. Kugler wrote: > > So, ongoing saga of a FreeIPA 2.x system with an expired cert for the CA > > server: > > > > ca-error: Server failed request, will retry: 907 (RPC failed at server. > > cannot connect to > > 'https://ipa0.lab.whamcloud.com:9443/ca/agent/ca/displayBySerial': [Errno > > -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.). > I thought you said in a different thread that it wasn't the CA that was > expired, but the tomcat cert. According to our conversation in IRC (a while back) this indicates the Tomcat cert is expired. :) The cert in /etc/ipa/ca.crt (which I assume is the actual CA cert) is good until 2019. That was why I was trying to server the tomcat Server-Cert. > > Any ideas how to get the CA cert renewed? > > > > I know how to generate a CSR and a cert, but I'm not sure 1) how I would > > add it into the cert DB, and 2) how I can add it without invalidating all > > my other certs. Sorry, I wasn't clear. Any idea how to renew the cert in /var/lib/pki- ca/alias. (Server-Cert) > certmonger in F-17 doesn't know how to renew the CA-related > certificates. We fixed this in the IPA 3.1 timeframe. I'm not sure if > the certmonger requires dogtag 10 for this feature or not, but it may. > You'll want to upgrade to 3.1+ if you can. > > So if it is just the tomcat cert that is expired, then for simplicity > I'd set the time back on both systems (you'll need to kill ntp) to when > the cert is valid and try that. I have the feeling you've already done > this, but it is unclear what exactly you've tried. Yes, I've tried setting the clock back, and that works to renew the service certs. But the cert for the Tomcat server was never added to certmonger for some reason, so it was never renewed, which means the service certs don't renew properly, which leads to our current need to get off this instance (along with the LDAP server dying after too many requests, but that's a separate issue). j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From joshua at azariah.com Fri Jun 21 18:19:51 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Fri, 21 Jun 2013 10:19:51 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C4548C.8020600@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <1551319.LsppMAaR0q@hosanna> <51C4548C.8020600@redhat.com> Message-ID: <5039973.3XYsCBOh1a@hosanna> On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote: > > export LDAPTLS_CACERT=/etc/ipa/ca.crt; ipa-replica-install --setup-ca -N > > replica-info-ipan.lab.whamcloud.com.gpg --skip-conncheck > > > > Same error message. > > > > I'm lost. Help? > > This is unrelated to passing in the CA certificate. > > We'd need to see /var/log/ipareplica-install.log to see what the LDAP > error is. If you look on the remote master DS access log it may have > additional information on what was requested. OK, I'll get that to you. > In 2.2 IPA and the CA each have separate 389-ds instances to store the > LDAP data. They are combined in 3.1 which may be what the schema error > means. > > What exact version is your current master and what are you trying to > create a replica to? I'm trying to do migration via replication (you probably knew that). The Old master is 2.0.0. The new slave is 3.1.5 (Fedora 18). j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From joshua at azariah.com Fri Jun 21 20:39:28 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Fri, 21 Jun 2013 12:39:28 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C4548C.8020600@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <1551319.LsppMAaR0q@hosanna> <51C4548C.8020600@redhat.com> Message-ID: <1392279.d0LL815NkN@hosanna> On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote: > We'd need to see /var/log/ipareplica-install.log to see what the LDAP > error is. If you look on the remote master DS access log it may have > additional information on what was requested. Logs attached. 10.10.0.50 is the new replica. No metion the new replica in the error logs. At least not that I can see. -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -------------- next part -------------- 2013-06-21T20:11:58Z DEBUG /usr/sbin/ipa-replica-install was invoked with argument "replica-info-ipan.lab.whamcloud.com.gpg" and options: {'no_forwarders': False, 'conf_ssh': True, 'setup_ca': True, 'ui_redirect': True, 'reverse_zone': None, 'trust_sshfp': False, 'unattended': False, 'setup_pkinit': True, 'no_host_dns': False, 'mkhomedir': False, 'ip_address': None, 'no_reverse': False, 'setup_dns': False, 'create_sshfp': True, 'conf_sshd': True, 'forwarders': None, 'debug': False, 'conf_ntp': False, 'skip_conncheck': True, 'skip_schema_check': False} 2013-06-21T20:11:58Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2013-06-21T20:11:58Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2013-06-21T20:11:58Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2013-06-21T20:12:10Z DEBUG Starting external process 2013-06-21T20:12:10Z DEBUG args=/usr/bin/gpg --batch --homedir /tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpi9cPa4ipa/files.tar -d replica-info-ipan.lab.whamcloud.com.gpg 2013-06-21T20:12:10Z DEBUG Process finished, return code=0 2013-06-21T20:12:10Z DEBUG stdout= 2013-06-21T20:12:10Z DEBUG stderr=gpg: WARNING: unsafe permissions on homedir `/tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg' gpg: keyring `/tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg/secring.gpg' created gpg: keyring `/tmp/tmpi9cPa4ipa/ipa-hRix5l/.gnupg/pubring.gpg' created gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase gpg: WARNING: message was not integrity protected 2013-06-21T20:12:10Z DEBUG Starting external process 2013-06-21T20:12:10Z DEBUG args=tar xf /tmp/tmpi9cPa4ipa/files.tar -C /tmp/tmpi9cPa4ipa 2013-06-21T20:12:10Z DEBUG Process finished, return code=0 2013-06-21T20:12:10Z DEBUG stdout= 2013-06-21T20:12:10Z DEBUG stderr= 2013-06-21T20:12:10Z DEBUG Installing replica file with version 0 (0 means no version in prepared file). 2013-06-21T20:12:10Z DEBUG Check if ipan.lab.whamcloud.com is a primary hostname for localhost 2013-06-21T20:12:10Z DEBUG Primary hostname for localhost: ipan.lab.whamcloud.com 2013-06-21T20:12:10Z DEBUG Search DNS for ipan.lab.whamcloud.com 2013-06-21T20:12:10Z DEBUG Check if ipan.lab.whamcloud.com is not a CNAME 2013-06-21T20:12:10Z DEBUG Check reverse address of 10.10.0.50 2013-06-21T20:12:10Z DEBUG Found reverse name: ipan.lab.whamcloud.com 2013-06-21T20:12:10Z DEBUG Check if ipa0.lab.whamcloud.com is a primary hostname for localhost 2013-06-21T20:12:10Z DEBUG Primary hostname for localhost: ipa0.lab.whamcloud.com 2013-06-21T20:12:10Z DEBUG Search DNS for ipa0.lab.whamcloud.com 2013-06-21T20:12:10Z DEBUG Check if ipa0.lab.whamcloud.com is not a CNAME 2013-06-21T20:12:10Z DEBUG Check reverse address of 10.10.0.4 2013-06-21T20:12:10Z DEBUG Found reverse name: ipa0.lab.whamcloud.com 2013-06-21T20:12:10Z DEBUG Starting external process 2013-06-21T20:12:10Z DEBUG args=/sbin/ip -family inet -oneline address show 2013-06-21T20:12:10Z DEBUG Process finished, return code=0 2013-06-21T20:12:10Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever 2: eth0 inet 10.10.0.50/16 brd 10.10.255.255 scope global eth0\ valid_lft forever preferred_lft forever 2013-06-21T20:12:10Z DEBUG stderr= 2013-06-21T20:12:10Z DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'... 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/entitle.py' 2013-06-21T20:12:10Z DEBUG skipping plugin module ipalib.plugins.entitle: No module named rhsm.connection 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py' 2013-06-21T20:12:10Z DEBUG Starting external process 2013-06-21T20:12:10Z DEBUG args=klist -V 2013-06-21T20:12:10Z DEBUG Process finished, return code=0 2013-06-21T20:12:10Z DEBUG stdout=Kerberos 5 version 1.10.3 2013-06-21T20:12:10Z DEBUG stderr= 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py' 2013-06-21T20:12:10Z DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipaserver/install/plugins'... 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/adtrust.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/baseupdate.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/fix_replica_agreements.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/rename_managed.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_anonymous_aci.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_services.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py' 2013-06-21T20:12:10Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py' 2013-06-21T20:12:11Z DEBUG ds group dirsrv exists 2013-06-21T20:12:11Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2013-06-21T20:12:11Z DEBUG Created connection context.ldap2_51326288 2013-06-21T20:12:11Z DEBUG flushing ldaps://ipa0.lab.whamcloud.com:636 from SchemaCache 2013-06-21T20:12:11Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa0.lab.whamcloud.com:636 conn= 2013-06-21T20:12:12Z DEBUG flushing ldaps://ipa0.lab.whamcloud.com from SchemaCache 2013-06-21T20:12:12Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa0.lab.whamcloud.com conn= 2013-06-21T20:12:12Z DEBUG Created connection context.ldap2 2013-06-21T20:12:12Z DEBUG Destroyed connection context.ldap2 2013-06-21T20:12:12Z DEBUG No IPA DNS servers, skipping forward/reverse resolution check 2013-06-21T20:12:12Z DEBUG Destroyed connection context.ldap2_51326288 2013-06-21T20:12:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2013-06-21T20:12:12Z DEBUG Checking if IPA schema is present in ldap://ipa0.lab.whamcloud.com:7389 2013-06-21T20:12:12Z CRITICAL CA DS schema check failed. Make sure the PKI service on the remote master is operational. 2013-06-21T20:12:12Z INFO File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 619, in run_script return_value = main_function() File "/usr/sbin/ipa-replica-install", line 640, in main cainstance.replica_ca_install_check(config, dogtag_master_ds_port) File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1725, in replica_ca_install_check connection.start_tls_s() File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 625, in start_tls_s return self.conn.start_tls_s() File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 564, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) 2013-06-21T20:12:12Z INFO The ipa-replica-install command failed, exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation', 'desc': 'Protocol error'} -------------- next part -------------- [21/Jun/2013:13:26:54 -0700] conn=24643 fd=290 slot=290 SSL connection from 10.10.0.50 to 10.10.0.4 [21/Jun/2013:13:26:54 -0700] conn=24643 SSL 256-bit AES [21/Jun/2013:13:26:54 -0700] conn=24643 op=0 BIND dn="cn=directory manager" method=128 version=3 [21/Jun/2013:13:26:54 -0700] conn=24643 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [21/Jun/2013:13:26:54 -0700] conn=24644 fd=292 slot=292 SSL connection from 10.10.0.50 to 10.10.0.4 [21/Jun/2013:13:26:54 -0700] conn=24644 SSL 256-bit AES [21/Jun/2013:13:26:54 -0700] conn=24644 op=0 BIND dn="cn=directory manager" method=128 version=3 [21/Jun/2013:13:26:54 -0700] conn=24644 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [21/Jun/2013:13:26:54 -0700] conn=24644 op=1 SRCH base="cn=config,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-directory" [21/Jun/2013:13:26:54 -0700] conn=24644 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [21/Jun/2013:13:26:54 -0700] conn=24644 op=2 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [21/Jun/2013:13:26:54 -0700] conn=24644 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [21/Jun/2013:13:26:54 -0700] conn=24643 op=1 SRCH base="cn=ipaconfig,cn=etc,dc=lab,dc=whamcloud,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [21/Jun/2013:13:26:54 -0700] conn=24643 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [21/Jun/2013:13:26:54 -0700] conn=24643 op=2 SRCH base="cn=schema" scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses" [21/Jun/2013:13:26:54 -0700] conn=24643 op=2 RESULT err=0 tag=101 nentries=1 etime=0 [21/Jun/2013:13:26:54 -0700] conn=24645 fd=293 slot=293 connection from 10.10.2.31 to 10.10.0.4 [21/Jun/2013:13:26:54 -0700] conn=24645 op=0 BIND dn="" method=128 version=3 [21/Jun/2013:13:26:54 -0700] conn=24645 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [21/Jun/2013:13:26:54 -0700] conn=24643 op=3 SRCH base="cn=computers,cn=accounts,dc=lab,dc=whamcloud,dc=com" scope=2 filter="(fqdn=ipan.lab.whamcloud.com)" attrs="distinguishedName fqdn" [21/Jun/2013:13:26:54 -0700] conn=24643 op=3 RESULT err=0 tag=101 nentries=0 etime=0 notes=U [21/Jun/2013:13:26:54 -0700] conn=24646 fd=294 slot=294 SSL connection from 10.10.0.50 to 10.10.0.4 [21/Jun/2013:13:26:54 -0700] conn=24645 op=1 SRCH base="DC=lab,DC=whamcloud,DC=com" scope=2 filter="(&(objectClass=posixAccount)(uid=root))" attrs=ALL [21/Jun/2013:13:26:54 -0700] conn=24645 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [21/Jun/2013:13:26:54 -0700] conn=24645 op=2 SRCH base="DC=lab,DC=whamcloud,DC=com" scope=2 filter="(&(objectClass=posixGroup)(memberUid=root))" attrs="gidNumber" [21/Jun/2013:13:26:54 -0700] conn=24645 op=2 RESULT err=0 tag=101 nentries=0 etime=0 notes=P [21/Jun/2013:13:26:54 -0700] conn=24645 op=-1 fd=293 closed - B1 [21/Jun/2013:13:26:54 -0700] conn=24646 SSL 256-bit AES [21/Jun/2013:13:26:54 -0700] conn=24646 op=0 BIND dn="cn=directory manager" method=128 version=3 [21/Jun/2013:13:26:54 -0700] conn=24646 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [21/Jun/2013:13:26:54 -0700] conn=24646 op=1 SRCH base="cn=masters,cn=ipa,cn=etc,dc=lab,dc=whamcloud,dc=com" scope=2 filter="(&(objectClass=ipaConfigObject)(cn=DNS))" attrs=ALL [21/Jun/2013:13:26:54 -0700] conn=24646 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [21/Jun/2013:13:26:54 -0700] conn=24646 op=2 UNBIND [21/Jun/2013:13:26:54 -0700] conn=24646 op=2 fd=294 closed - U1 [21/Jun/2013:13:26:54 -0700] conn=24643 op=4 SRCH base="cn=meToipan.lab.whamcloud.com,cn=replica,cn=dc\3Dlab\2Cdc\3Dwhamcloud\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=0 filter="(objectClass=*)" attrs="* aci" [21/Jun/2013:13:26:54 -0700] conn=24643 op=4 RESULT err=32 tag=101 nentries=0 etime=0 [21/Jun/2013:13:26:54 -0700] conn=24643 op=5 UNBIND [21/Jun/2013:13:26:54 -0700] conn=24643 op=5 fd=290 closed - U1 [21/Jun/2013:13:26:54 -0700] conn=24644 op=3 UNBIND [21/Jun/2013:13:26:54 -0700] conn=24644 op=3 fd=292 closed - U1 -------------- next part -------------- [21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from 10.10.0.50 to 10.10.0.4 [21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037" [21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120 nentries=0 etime=0 [21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND From rmeggins at redhat.com Fri Jun 21 20:46:50 2013 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 21 Jun 2013 14:46:50 -0600 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <1392279.d0LL815NkN@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <1551319.LsppMAaR0q@hosanna> <51C4548C.8020600@redhat.com> <1392279.d0LL815NkN@hosanna> Message-ID: <51C4BBBA.7050806@redhat.com> On 06/21/2013 02:39 PM, Joshua J. Kugler wrote: > On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote: >> We'd need to see /var/log/ipareplica-install.log to see what the LDAP >> error is. If you look on the remote master DS access log it may have >> additional information on what was requested. > Logs attached. > > 10.10.0.50 is the new replica. > > No metion the new replica in the error logs. At least not that I can see. 2013-06-21T20:12:12Z INFO The ipa-replica-install command failed, exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation', 'desc': 'Protocol error'} This is from here: slapd-PKI-CA.access.log [21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from 10.10.0.50 to 10.10.0.4 [21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037" [21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120 nentries=0 etime=0 [21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND The server cannot respond to the startTLS request - which means the server has not been configured for TLS/SSL. > > > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua at azariah.com Fri Jun 21 20:50:56 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Fri, 21 Jun 2013 12:50:56 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C4BBBA.7050806@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <1392279.d0LL815NkN@hosanna> <51C4BBBA.7050806@redhat.com> Message-ID: <4172037.WTlXy0U1HB@hosanna> On Friday, June 21, 2013 14:46:50 Rich Megginson wrote: > On 06/21/2013 02:39 PM, Joshua J. Kugler wrote: > > On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote: > >> We'd need to see /var/log/ipareplica-install.log to see what the LDAP > >> error is. If you look on the remote master DS access log it may have > >> additional information on what was requested. > > > > Logs attached. > > > > 10.10.0.50 is the new replica. > > > > No metion the new replica in the error logs. At least not that I can see. > > 2013-06-21T20:12:12Z INFO The ipa-replica-install command failed, > exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation', > 'desc': 'Protocol error'} > > This is from here: > > slapd-PKI-CA.access.log > [21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from > 10.10.0.50 to 10.10.0.4 > [21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037" > [21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120 > nentries=0 etime=0 > [21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND > > The server cannot respond to the startTLS request - which means the > server has not been configured for TLS/SSL. Thanks for the quick reply! OK...the system was set up (I assume, I wasn't here) with the standard ipa- server-install script(s). So, it would seem that it didn't configure the PKI- CA slapd to use SSL? Are there docs on doing that after the fact? Including creating the SSL certs, and configuring the slapd server to use them. Being the same host, could i use the same certs as are in use by the slapd-LAB- WHAMCLOUD-LAB server? Do you know, off hand, the config file I would need to tweak to put those settings in place? j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From rmeggins at redhat.com Fri Jun 21 20:54:16 2013 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 21 Jun 2013 14:54:16 -0600 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <4172037.WTlXy0U1HB@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <1392279.d0LL815NkN@hosanna> <51C4BBBA.7050806@redhat.com> <4172037.WTlXy0U1HB@hosanna> Message-ID: <51C4BD78.8030607@redhat.com> On 06/21/2013 02:50 PM, Joshua J. Kugler wrote: > On Friday, June 21, 2013 14:46:50 Rich Megginson wrote: >> On 06/21/2013 02:39 PM, Joshua J. Kugler wrote: >>> On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote: >>>> We'd need to see /var/log/ipareplica-install.log to see what the LDAP >>>> error is. If you look on the remote master DS access log it may have >>>> additional information on what was requested. >>> Logs attached. >>> >>> 10.10.0.50 is the new replica. >>> >>> No metion the new replica in the error logs. At least not that I can see. >> 2013-06-21T20:12:12Z INFO The ipa-replica-install command failed, >> exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation', >> 'desc': 'Protocol error'} >> >> This is from here: >> >> slapd-PKI-CA.access.log >> [21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from >> 10.10.0.50 to 10.10.0.4 >> [21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037" >> [21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120 >> nentries=0 etime=0 >> [21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND >> >> The server cannot respond to the startTLS request - which means the >> server has not been configured for TLS/SSL. > Thanks for the quick reply! > > OK...the system was set up (I assume, I wasn't here) with the standard ipa- > server-install script(s). So, it would seem that it didn't configure the PKI- > CA slapd to use SSL? Are there docs on doing that after the fact? Including > creating the SSL certs, and configuring the slapd server to use them. Being > the same host, could i use the same certs as are in use by the slapd-LAB- > WHAMCLOUD-LAB server? Do you know, off hand, the config file I would need to > tweak to put those settings in place? > > j > I don't know. Maybe one of the ipa or certsys guys can answer. From rcritten at redhat.com Fri Jun 21 21:17:52 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 21 Jun 2013 17:17:52 -0400 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <4172037.WTlXy0U1HB@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <1392279.d0LL815NkN@hosanna> <51C4BBBA.7050806@redhat.com> <4172037.WTlXy0U1HB@hosanna> Message-ID: <51C4C300.8000607@redhat.com> Joshua J. Kugler wrote: > On Friday, June 21, 2013 14:46:50 Rich Megginson wrote: >> On 06/21/2013 02:39 PM, Joshua J. Kugler wrote: >>> On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote: >>>> We'd need to see /var/log/ipareplica-install.log to see what the LDAP >>>> error is. If you look on the remote master DS access log it may have >>>> additional information on what was requested. >>> >>> Logs attached. >>> >>> 10.10.0.50 is the new replica. >>> >>> No metion the new replica in the error logs. At least not that I can see. >> >> 2013-06-21T20:12:12Z INFO The ipa-replica-install command failed, >> exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation', >> 'desc': 'Protocol error'} >> >> This is from here: >> >> slapd-PKI-CA.access.log >> [21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from >> 10.10.0.50 to 10.10.0.4 >> [21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037" >> [21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120 >> nentries=0 etime=0 >> [21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND >> >> The server cannot respond to the startTLS request - which means the >> server has not been configured for TLS/SSL. > > Thanks for the quick reply! > > OK...the system was set up (I assume, I wasn't here) with the standard ipa- > server-install script(s). So, it would seem that it didn't configure the PKI- > CA slapd to use SSL? Are there docs on doing that after the fact? Including > creating the SSL certs, and configuring the slapd server to use them. Being > the same host, could i use the same certs as are in use by the slapd-LAB- > WHAMCLOUD-LAB server? Do you know, off hand, the config file I would need to > tweak to put those settings in place? > > j > That doesn't make any sense. Did you disable SSL? You can see the settings with: # grep nsslapd-secur /etc/dirsrv/slapd-PKI-IPA/dse.ldif It's possible that this cert is expired too, can you check that? rob From joshua at azariah.com Fri Jun 21 21:25:24 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Fri, 21 Jun 2013 13:25:24 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C4C300.8000607@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <4172037.WTlXy0U1HB@hosanna> <51C4C300.8000607@redhat.com> Message-ID: <1829539.odXBIQhuBv@hosanna> > That doesn't make any sense. Did you disable SSL? > > You can see the settings with: > > # grep nsslapd-secur /etc/dirsrv/slapd-PKI-IPA/dse.ldif > > It's possible that this cert is expired too, can you check that? [root at ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI- IPA/dse.ldif [root at ipa0 slapd-PKI-IPA]# So, it apparently is not in there at all. There are a couple dse.ldif backup configs in that dir, but nothing in them either. In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see: nsslapd-security: on of course. j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From joshua at azariah.com Sat Jun 22 19:37:03 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Sat, 22 Jun 2013 11:37:03 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <1829539.odXBIQhuBv@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <51C4C300.8000607@redhat.com> <1829539.odXBIQhuBv@hosanna> Message-ID: <17164045.doxWQXrZ7s@hosanna> On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote: > [root at ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI- > IPA/dse.ldif > [root at ipa0 slapd-PKI-IPA]# > > So, it apparently is not in there at all. There are a couple dse.ldif > backup configs in that dir, but nothing in them either. > > In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see: > > nsslapd-security: on > > of course. Further investigation. In the dse.ldif for slapd-PKI-CA, there is: nsslapd-certdir: /etc/dirsrv/slapd-PKI-IPA There is a cert8.db and key3.db file in there. However: root at ipa0 slapd-PKI-IPA]# certutil -d ./ -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI [root at ipa0 slapd-PKI-IPA]# Apparently no certs. The cert for slapd-LAB-WHAMCLOUD-COM has this info: issuer: CN=Certificate Authority,O=LAB.WHAMCLOUD.COM subject: CN=ipa0.lab.whamcloud.com,O=LAB.WHAMCLOUD.COM Since it's the same hostname, could I just copy the db files from there into /etc/dirsrv/slapd-PKI-CA? j -- Joshua J. Kugler -- Fairbanks, AK Blogs: http://jjncj.com/blog/ (Family) -- http://joshuakugler.com (Geek) Every knee shall bow, and every tongue confess, in heaven, on earth, and under the earth, that Jesus Christ is LORD From joshua at azariah.com Sat Jun 22 19:37:24 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Sat, 22 Jun 2013 11:37:24 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <1829539.odXBIQhuBv@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <51C4C300.8000607@redhat.com> <1829539.odXBIQhuBv@hosanna> Message-ID: <9884921.ekZ8118jpq@hosanna> On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote: > [root at ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI- > IPA/dse.ldif > [root at ipa0 slapd-PKI-IPA]# > > So, it apparently is not in there at all. There are a couple dse.ldif > backup configs in that dir, but nothing in them either. > > In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see: > > nsslapd-security: on So, I copied the cert8.db, key3.db, secmod.db and pin.txt and pwdfile.txt from /etc/dirsrv/slapd-LAB-WHAMCLOUD-COM to /etc/dirsrv/slapd-PKI-CA. I edited PKI-CA's dse.ldif to include nsslapd-security: on but when I try to start it, I get: # /etc/init.d/dirsrv start PKI-IPA Starting dirsrv: PKI-IPA...[21/Jun/2013:15:50:17 -0700] createprlistensockets - PR_Bind() on All Interfaces port 636 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.) [FAILED] *** Warning: 1 instance(s) failed to start I see that the PKI-CA is listening on 7389, and has these lines in its config: nsslapd-port: 7389 nsslapd-referral: ldap://ipa1.lab.whamcloud.com:7389/o%3Dipaca nsDS5ReplicaPort: 7389 nsds50ruv: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 4d48c6ad00000061000 nsds50ruv: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 4d48c6cb00000060000 nsruvReplicaLastModified: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 0000 nsruvReplicaLastModified: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 0000 nsDS5ReplicaPort: 7389 Is there a way to 1) set it to listen on 7636 for ldaps or 2) Enable TLS without having it try to listen on 636? I see that the LAB-WHAMCLOUD-COM dse.ldif also contains this: nsusestarttls: off So I don't know if TLS connections will work there either. Still trying to figure this out... j From deanhunter at comcast.net Mon Jun 24 03:20:28 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Sun, 23 Jun 2013 22:20:28 -0500 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? Message-ID: <1372044028.2811.2.camel@developer.hunter.org> Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? -------------- next part -------------- An HTML attachment was scrubbed... URL: From freeipa at noboost.org Mon Jun 24 04:18:28 2013 From: freeipa at noboost.org (freeipa at noboost.org) Date: Mon, 24 Jun 2013 14:18:28 +1000 Subject: [Freeipa-users] SSL Private Key? Message-ID: <20130624041828.GA4938@noboost.org> Hi, ipa-client-3.0.0-26.el6_4.4.x86_64 * When the IPA client is initally installed does anyone know where the SSL private key is kept on an IPA client PC? Regards, Craig From sbingram at gmail.com Mon Jun 24 04:55:02 2013 From: sbingram at gmail.com (Stephen Ingram) Date: Sun, 23 Jun 2013 21:55:02 -0700 Subject: [Freeipa-users] SSL Private Key? In-Reply-To: <20130624041828.GA4938@noboost.org> References: <20130624041828.GA4938@noboost.org> Message-ID: On Sun, Jun 23, 2013 at 9:18 PM, wrote: > > ipa-client-3.0.0-26.el6_4.4.x86_64 > > * When the IPA client is initally installed does anyone know where the SSL > private key is kept on an IPA client PC? > IPA uses NSS by default for SSL. The private key is stored in the NSS database in /etc/pki/nssdb. You can list the key with: certutil -d /etc/pki/nssdb/ -K Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: From abokovoy at redhat.com Mon Jun 24 06:07:30 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 24 Jun 2013 09:07:30 +0300 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <1372044028.2811.2.camel@developer.hunter.org> References: <1372044028.2811.2.camel@developer.hunter.org> Message-ID: <20130624060730.GA6776@redhat.com> On Sun, 23 Jun 2013, Dean Hunter wrote: >Section 14.4. Applying the Configured sudo Policies to Hosts of the >FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains >only an example of configuring sudo for use with FreeIPA 2.2. It differs >in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at >fedoraproject.org. > >What instructions should I use to configure an IPA 3.1.5-1 client with >sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf -- / Alexander Bokovoy From aborrero at cica.es Mon Jun 24 09:14:33 2013 From: aborrero at cica.es (Arturo Borrero) Date: Mon, 24 Jun 2013 11:14:33 +0200 Subject: [Freeipa-users] Updating the WebUI user form Message-ID: <51C80DF9.4050005@cica.es> Hi there, I've configured FreeIPA to add an objectClass to user when they are created (e.g. eduPerson). We are strongly using the eduPerson schema to store several attributes we need in our REN (research & education network...) environment. So, for us, Its mandatory that the WebUI forms are updated to show those eduPerson attributes (like eduPersonEntitlement). We want to use the WebUI rather than other tools like ApacheDirectoryStudio. Also, we want some default values for those eduPerson attributes. I'm wondering if it is possible, and how. I see the cn=ipaconfig,cn=etc subtree, but I think it has nothing to do with this. This is the docs references i'm using: http://www.freeipa.org/page/Documentation http://www.freeipa.org/page/HowTos https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html Best regards -- Arturo Borrero Gonz?lez Departamento de Seguridad Inform?tica (nis at cica.es) Centro Inform?tico Cient?fico de Andaluc?a (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / FAX: +34 955 056 650 Consejer?a de Econom?a, Innovaci?n, Ciencia y Empleo Junta de Andaluc?a -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3072 bytes Desc: S/MIME Cryptographic Signature URL: From fvzwieten at vxcompany.com Mon Jun 24 09:50:56 2013 From: fvzwieten at vxcompany.com (Fred van Zwieten) Date: Mon, 24 Jun 2013 11:50:56 +0200 Subject: [Freeipa-users] How to create readonly on all IPA data Message-ID: Hi there, We have implemented IPA. We need to give someone in our org a read-only account on all IPA data. So, internal IPA data, user, groups, hosts, dns, etc. All So I want to create a role "Auditor". But then I must build privs and permissions. What would be the simplest/best way to do this? Fred Seeing, contrary to popular wisdom, isn?t believing. It?s where belief stops, because it isn?t needed any more.. (Terry Pratchett) -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at karasik.org Mon Jun 24 10:44:09 2013 From: linux at karasik.org (Vitaly) Date: Mon, 24 Jun 2013 13:44:09 +0300 Subject: [Freeipa-users] Is there a simple way to use IPA just as a LDAP server for users accounts? Message-ID: Is there a simple way to use IPA server just as a LDAP server for users account (including password policy)? I was able to configure pam_ldap client to use IPA users accounts, but not password policy. TIA, Vitaly -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew at wasielewski.co.uk Fri Jun 21 22:44:50 2013 From: andrew at wasielewski.co.uk (Andrew Wasielewski) Date: Fri, 21 Jun 2013 23:44:50 +0100 Subject: [Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified." In-Reply-To: <51C45392.2050604@redhat.com> References: <1536903.RS2MtDNbk7@localhost.localdomain> <152447780.n8ABSJQFa6@localhost.localdomain> <51C45392.2050604@redhat.com> Message-ID: <1969859.7dsK8BqGl3@localhost.localdomain> Hi Rob, Thanks for this. All worked fine with downgrading to 9.0.25 and FreeIPA install completed successfully. My /etc/krb5.conf file had got somewhat mangled, presumably by the earlier fun & games, but I managed to fix that. Now got the FreeIPA web UI running... :-D Thanks for the info about koji. I had come across it before, but never used it as a package source. Looks a useful way of downgrading packages when necessary. I am still just "practicing" with FreeIPA etc. before rebuilding the server for real, so let me know if I can help with testing any fix for the root cause issue. Regards, Andrew On Friday 21 June 2013 09:22:26 Rob Crittenden wrote: > Andrew Wasielewski wrote: > > Hi Rob, > > > > Thanks for the quick response. pki-ca is ver. 9.0.26, installed as a > > dependency by FreeIPA itself. > > It looks like the pki-ca package has added a new required option. I'll > open a bug. > > pki-ca-9.0.25 works ok if you want to try that version. It is > unfortunately not available via yum downgrade. > > The build is available at > http://koji.fedoraproject.org/koji/buildinfo?buildID=372295 > > If you install the koji tool it is easier to fetch the packages: > > # cd /tmp > # koji download-build --arch=noarch pki-core-9.0.25-1.fc17 > # koji download-build --arch=x86_64 pki-core-9.0.25-1.fc17 > > Then force the older packages to be installed (note this is all in one > line, I don't know how horribly my mail client will wrap this): > > # rpm -Uvh --force pki-ca-9.0.25-1.fc17.noarch.rpm > pki-common-9.0.25-1.fc17.noarch.rpm > pki-selinux-9.0.25-1.fc17.noarch.rpm pki-setup-9.0.25-1.fc17.noarch.rpm > pki-symkey-9.0.25-1.fc17.x86_64.rpm > pki-java-tools-9.0.25-1.fc17.noarch.rpm > pki-util-9.0.25-1.fc17.noarch.rpm > pki-native-tools-9.0.25-1.fc17.x86_64.rpm > pki-silent-9.0.25-1.fc17.noarch.rpm > > rob > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Mon Jun 24 13:11:19 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 24 Jun 2013 09:11:19 -0400 Subject: [Freeipa-users] Is there a simple way to use IPA just as a LDAP server for users accounts? In-Reply-To: References: Message-ID: <51C84577.1060505@redhat.com> Vitaly wrote: > Is there a simple way to use IPA server just as a LDAP server for users > account (including password policy)? > I was able to configure pam_ldap client to use IPA users accounts, but > not password policy. IPA doesn't use the 389-ds password policy, if that's what you're asking. It does support its own password policies though, see the pwpolicy commands: ipa help pwpolicy rob From rcritten at redhat.com Mon Jun 24 13:12:12 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 24 Jun 2013 09:12:12 -0400 Subject: [Freeipa-users] How to create readonly on all IPA data In-Reply-To: References: Message-ID: <51C845AC.7050509@redhat.com> Fred van Zwieten wrote: > Hi there, > > We have implemented IPA. We need to give someone in our org a read-only > account on all IPA data. So, internal IPA data, user, groups, hosts, > dns, etc. All > > So I want to create a role "Auditor". But then I must build privs and > permissions. What would be the simplest/best way to do this? Any authenticated user should be able to read most anything, except for passwords. rob From linux at karasik.org Mon Jun 24 13:28:49 2013 From: linux at karasik.org (Vitaly) Date: Mon, 24 Jun 2013 16:28:49 +0300 Subject: [Freeipa-users] Is there a simple way to use IPA just as a LDAP server for users accounts? In-Reply-To: <51C84577.1060505@redhat.com> References: <51C84577.1060505@redhat.com> Message-ID: Thank you for clarification - it's exactly what I missed! For some reason I was sure that IPA policy is DS password policy. On Mon, Jun 24, 2013 at 4:11 PM, Rob Crittenden wrote: > Vitaly wrote: > >> Is there a simple way to use IPA server just as a LDAP server for users >> account (including password policy)? >> I was able to configure pam_ldap client to use IPA users accounts, but >> not password policy. >> > > IPA doesn't use the 389-ds password policy, if that's what you're asking. > > It does support its own password policies though, see the pwpolicy > commands: ipa help pwpolicy > > rob > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From deanhunter at comcast.net Mon Jun 24 12:52:11 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Mon, 24 Jun 2013 07:52:11 -0500 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <20130624060730.GA6776@redhat.com> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> Message-ID: <1372078331.2811.9.camel@developer.hunter.org> On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: > On Sun, 23 Jun 2013, Dean Hunter wrote: > >Section 14.4. Applying the Configured sudo Policies to Hosts of the > >FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains > >only an example of configuring sudo for use with FreeIPA 2.2. It differs > >in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at > >fedoraproject.org. > > > >What instructions should I use to configure an IPA 3.1.5-1 client with > >sudo? > This thread should clear it up: > https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html > > This presentation covers current state: > http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > Thank you for the prompt response! I really appreciate how helpful y'all are on this list. The slide presentation is especially useful because of all the explanation. Have you identified a target release for: 1) SSSD doesn't support FreeIPA as SUDO provider yet 2) A command line tool to preform the client configuration Thank you again for your help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Mon Jun 24 13:36:53 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 24 Jun 2013 09:36:53 -0400 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <1372078331.2811.9.camel@developer.hunter.org> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> Message-ID: <51C84B75.9090505@redhat.com> Dean Hunter wrote: > On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: >> On Sun, 23 Jun 2013, Dean Hunter wrote: >> >Section 14.4. Applying the Configured sudo Policies to Hosts of the >> >FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains >> >only an example of configuring sudo for use with FreeIPA 2.2. It differs >> >in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at >> >fedoraproject.org. >> > >> >What instructions should I use to configure an IPA 3.1.5-1 client with >> >sudo? >> This thread should clear it up: >> https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html >> >> This presentation covers current state: >> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf >> > Thank you for the prompt response! I really appreciate how helpful > y'all are on this list. The slide presentation is especially useful > because of all the explanation. Have you identified a target release for: > > 1) SSSD doesn't support FreeIPA as SUDO provider yet To clarify, this is just to make SSSD use the native IPA schema instead of ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 > 2) A command line tool to preform the client configuration https://fedorahosted.org/freeipa/ticket/3358 rob From abokovoy at redhat.com Mon Jun 24 13:42:13 2013 From: abokovoy at redhat.com (Alexander Bokovoy) Date: Mon, 24 Jun 2013 16:42:13 +0300 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <1372078331.2811.9.camel@developer.hunter.org> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> Message-ID: <20130624134213.GD6776@redhat.com> On Mon, 24 Jun 2013, Dean Hunter wrote: >On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: > >> On Sun, 23 Jun 2013, Dean Hunter wrote: >> >Section 14.4. Applying the Configured sudo Policies to Hosts of the >> >FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains >> >only an example of configuring sudo for use with FreeIPA 2.2. It differs >> >in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at >> >fedoraproject.org. >> > >> >What instructions should I use to configure an IPA 3.1.5-1 client with >> >sudo? >> This thread should clear it up: >> https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html >> >> This presentation covers current state: >> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf >> > >Thank you for the prompt response! I really appreciate how helpful >y'all are on this list. The slide presentation is especially useful >because of all the explanation. Have you identified a target release >for: > > 1) SSSD doesn't support FreeIPA as SUDO provider yet > 2) A command line tool to preform the client configuration > >Thank you again for your help. We are working on (2) for FreeIPA 3.3 for producing client configuration advisories out of existing server configuration in the case of suggesting configurations of older clients. Look at freeipa-devel@ where we are discussing ipa-advise tool if you are interested. As for (1), it is part of SSSD work so I'd defer that answer to SSSD experts ;) -- / Alexander Bokovoy From rcritten at redhat.com Mon Jun 24 13:44:19 2013 From: rcritten at redhat.com (Rob Crittenden) Date: Mon, 24 Jun 2013 09:44:19 -0400 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <9884921.ekZ8118jpq@hosanna> References: <2973063.rlmeuNKcsR@hosanna> <51C4C300.8000607@redhat.com> <1829539.odXBIQhuBv@hosanna> <9884921.ekZ8118jpq@hosanna> Message-ID: <51C84D33.8040601@redhat.com> Joshua J. Kugler wrote: > On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote: >> [root at ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI- >> IPA/dse.ldif >> [root at ipa0 slapd-PKI-IPA]# >> >> So, it apparently is not in there at all. There are a couple dse.ldif >> backup configs in that dir, but nothing in them either. >> >> In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see: >> >> nsslapd-security: on > > So, I copied the cert8.db, key3.db, secmod.db and pin.txt and pwdfile.txt from > /etc/dirsrv/slapd-LAB-WHAMCLOUD-COM to /etc/dirsrv/slapd-PKI-CA. > > I edited PKI-CA's dse.ldif to include > > nsslapd-security: on > > but when I try to start it, I get: > > # /etc/init.d/dirsrv start PKI-IPA > Starting dirsrv: > PKI-IPA...[21/Jun/2013:15:50:17 -0700] createprlistensockets - PR_Bind() > on All Interfaces port 636 failed: Netscape Portable Runtime error -5982 > (Local Network address is in use.) > [FAILED] > *** Warning: 1 instance(s) failed to start > > I see that the PKI-CA is listening on 7389, and has these lines in its config: > > nsslapd-port: 7389 > nsslapd-referral: ldap://ipa1.lab.whamcloud.com:7389/o%3Dipaca > nsDS5ReplicaPort: 7389 > nsds50ruv: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 4d48c6ad00000061000 > nsds50ruv: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 4d48c6cb00000060000 > nsruvReplicaLastModified: {replica 97 ldap://ipa1.lab.whamcloud.com:7389} 0000 > nsruvReplicaLastModified: {replica 96 ldap://ipa0.lab.whamcloud.com:7389} 0000 > nsDS5ReplicaPort: 7389 > > Is there a way to > > 1) set it to listen on 7636 for ldaps > or > 2) Enable TLS without having it try to listen on 636? > > I see that the LAB-WHAMCLOUD-COM dse.ldif also contains this: > > nsusestarttls: off > > > So I don't know if TLS connections will work there either. > > Still trying to figure this out... It's really confusing how you ended up with a CA DS instance configured without SSL. I'd definitely snapshot this machine before doing any more changes. In any case, by default we configure port 7390 for SSL. StartTLS shouldn't be needed. You may also need to set nsSSL3Ciphers. And you need to create an entry: cn=RSA,cn=encryption,cn=config objectclass=top objectclass=nsEncryptionModule cn=RSA nsSSLPersonalitySSL=Server-Cert nsSSLToken=internal (software) nsSSLActivation=on rob From pvoborni at redhat.com Mon Jun 24 13:56:14 2013 From: pvoborni at redhat.com (Petr Vobornik) Date: Mon, 24 Jun 2013 15:56:14 +0200 Subject: [Freeipa-users] Updating the WebUI user form In-Reply-To: <51C80DF9.4050005@cica.es> References: <51C80DF9.4050005@cica.es> Message-ID: <51C84FFE.2000005@redhat.com> On 06/24/2013 11:14 AM, Arturo Borrero wrote: > Hi there, > > I've configured FreeIPA to add an objectClass to user when they are > created (e.g. eduPerson). > > We are strongly using the eduPerson schema to store several attributes > we need in our REN (research & education network...) environment. > So, for us, Its mandatory that the WebUI forms are updated to show those > eduPerson attributes (like eduPersonEntitlement). We want to use the > WebUI rather than other tools like ApacheDirectoryStudio. > > Also, we want some default values for those eduPerson attributes. > > I'm wondering if it is possible, and how. > > I see the cn=ipaconfig,cn=etc subtree, but I think it has nothing to do > with this. > > This is the docs references i'm using: > http://www.freeipa.org/page/Documentation > http://www.freeipa.org/page/HowTos > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html > > > Best regards > Hello, depends on FreeIPA version. Since version 3.2 there is much better Web UI plugin support[1]. It's quite new so the documentation is rather poor and WIP[2], but improving it is on my todo list. There are some examples of plugins on devel-list[3]. The easiest way, prior to version 3.2, is probably editing the Web UI source code located in /usr/share/ipa/ui. Use this method at your own risk. One can add a user field by following these steps: 1. open user.js 2. find details facet fields array 3. add new item a. it can be a single string which matches the ldap attribute name ie. 'cn' b. or an object with more information: { name: 'ldap_attr_name', label: 'My label', tooltip: 'Help text', required: true } Adder dialog can be altered in similar fashion. Default values are better handled in server plugins. Plugin creation is described in extension guide[4]. [1] http://www.freeipa.org/page/V3/WebUI_plugins [2] http://pvoborni.fedorapeople.org/doc/ [3] http://www.redhat.com/archives/freeipa-devel/2013-April/msg00423.html [4] http://abbra.fedorapeople.org/guide.html#sec-4 -- Petr Vobornik From pspacek at redhat.com Mon Jun 24 15:10:48 2013 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 24 Jun 2013 17:10:48 +0200 Subject: [Freeipa-users] How to create readonly on all IPA data In-Reply-To: <51C845AC.7050509@redhat.com> References: <51C845AC.7050509@redhat.com> Message-ID: <51C86178.3060409@redhat.com> On 24.6.2013 15:12, Rob Crittenden wrote: > Fred van Zwieten wrote: >> Hi there, >> >> We have implemented IPA. We need to give someone in our org a read-only >> account on all IPA data. So, internal IPA data, user, groups, hosts, >> dns, etc. All >> >> So I want to create a role "Auditor". But then I must build privs and >> permissions. What would be the simplest/best way to do this? > > Any authenticated user should be able to read most anything, except for > passwords. Also DNS sub-tree is not accessible for normal users. -- Petr^2 Spacek From linux at karasik.org Mon Jun 24 18:32:45 2013 From: linux at karasik.org (Vitaly) Date: Mon, 24 Jun 2013 21:32:45 +0300 Subject: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem In-Reply-To: References: <51C1E02F.9020406@redhat.com> Message-ID: Sorry for probably stupid question, but if in general ipaclient.staging.example.com host may be a member in prod.example.com domain? On Thu, Jun 20, 2013 at 10:34 AM, Vitaly wrote: > >Is KDC resolvable from the client? > yes, there is DNS resolving for "serv02.prod.example.com" on client. > > >Do you have an AD DNS that might be actually serving records? > no, I don't AD DNS for prod.example.com > >What version of the client and what OS are you using? > > On the client: > ipa-client-2.0-10.el5_6.1 > Red Hat Enterprise Linux Server release 5.6 (Tikanga) > > On IPA server : > > ipa-pki-common-theme-9.0.3-7.el6.noarch > > ipa-pki-ca-theme-9.0.3-7.el6.noarch > > libipa_hbac-1.5.1-66.el6_2.3.x86_64 > > libipa_hbac-python-1.5.1-66.el6_2.3.x86_64 > > ipa-python-2.1.3-9.el6.x86_64 > > ipa-client-2.1.3-9.el6.x86_64 > > ipa-server-selinux-2.1.3-9.el6.x86_64 > > ipa-admintools-2.1.3-9.el6.x86_64 > > ipa-server-2.1.3-9.el6.x86_64 > > Red Hat Enterprise Linux Server release 6.2 (Santiago) > > Thank you, > Vitaly > > > On Wed, Jun 19, 2013 at 7:45 PM, Dmitri Pal wrote: > > On 06/19/2013 10:32 AM, Vitaly wrote: > > > > > > ipa-client-install fails with "Cannot resolve network address for KDC" > > message. > > I don't have SRV records, but I provide IPA server name via "--server" > > param. > > any ideas? > > > > TIA, > > Vitaly > > > > 2013-06-19 13:58:39,113 DEBUG Loading Index file from > > '/var/lib/ipa-client/sysrestore/sysrestore.index' > > 2013-06-19 13:58:39,113 DEBUG [ipacheckldap] > > 2013-06-19 13:58:39,113 DEBUG Init ldap with: > > ldap://serv02.prod.example.com:389 > > 2013-06-19 13:58:39,193 DEBUG Search rootdse > > 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in > > dc=prod,dc=example,dc=com(base) > > 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', > > {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', > > 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': > > ['prod.example.com'], 'dc': ['prod'], 'nisDomain': ['prod.example.com > ']})] > > 2013-06-19 13:58:39,272 DEBUG Search for (objectClass=krbRealmContainer) > in > > dc=prod,dc=example,dc=com(sub) > > 2013-06-19 13:58:39,313 DEBUG Found: > > [('cn=PROD.EXAMPLE.COM,cn=kerberos,dc=prod,dc=example,dc=com', > > {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': ['PROD.EXAMPLE.COM > '], > > 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', > > 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', > > 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], > > 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', > > 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', > > 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', > > 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', > > 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], > > 'krbMaxRenewableAge': ['604800']})] > > 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit > > vm4.stage.example.com at PROD.EXAMPLE.COM > > 2013-06-19 13:58:52,032 INFO stdout= > > 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network > > address for KDC in realm PROD.EXAMPLE.COM while getting initial > credentials > > > > 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy > > 2013-06-19 13:58:52,065 INFO stdout= > > 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache found > > while destroying cache > > ~ > > ~ > > ~ > > ~ > > ~ > > ~ > > ~ > > > > > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > > Is KDC resolvable from the client? > > > > -- > > Thank you, > > Dmitri Pal > > > > Sr. Engineering Manager for IdM portfolio > > Red Hat Inc. > > > > > > ------------------------------- > > Looking to carve out IT costs? > > www.redhat.com/carveoutcosts/ > > > > > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From william.muriithi at gmail.com Mon Jun 24 22:35:06 2013 From: william.muriithi at gmail.com (William Muriithi) Date: Mon, 24 Jun 2013 18:35:06 -0400 Subject: [Freeipa-users] Anyone tried to authenticate Jenkins user through freeIPA? Message-ID: Hello all, I have been struggling to get jenkins authenticating through FreeIPA and it seem this is currently not possible. The problem is, jenkins is not capable of using Kerberos as far as I can tell. Also, I am not sure FreeIPA can authenticate directly through LDAP, as far as I understand, LDAP is only used for authorization and authentication is through kerberos. I am planning to set up apache and run it as reverse proxy for Jenkins as a work around. Would this be the best way forward or would anyone know of a better way around this? I have noticed that the FreeIPA project uses jenkins, how have you guys got around this? Thanks in advance. Regards, William -------------- next part -------------- An HTML attachment was scrubbed... URL: From justin.brown at fandingo.org Mon Jun 24 23:01:02 2013 From: justin.brown at fandingo.org (Justin Brown) Date: Mon, 24 Jun 2013 18:01:02 -0500 Subject: [Freeipa-users] Anyone tried to authenticate Jenkins user through freeIPA? In-Reply-To: References: Message-ID: William, I am no FreeIPA expert, but I did find some instructions for configuring LDAP with Zimbra for FreeIPA. http://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA Have you tried something similar? Regards, Justin On Mon, Jun 24, 2013 at 5:35 PM, William Muriithi < william.muriithi at gmail.com> wrote: > Hello all, > > I have been struggling to get jenkins authenticating through FreeIPA and > it seem this is currently not possible. The problem is, jenkins is not > capable of using Kerberos as far as I can tell. Also, I am not sure FreeIPA > can authenticate directly through LDAP, as far as I understand, LDAP is > only used for authorization and authentication is through kerberos. > > I am planning to set up apache and run it as reverse proxy for Jenkins as > a work around. Would this be the best way forward or would anyone know of a > better way around this? I have noticed that the FreeIPA project uses > jenkins, how have you guys got around this? > > Thanks in advance. > > Regards, > > William > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mbarr at snap-interactive.com Mon Jun 24 23:59:55 2013 From: mbarr at snap-interactive.com (Matthew Barr) Date: Mon, 24 Jun 2013 16:59:55 -0700 Subject: [Freeipa-users] Anyone tried to authenticate Jenkins user through freeIPA? In-Reply-To: References: Message-ID: I've done it before, you can use LDAP auth, vs kerberos. It works just fine :) Matthew Barr Technical Architect E: mbarr at snap-interactive.com AIM: matthewbarr1 c: (646) 727-0535 On Jun 24, 2013, at 3:35 PM, William Muriithi wrote: > Hello all, > > I have been struggling to get jenkins authenticating through FreeIPA and it seem this is currently not possible. The problem is, jenkins is not capable of using Kerberos as far as I can tell. Also, I am not sure FreeIPA can authenticate directly through LDAP, as far as I understand, LDAP is only used for authorization and authentication is through kerberos. > > I am planning to set up apache and run it as reverse proxy for Jenkins as a work around. Would this be the best way forward or would anyone know of a better way around this? I have noticed that the FreeIPA project uses jenkins, how have you guys got around this? > > Thanks in advance. > > Regards, > > William > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcholast at redhat.com Tue Jun 25 06:46:24 2013 From: jcholast at redhat.com (Jan Cholasta) Date: Tue, 25 Jun 2013 08:46:24 +0200 Subject: [Freeipa-users] GlobalKnownHostsFile changes produce unexpected behavior In-Reply-To: References: Message-ID: <51C93CC0.4070908@redhat.com> On 19.6.2013 21:36, Matthew Barr wrote: > This may need to be passed upstream to the SSH maintainers or openssh > folks, but: > (Centos 6.4, ipa-client 3.0.0-26, openssh-5.3p1-84.1 ) > > IPA (sssd) when installed is to modify the /etc/ssh/ssh_config file, by > adding (at least) a line : > > GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts > > Default behavior of SSH when that isn't present is to check both > /etc/ssh/ssh_known_hosts2 & /etc/ssh/ssh_known_hosts for keys. This is > documented in the ssh_config man page. > > > However, when the line is present with the sssd change, the OS only > checks for /etc/ssh/ssh_known_hosts2, plus the file in /var/lib/sss. I don't think it checks /etc/ssh/ssh_known_hosts2, since the GlobalKnownHostsFile2 option was deprecated in OpenSSH 5.9, unless of course you have an older version of OpenSSH installed. > > It still checks for both $HOME/.ssh/known_hosts & > $HOME/.ssh/known_hosts, either way. (that's controlled by a different > option.) > > > Should IPA / SSSD be adding back in the default value, until such time > as it's fixed in the upstream? I'm not sure I understand, what do you think should be fixed? Honza -- Jan Cholasta From aborrero at cica.es Tue Jun 25 08:16:32 2013 From: aborrero at cica.es (Arturo Borrero) Date: Tue, 25 Jun 2013 10:16:32 +0200 Subject: [Freeipa-users] Updating the WebUI user form In-Reply-To: <51C84FFE.2000005@redhat.com> References: <51C80DF9.4050005@cica.es> <51C84FFE.2000005@redhat.com> Message-ID: <51C951E0.6060205@cica.es> On 24/06/13 15:56, Petr Vobornik wrote: > Hello, > > depends on FreeIPA version. Since version 3.2 there is much better Web > UI plugin support[1]. It's quite new so the documentation is rather > poor and WIP[2], but improving it is on my todo list. There are some > examples of plugins on devel-list[3]. > > The easiest way, prior to version 3.2, is probably editing the Web UI > source code located in /usr/share/ipa/ui. Use this method at your own > risk. Hi, thanks for your helpful response. we are using ipa-server-3.0.0-26.el6_4.2. I will try to update to 3.2, since is not a production environment yet. I will come back to you with the result of our work in the plugins direction. Regards -- Arturo Borrero Gonz?lez Departamento de Seguridad Inform?tica (nis at cica.es) Centro Inform?tico Cient?fico de Andaluc?a (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / FAX: +34 955 056 650 Consejer?a de Econom?a, Innovaci?n, Ciencia y Empleo Junta de Andaluc?a -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3072 bytes Desc: S/MIME Cryptographic Signature URL: From mkosek at redhat.com Tue Jun 25 09:52:36 2013 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 25 Jun 2013 11:52:36 +0200 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <51C84B75.9090505@redhat.com> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> <51C84B75.9090505@redhat.com> Message-ID: <51C96864.6080807@redhat.com> On 06/24/2013 03:36 PM, Rob Crittenden wrote: > Dean Hunter wrote: >> On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: >>> On Sun, 23 Jun 2013, Dean Hunter wrote: >>> >Section 14.4. Applying the Configured sudo Policies to Hosts of the >>> >FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains >>> >only an example of configuring sudo for use with FreeIPA 2.2. It differs >>> >in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at >>> >fedoraproject.org. >>> > >>> >What instructions should I use to configure an IPA 3.1.5-1 client with >>> >sudo? >>> This thread should clear it up: >>> https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html >>> >>> This presentation covers current state: >>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf >>> >> Thank you for the prompt response! I really appreciate how helpful >> y'all are on this list. The slide presentation is especially useful >> because of all the explanation. Have you identified a target release for: >> >> 1) SSSD doesn't support FreeIPA as SUDO provider yet > > To clarify, this is just to make SSSD use the native IPA schema instead of > ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 Right. When talking about SUDO being able to select SSSD as a source database (instead of the native LDAP connection), this works already - SSSD reads ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains steps how to configure it manually): https://fedorahosted.org/freeipa/ticket/3358 > >> 2) A command line tool to preform the client configuration > > https://fedorahosted.org/freeipa/ticket/3358 > > rob > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From mkosek at redhat.com Tue Jun 25 10:09:50 2013 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 25 Jun 2013 12:09:50 +0200 Subject: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem In-Reply-To: References: <51C1E02F.9020406@redhat.com> Message-ID: <51C96C6E.3050203@redhat.com> On 06/24/2013 08:32 PM, Vitaly wrote: > Sorry for probably stupid question, but if in general > ipaclient.staging.example.com > host may be a member in prod.example.com > domain? Sure, you just need to have properly configured /etc/krb5.conf (namely [domain_realm] mapping) and /etc/sssd/sssd.conf to look up the clients in this domain. I tested this with freeipa-client-3.1.4-1.fc18.x86_64, ipa-client-install does that for you: # hostname client.example.com # ipa-client-install --domain ipa.domain.test Discovery was successful! Hostname: client.example.com Realm: IPA.DOMAIN.TEST DNS Domain: ipa.domain.test IPA Server: server1.ipa.domain.test BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com Continue to configure the system with these values? [no]: y User authorized to enroll computers: admin Synchronizing time with KDC... Password for admin at IPA.DOMAIN.TEST: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=IPA.DOMAIN.TEST Issuer: CN=Certificate Authority,O=IPA.DOMAIN.TEST Valid From: Wed Jun 19 20:11:11 2013 UTC Valid Until: Sun Jun 19 20:11:11 2033 UTC Enrolled in IPA realm IPA.DOMAIN.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm IPA.DOMAIN.TEST trying https://server1.ipa.domain.test/ipa/xml Hostname (client.example.com) not found in DNS Failed to update DNS records. Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Forwarding 'host_mod' to server 'https://server1.ipa.domain.test/ipa/xml' Could not update DNS SSHFP records. SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete. # cat /etc/sssd/sssd.conf [domain/ipa.domain.test] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipa.domain.test id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = client.example.com chpass_provider = ipa ipa_server = _srv_, server1.ipa.domain.test dns_discovery_domain = ipa.domain.test [sssd] services = nss, pam, ssh config_file_version = 2 domains = ipa.domain.test [nss] [pam] [sudo] [autofs] [ssh] [pac] # cat /etc/krb5.conf #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = IPA.DOMAIN.TEST dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] IPA.DOMAIN.TEST = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .ipa.domain.test = IPA.DOMAIN.TEST ipa.domain.test = IPA.DOMAIN.TEST .example.com = IPA.DOMAIN.TEST example.com = IPA.DOMAIN.TEST HTH, Martin > > > On Thu, Jun 20, 2013 at 10:34 AM, Vitaly > wrote: > > >Is KDC resolvable from the client? > yes, there is DNS resolving for "serv02.prod.example.com > " on client. > > >Do you have an AD DNS that might be actually serving records? > no, I don't AD DNS for prod.example.com > >What version of the client and what OS are you using? > > On the client: > ipa-client-2.0-10.el5_6.1 > Red Hat Enterprise Linux Server release 5.6 (Tikanga) > > On IPA server : > > ipa-pki-common-theme-9.0.3-7.el6.noarch > > ipa-pki-ca-theme-9.0.3-7.el6.noarch > > libipa_hbac-1.5.1-66.el6_2.3.x86_64 > > libipa_hbac-python-1.5.1-66.el6_2.3.x86_64 > > ipa-python-2.1.3-9.el6.x86_64 > > ipa-client-2.1.3-9.el6.x86_64 > > ipa-server-selinux-2.1.3-9.el6.x86_64 > > ipa-admintools-2.1.3-9.el6.x86_64 > > ipa-server-2.1.3-9.el6.x86_64 > > Red Hat Enterprise Linux Server release 6.2 (Santiago) > > Thank you, > Vitaly > > > On Wed, Jun 19, 2013 at 7:45 PM, Dmitri Pal > wrote: > > On 06/19/2013 10:32 AM, Vitaly wrote: > > > > > > ipa-client-install fails with "Cannot resolve network address for KDC" > > message. > > I don't have SRV records, but I provide IPA server name via "--server" > > param. > > any ideas? > > > > TIA, > > Vitaly > > > > 2013-06-19 13:58:39,113 DEBUG Loading Index file from > > '/var/lib/ipa-client/sysrestore/sysrestore.index' > > 2013-06-19 13:58:39,113 DEBUG [ipacheckldap] > > 2013-06-19 13:58:39,113 DEBUG Init ldap with: > > ldap://serv02.prod.example.com:389 > > 2013-06-19 13:58:39,193 DEBUG Search rootdse > > 2013-06-19 13:58:39,233 DEBUG Search for (info=*) in > > dc=prod,dc=example,dc=com(base) > > 2013-06-19 13:58:39,272 DEBUG Found: [('dc=prod,dc=example,dc=com', > > {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', > > 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': > > ['prod.example.com '], 'dc': ['prod'], > 'nisDomain': ['prod.example.com ']})] > > 2013-06-19 13:58:39,272 DEBUG Search for (objectClass=krbRealmContainer) in > > dc=prod,dc=example,dc=com(sub) > > 2013-06-19 13:58:39,313 DEBUG Found: > > [('cn=PROD.EXAMPLE.COM > ,cn=kerberos,dc=prod,dc=example,dc=com', > > {'krbSubTrees': ['dc=prod,dc=example,dc=com'], 'cn': ['PROD.EXAMPLE.COM > '], > > 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', > > 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', > > 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], > > 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', > > 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', > > 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', > > 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', > > 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], > > 'krbMaxRenewableAge': ['604800']})] > > 2013-06-19 13:58:52,031 INFO args=/usr/kerberos/bin/kinit > > vm4.stage.example.com at PROD.EXAMPLE.COM > > > 2013-06-19 13:58:52,032 INFO stdout= > > 2013-06-19 13:58:52,032 INFO stderr=kinit(v5): Cannot resolve network > > address for KDC in realm PROD.EXAMPLE.COM while > getting initial credentials > > > > 2013-06-19 13:58:52,065 INFO args=/usr/kerberos/bin/kdestroy > > 2013-06-19 13:58:52,065 INFO stdout= > > 2013-06-19 13:58:52,065 INFO stderr=kdestroy: No credentials cache found > > while destroying cache > > ~ > > ~ > > ~ > > ~ > > ~ > > ~ > > ~ > > > > > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > > Is KDC resolvable from the client? > > > > -- > > Thank you, > > Dmitri Pal > > > > Sr. Engineering Manager for IdM portfolio > > Red Hat Inc. > > > > > > ------------------------------- > > Looking to carve out IT costs? > > www.redhat.com/carveoutcosts/ > > > > > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > From pspacek at redhat.com Tue Jun 25 11:38:14 2013 From: pspacek at redhat.com (Petr Spacek) Date: Tue, 25 Jun 2013 13:38:14 +0200 Subject: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem In-Reply-To: <51C96C6E.3050203@redhat.com> References: <51C1E02F.9020406@redhat.com> <51C96C6E.3050203@redhat.com> Message-ID: <51C98126.50906@redhat.com> On 25.6.2013 12:09, Martin Kosek wrote: > Sure, you just need to have properly configured /etc/krb5.conf (namely > [domain_realm] mapping) and /etc/sssd/sssd.conf to look up the clients in this > domain. You don't need to configure [domain_realm] mapping manually if you have proper TXT records in DNS && /etc/krb5.conf contains this: dns_lookup_realm = true dns_lookup_kdc = true -- Petr^2 Spacek From deanhunter at comcast.net Tue Jun 25 13:56:55 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Tue, 25 Jun 2013 08:56:55 -0500 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <51C96864.6080807@redhat.com> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> <51C84B75.9090505@redhat.com> <51C96864.6080807@redhat.com> Message-ID: <1372168615.1715.9.camel@developer.hunter.org> Yay, It works! Once I thumb finger the configuration files correctly. May I request that y'all start alphabetizing entries where sequence is not important so that it is easier for humans to find a single entry: [dean at desktop ~]$ sudo cat /etc/sssd/sssd.conf [sudo] password for dean: [sssd] config_file_version = 2 domains = hunter.org services = autofs, nss, pam, ssh, sudo [domain/hunter.org] access_provider = ipa auth_provider = ipa autofs_provider = ipa cache_credentials = True chpass_provider = ipa id_provider = ipa ipa_automount_location = VM ipa_domain = hunter.org ipa_dyndns_update = True ipa_hostname = desktop.hunter.org ipa_server = _srv_, ipa.hunter.org krb5_store_password_if_offline = True ldap_tls_cacert = /etc/ipa/ca.crt # For the SUDO integration krb5_server = ipa.hunter.org ldap_sasl_authid = host/desktop.hunter.org ldap_sasl_mech = GSSAPI ldap_sasl_realm = HUNTER.ORG ldap_sudo_search_base = ou=sudoers,dc=hunter,dc=org ldap_uri = ldap://ipa.hunter.org sudo_provider = ldap [autofs] [nss] [pac] [pam] [ssh] [sudo] [dean at desktop ~]$ -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Tue Jun 25 14:31:45 2013 From: pspacek at redhat.com (Petr Spacek) Date: Tue, 25 Jun 2013 16:31:45 +0200 Subject: [Freeipa-users] [Freeipa-devel] Announcing bind-dyndb-ldap version 3.4 Message-ID: <51C9A9D1.9050909@redhat.com> The FreeIPA team is proud to announce bind-dyndb-ldap version 3.4. It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/. The new version has also been built for Fedora 19 and and is on its way to updates-testing: https://admin.fedoraproject.org/updates/bind-dyndb-ldap-3.4-1.fc19 This release includes one fix. == Changes in 3.4 == [1] Crash during BIND shutdown caused by race condition in update processing was fixed. == Upgrading == An server can be upgraded simply by installing updated rpms. BIND has to be restarted manually after the RPM installation. You will need to clean up configuration file /etc/named.conf if your configuration contains typos or other unsupported options. Downgrading back to any 2.x version is supported under following conditions: - new object class idnsForwardZone is not utilized - record types not supported by 2.x versions are not utilized - configured connection count is >= 3 (to prevent deadlocks in 2.x releases) == Important change planned for 4.0 release == Configurations with and without persistent search are now deprecated. Support for 'zone_refresh' and 'psearch' options will be removed in 4.0 release. Bind-dyndb-ldap 4.0 will require LDAP server with support for RFC 4533. == Feedback == Please provide comments, bugs and other feedback via the freeipa-users mailing list: http://www.redhat.com/mailman/listinfo/freeipa-users -- Petr Spacek Software engineer Red Hat From mkosek at redhat.com Tue Jun 25 16:07:36 2013 From: mkosek at redhat.com (Martin Kosek) Date: Tue, 25 Jun 2013 18:07:36 +0200 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! Message-ID: <51C9C048.5070106@redhat.com> Hello, The FreeIPA Team has published a User Guide for FreeIPA 3.1.x series introduced in Fedora 18: http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.html Big thanks to Deon Lackey who was the main contributor for this docs! On a side note, FreeIPA team is in process of re-considering and improving our user/development documentation and I am just curious - are FreeIPA users well aware of this documentation, do you use it frequently when you seek FreeIPA related information? Any ideas for improvements? Do you want to continue us to release this guide frequently with FreeIPA releases? For sake of future, we are also considering releasing this User Guide right during FreeIPA release, in a special subpackage (e.g. freeipa-docs). Thanks for any feedback. -- Martin Kosek Supervisor, Software Engineering - Identity Management Team Red Hat Inc. From andrew.tranquada at mailtrust.com Tue Jun 25 19:10:22 2013 From: andrew.tranquada at mailtrust.com (Andrew Tranquada) Date: Tue, 25 Jun 2013 19:10:22 +0000 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: <51C9C048.5070106@redhat.com> Message-ID: I am aware of the documentation and have found it invaluable so far, one of the better documented projects out there. Personally, I would love this guide released frequently and really like the idea of having the documentation in a sub package. Thanks!!! On 6/25/13 12:07 PM, "Martin Kosek" wrote: >Hello, > >The FreeIPA Team has published a User Guide for FreeIPA 3.1.x series >introduced >in Fedora 18: > >http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.htm >l > >Big thanks to Deon Lackey who was the main contributor for this docs! > >On a side note, FreeIPA team is in process of re-considering and >improving our >user/development documentation and I am just curious - are FreeIPA users >well >aware of this documentation, do you use it frequently when you seek >FreeIPA >related information? Any ideas for improvements? > >Do you want to continue us to release this guide frequently with FreeIPA >releases? For sake of future, we are also considering releasing this User >Guide >right during FreeIPA release, in a special subpackage (e.g. freeipa-docs). > >Thanks for any feedback. > >-- >Martin Kosek >Supervisor, Software Engineering - Identity Management Team >Red Hat Inc. > >_______________________________________________ >Freeipa-users mailing list >Freeipa-users at redhat.com >https://www.redhat.com/mailman/listinfo/freeipa-users From justin.brown at fandingo.org Tue Jun 25 20:12:35 2013 From: justin.brown at fandingo.org (Justin Brown) Date: Tue, 25 Jun 2013 15:12:35 -0500 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: References: <51C9C048.5070106@redhat.com> Message-ID: I'm also a big fan of the documentation and reference it frequently. I know that documentation is not release notes, but it would be nice to have some relation between the two. Two ideas: * If the docs are released at the same time as the software, the release notes should include links to the relevant sections of the documentation. * For particularly large features, it may make sense to put a *temporary* note that feature X is new in version Y (and the note would be removed in Z or Z+1). The second idea is taken from Python's documentation and how they do an excellent job of specifying when certain features were added. Now, FreeIPA doesn't have near the varying number of versions and legacy environments that a programming language has. That's why I wouldn't want tags like "added in 2.1.0" still hanging around. Lastly, the documentation needs some release notes of it's own. The document change history isn't that useful. Two ideas: * A better "what's new in the docs" page that specifically links to new sections. * Asterisks or some other markup on the table of contents that mark links that have substantively changed. A user browsing the table of contents may become interested in checking out a new feature since she knows that the typical high-quality FreeIPA documentation is right there to help. How would the freeipa-docs package work? PDFs in a directory or would they be accessible from my FreeIPA web interface? I would definitely be interested in the package if its the later. Otherwise, I'll probably stick to the Fedora Docs website. Excellent work. Thanks Deon and company. Lastly, Fedora 19 is nigh upon us. Time to dive right back into the fire. Cheers, Justin On Tue, Jun 25, 2013 at 2:10 PM, Andrew Tranquada < andrew.tranquada at mailtrust.com> wrote: > I am aware of the documentation and have found it invaluable so far, one > of the better documented projects out there. > Personally, I would love this guide released frequently and really like > the idea of having the documentation in a sub package. > > Thanks!!! > > > > > > > On 6/25/13 12:07 PM, "Martin Kosek" wrote: > > >Hello, > > > >The FreeIPA Team has published a User Guide for FreeIPA 3.1.x series > >introduced > >in Fedora 18: > > > > > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.htm > >l > > > >Big thanks to Deon Lackey who was the main contributor for this docs! > > > >On a side note, FreeIPA team is in process of re-considering and > >improving our > >user/development documentation and I am just curious - are FreeIPA users > >well > >aware of this documentation, do you use it frequently when you seek > >FreeIPA > >related information? Any ideas for improvements? > > > >Do you want to continue us to release this guide frequently with FreeIPA > >releases? For sake of future, we are also considering releasing this User > >Guide > >right during FreeIPA release, in a special subpackage (e.g. freeipa-docs). > > > >Thanks for any feedback. > > > >-- > >Martin Kosek > >Supervisor, Software Engineering - Identity Management Team > >Red Hat Inc. > > > >_______________________________________________ > >Freeipa-users mailing list > >Freeipa-users at redhat.com > >https://www.redhat.com/mailman/listinfo/freeipa-users > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From JR.Aquino at citrix.com Tue Jun 25 20:19:11 2013 From: JR.Aquino at citrix.com (JR Aquino) Date: Tue, 25 Jun 2013 20:19:11 +0000 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <51C96864.6080807@redhat.com> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> <51C84B75.9090505@redhat.com> <51C96864.6080807@redhat.com> Message-ID: <66FF4FD9-447C-4FE3-ADF8-81F303848A82@citrixonline.com> On Jun 25, 2013, at 2:52 AM, Martin Kosek wrote: > On 06/24/2013 03:36 PM, Rob Crittenden wrote: >> Dean Hunter wrote: >>> On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: >>>> On Sun, 23 Jun 2013, Dean Hunter wrote: >>>>> Section 14.4. Applying the Configured sudo Policies to Hosts of the >>>>> FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains >>>>> only an example of configuring sudo for use with FreeIPA 2.2. It differs >>>>> in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at >>>>> fedoraproject.org. >>>>> >>>>> What instructions should I use to configure an IPA 3.1.5-1 client with >>>>> sudo? >>>> This thread should clear it up: >>>> https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html >>>> >>>> This presentation covers current state: >>>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf >>>> >>> Thank you for the prompt response! I really appreciate how helpful >>> y'all are on this list. The slide presentation is especially useful >>> because of all the explanation. Have you identified a target release for: >>> >>> 1) SSSD doesn't support FreeIPA as SUDO provider yet >> >> To clarify, this is just to make SSSD use the native IPA schema instead of >> ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 > > Right. When talking about SUDO being able to select SSSD as a source database > (instead of the native LDAP connection), this works already - SSSD reads > ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains > steps how to configure it manually): Is there a specific version of Sudo that supports nsswitch.conf having: sudo sss? Is that version of Sudo available on RHEL? > > https://fedorahosted.org/freeipa/ticket/3358 > >> >>> 2) A command line tool to preform the client configuration >> >> https://fedorahosted.org/freeipa/ticket/3358 >> >> rob >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From jhrozek at redhat.com Tue Jun 25 20:34:36 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 25 Jun 2013 22:34:36 +0200 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <66FF4FD9-447C-4FE3-ADF8-81F303848A82@citrixonline.com> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> <51C84B75.9090505@redhat.com> <51C96864.6080807@redhat.com> <66FF4FD9-447C-4FE3-ADF8-81F303848A82@citrixonline.com> Message-ID: <20130625203436.GP10208@hendrix.redhat.com> On Tue, Jun 25, 2013 at 08:19:11PM +0000, JR Aquino wrote: > On Jun 25, 2013, at 2:52 AM, Martin Kosek > wrote: > > > On 06/24/2013 03:36 PM, Rob Crittenden wrote: > >> Dean Hunter wrote: > >>> On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: > >>>> On Sun, 23 Jun 2013, Dean Hunter wrote: > >>>>> Section 14.4. Applying the Configured sudo Policies to Hosts of the > >>>>> FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains > >>>>> only an example of configuring sudo for use with FreeIPA 2.2. It differs > >>>>> in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at > >>>>> fedoraproject.org. > >>>>> > >>>>> What instructions should I use to configure an IPA 3.1.5-1 client with > >>>>> sudo? > >>>> This thread should clear it up: > >>>> https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html > >>>> > >>>> This presentation covers current state: > >>>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > >>>> > >>> Thank you for the prompt response! I really appreciate how helpful > >>> y'all are on this list. The slide presentation is especially useful > >>> because of all the explanation. Have you identified a target release for: > >>> > >>> 1) SSSD doesn't support FreeIPA as SUDO provider yet > >> > >> To clarify, this is just to make SSSD use the native IPA schema instead of > >> ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 > > > > Right. When talking about SUDO being able to select SSSD as a source database > > (instead of the native LDAP connection), this works already - SSSD reads > > ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains > > steps how to configure it manually): > > Is there a specific version of Sudo that supports nsswitch.conf having: sudo sss? When speaking of sudo upstream, the first version where the sudo support landed was 1.8.6b4 > > Is that version of Sudo available on RHEL? In 6.4 it is. From jhrozek at redhat.com Tue Jun 25 20:39:12 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 25 Jun 2013 22:39:12 +0200 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <1372168615.1715.9.camel@developer.hunter.org> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> <51C84B75.9090505@redhat.com> <51C96864.6080807@redhat.com> <1372168615.1715.9.camel@developer.hunter.org> Message-ID: <20130625203912.GQ10208@hendrix.redhat.com> On Tue, Jun 25, 2013 at 08:56:55AM -0500, Dean Hunter wrote: > Yay, It works! Once I thumb finger the configuration files correctly. > > May I request that y'all start alphabetizing entries where sequence is > not important so that it is easier for humans to find a single entry: > > [dean at desktop ~]$ sudo cat /etc/sssd/sssd.conf > [sudo] password for dean: > [sssd] > config_file_version = 2 > domains = hunter.org > services = autofs, nss, pam, ssh, sudo > > [domain/hunter.org] > access_provider = ipa > auth_provider = ipa > autofs_provider = ipa > cache_credentials = True > chpass_provider = ipa > id_provider = ipa > ipa_automount_location = VM > ipa_domain = hunter.org > ipa_dyndns_update = True > ipa_hostname = desktop.hunter.org > ipa_server = _srv_, ipa.hunter.org > krb5_store_password_if_offline = True > ldap_tls_cacert = /etc/ipa/ca.crt > The above is fairly generic (and correct) IPA provider configuration as produced by ipa-client-install... > # For the SUDO integration > krb5_server = ipa.hunter.org > ldap_sasl_authid = host/desktop.hunter.org > ldap_sasl_mech = GSSAPI > ldap_sasl_realm = HUNTER.ORG > ldap_sudo_search_base = ou=sudoers,dc=hunter,dc=org > ldap_uri = ldap://ipa.hunter.org > sudo_provider = ldap ..and the section above is a workaround to make SSSD prior to 1.10 download the sudo rules from IPA correctly. You won't be needing that part starting with SSSD 1.10 as we made that the default for "sudo_provider = ipa". I'm glad the sudo integration works for you now! From jhrozek at redhat.com Tue Jun 25 20:40:02 2013 From: jhrozek at redhat.com (Jakub Hrozek) Date: Tue, 25 Jun 2013 22:40:02 +0200 Subject: [Freeipa-users] Configure IPA 3.1.5 client for sudo? In-Reply-To: <20130625203436.GP10208@hendrix.redhat.com> References: <1372044028.2811.2.camel@developer.hunter.org> <20130624060730.GA6776@redhat.com> <1372078331.2811.9.camel@developer.hunter.org> <51C84B75.9090505@redhat.com> <51C96864.6080807@redhat.com> <66FF4FD9-447C-4FE3-ADF8-81F303848A82@citrixonline.com> <20130625203436.GP10208@hendrix.redhat.com> Message-ID: <20130625204002.GR10208@hendrix.redhat.com> On Tue, Jun 25, 2013 at 10:34:36PM +0200, Jakub Hrozek wrote: > On Tue, Jun 25, 2013 at 08:19:11PM +0000, JR Aquino wrote: > > On Jun 25, 2013, at 2:52 AM, Martin Kosek > > wrote: > > > > > On 06/24/2013 03:36 PM, Rob Crittenden wrote: > > >> Dean Hunter wrote: > > >>> On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: > > >>>> On Sun, 23 Jun 2013, Dean Hunter wrote: > > >>>>> Section 14.4. Applying the Configured sudo Policies to Hosts of the > > >>>>> FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains > > >>>>> only an example of configuring sudo for use with FreeIPA 2.2. It differs > > >>>>> in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at > > >>>>> fedoraproject.org. > > >>>>> > > >>>>> What instructions should I use to configure an IPA 3.1.5-1 client with > > >>>>> sudo? > > >>>> This thread should clear it up: > > >>>> https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html > > >>>> > > >>>> This presentation covers current state: > > >>>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > > >>>> > > >>> Thank you for the prompt response! I really appreciate how helpful > > >>> y'all are on this list. The slide presentation is especially useful > > >>> because of all the explanation. Have you identified a target release for: > > >>> > > >>> 1) SSSD doesn't support FreeIPA as SUDO provider yet > > >> > > >> To clarify, this is just to make SSSD use the native IPA schema instead of > > >> ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 > > > > > > Right. When talking about SUDO being able to select SSSD as a source database > > > (instead of the native LDAP connection), this works already - SSSD reads > > > ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains > > > steps how to configure it manually): > > > > Is there a specific version of Sudo that supports nsswitch.conf having: sudo sss? > > When speaking of sudo upstream, the first version where the sudo support ^^^^^^^^^^^^^^^^ the sss support sorry for typo > landed was 1.8.6b4 > > > > > Is that version of Sudo available on RHEL? > > In 6.4 it is. From erinn.looneytriggs at gmail.com Tue Jun 25 20:47:16 2013 From: erinn.looneytriggs at gmail.com (Erinn Looney-Triggs) Date: Tue, 25 Jun 2013 16:47:16 -0400 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: References: Message-ID: <51CA01D4.6050901@gmail.com> On 06/25/2013 03:10 PM, Andrew Tranquada wrote: > I am aware of the documentation and have found it invaluable so far, one > of the better documented projects out there. > Personally, I would love this guide released frequently and really like > the idea of having the documentation in a sub package. > > Thanks!!! > Let me second that, not only does it create a more professional and accessible product but I believe documentation actually creates a better product overall as it can often force dev to think through things a little more than if it doesn't have to be documented. -Erinn -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 555 bytes Desc: OpenPGP digital signature URL: From deanhunter at comcast.net Tue Jun 25 20:58:02 2013 From: deanhunter at comcast.net (Dean Hunter) Date: Tue, 25 Jun 2013 15:58:02 -0500 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: <51C9C048.5070106@redhat.com> References: <51C9C048.5070106@redhat.com> Message-ID: <1372193882.1702.6.camel@developer.hunter.org> On Tue, 2013-06-25 at 18:07 +0200, Martin Kosek wrote: > Hello, > > The FreeIPA Team has published a User Guide for FreeIPA 3.1.x series introduced > in Fedora 18: > > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.html > > Big thanks to Deon Lackey who was the main contributor for this docs! > > On a side note, FreeIPA team is in process of re-considering and improving our > user/development documentation and I am just curious - are FreeIPA users well > aware of this documentation, do you use it frequently when you seek FreeIPA > related information? Any ideas for improvements? > > Do you want to continue us to release this guide frequently with FreeIPA > releases? For sake of future, we are also considering releasing this User Guide > right during FreeIPA release, in a special subpackage (e.g. freeipa-docs). > > Thanks for any feedback. > I am also a big fan of up-to-date documentation. I make it a priority to research as much as I can before I start into something new. Unfortunately, I do not always understand everything I read. And somethimes what I read is no longer accurate as I noted a couple of days ago regarding section 14.4 of this document. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkosek at redhat.com Wed Jun 26 06:15:19 2013 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 26 Jun 2013 08:15:19 +0200 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: <1372193882.1702.6.camel@developer.hunter.org> References: <51C9C048.5070106@redhat.com> <1372193882.1702.6.camel@developer.hunter.org> Message-ID: <51CA86F7.1030103@redhat.com> On 06/25/2013 10:58 PM, Dean Hunter wrote: > On Tue, 2013-06-25 at 18:07 +0200, Martin Kosek wrote: >> Hello, >> >> The FreeIPA Team has published a User Guide for FreeIPA 3.1.x series introduced >> in Fedora 18: >> >> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.html >> >> Big thanks to Deon Lackey who was the main contributor for this docs! >> >> On a side note, FreeIPA team is in process of re-considering and improving our >> user/development documentation and I am just curious - are FreeIPA users well >> aware of this documentation, do you use it frequently when you seek FreeIPA >> related information? Any ideas for improvements? >> >> Do you want to continue us to release this guide frequently with FreeIPA >> releases? For sake of future, we are also considering releasing this User Guide >> right during FreeIPA release, in a special subpackage (e.g. freeipa-docs). >> >> Thanks for any feedback. >> > I am also a big fan of up-to-date documentation. I make it a priority to > research as much as I can before I start into something new. Unfortunately, I > do not always understand everything I read. And somethimes what I read is no > longer accurate as I noted a couple of days ago regarding section 14.4 of this > document. Can you please file an upstream ticket using "documentation" component when you find sections which are no longer accurate or which you would like to improve? https://fedorahosted.org/freeipa/newticket Having it noted somewhere helps us with tracking the deficiency and having enough data to fix it. Thank you, Martin From mkosek at redhat.com Wed Jun 26 06:20:19 2013 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 26 Jun 2013 08:20:19 +0200 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: <51CA01D4.6050901@gmail.com> References: <51CA01D4.6050901@gmail.com> Message-ID: <51CA8823.2000208@redhat.com> On 06/25/2013 10:47 PM, Erinn Looney-Triggs wrote: > On 06/25/2013 03:10 PM, Andrew Tranquada wrote: >> I am aware of the documentation and have found it invaluable so far, one >> of the better documented projects out there. >> Personally, I would love this guide released frequently and really like >> the idea of having the documentation in a sub package. >> >> Thanks!!! >> > > > Let me second that, not only does it create a more professional and > accessible product but I believe documentation actually creates a better > product overall as it can often force dev to think through things a > little more than if it doesn't have to be documented. > > -Erinn Hi guys, thanks! I am glad that the guide is useful for you. Erinn, you are right - with new features, it is better to stop for a while, think about the feature one is implementing and write it down both for oneself but also for other developers. Note that since FreeIPA version 3 we started to write design pages for new features: http://www.freeipa.org/page/V3_Designs This is more of a developer documentation. Therefore we are now starting to contribute more to the Guide too which should look at the features more from a user point of view. Martin From mkosek at redhat.com Wed Jun 26 06:39:37 2013 From: mkosek at redhat.com (Martin Kosek) Date: Wed, 26 Jun 2013 08:39:37 +0200 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: References: <51C9C048.5070106@redhat.com> Message-ID: <51CA8CA9.7050604@redhat.com> On 06/25/2013 10:12 PM, Justin Brown wrote: > I'm also a big fan of the documentation and reference it frequently. Good! > I know that documentation is not release notes, but it would be nice to have > some relation between the two. Two ideas: > * If the docs are released at the same time as the software, the release notes > should include links to the relevant sections of the documentation. Since last 3.2 I started to add links from enhancements to relevant design pages in FreeIPA.org wiki (http://www.freeipa.org/page/V3_Designs). But I will also think about some nice way to map new features to documentation. > * For particularly large features, it may make sense to put a *temporary* note > that feature X is new in version Y (and the note would be removed in Z or Z+1). Hm, interesting idea. We will think about that in next doc release. > The second idea is taken from Python's documentation and how they do an > excellent job of specifying when certain features were added. Now, FreeIPA > doesn't have near the varying number of versions and legacy environments that a > programming language has. That's why I wouldn't want tags like "added in 2.1.0" > still hanging around. > > Lastly, the documentation needs some release notes of it's own. The document > change history isn't that useful. Two ideas: > * A better "what's new in the docs" page that specifically links to new sections. > * Asterisks or some other markup on the table of contents that mark links that > have substantively changed. Hmm, I think that asterisk-ing fixed sections (updated content) would not be so useful and would add more work for people updating the sections. What I think that would be interesting is to have links to new sections - but this should be exactly covered if we add documentation links to new features in FreeIPA release notes. > A user browsing the table of contents may become interested in checking out a > new feature since she knows that the typical high-quality FreeIPA documentation > is right there to help. > > How would the freeipa-docs package work? PDFs in a directory or would they be > accessible from my FreeIPA web interface? I would definitely be interested in > the package if its the later. Otherwise, I'll probably stick to the Fedora Docs > website. Yes, I was thinking that freeipa-docs could add PDFs or browseable HTMLs (like the one on Fedora docs site) to appropriate places in /usr/. But having the documentation accessible from FreeIPA web interface is definitely an interesting idea which would also not be so difficult given that it is easy to generate HTML site our of the FreeIPA guide. I filed an upstream ticket with this RFE and wrote down what we found out: https://fedorahosted.org/freeipa/ticket/3753 > Excellent work. Thanks Deon and company. > > Lastly, Fedora 19 is nigh upon us. Time to dive right back into the fire. > > Cheers, > Justin Thanks! Martin > > > On Tue, Jun 25, 2013 at 2:10 PM, Andrew Tranquada > > wrote: > > I am aware of the documentation and have found it invaluable so far, one > of the better documented projects out there. > Personally, I would love this guide released frequently and really like > the idea of having the documentation in a sub package. > > Thanks!!! > > > > > > > On 6/25/13 12:07 PM, "Martin Kosek" > wrote: > > >Hello, > > > >The FreeIPA Team has published a User Guide for FreeIPA 3.1.x series > >introduced > >in Fedora 18: > > > >http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.htm > >l > > > >Big thanks to Deon Lackey who was the main contributor for this docs! > > > >On a side note, FreeIPA team is in process of re-considering and > >improving our > >user/development documentation and I am just curious - are FreeIPA users > >well > >aware of this documentation, do you use it frequently when you seek > >FreeIPA > >related information? Any ideas for improvements? > > > >Do you want to continue us to release this guide frequently with FreeIPA > >releases? For sake of future, we are also considering releasing this User > >Guide > >right during FreeIPA release, in a special subpackage (e.g. freeipa-docs). > > > >Thanks for any feedback. > > > >-- > >Martin Kosek > > >Supervisor, Software Engineering - Identity Management Team > >Red Hat Inc. > > > >_______________________________________________ > >Freeipa-users mailing list > >Freeipa-users at redhat.com > >https://www.redhat.com/mailman/listinfo/freeipa-users > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > From linux at karasik.org Wed Jun 26 07:06:57 2013 From: linux at karasik.org (Vitaly) Date: Wed, 26 Jun 2013 10:06:57 +0300 Subject: [Freeipa-users] ipa-client-install "Cannot resolve network address for KDC" problem In-Reply-To: <51C98126.50906@redhat.com> References: <51C1E02F.9020406@redhat.com> <51C96C6E.3050203@redhat.com> <51C98126.50906@redhat.com> Message-ID: Fixed. The reason for this problem was pretty simple - DNS server provided wrong SRV records for kerberos stuff (my IPA deploy is in fact migration from IPA1 server to IPA2, and customer decided to install IPA2 on different server instead of upgrade in-place). After I updated SRV records with the new IPA server, ipa-client-install works. many thanks to all for your help, Vitaly On Tue, Jun 25, 2013 at 2:38 PM, Petr Spacek wrote: > On 25.6.2013 12:09, Martin Kosek wrote: > >> Sure, you just need to have properly configured /etc/krb5.conf (namely >> [domain_realm] mapping) and /etc/sssd/sssd.conf to look up the clients in >> this >> domain. >> > You don't need to configure [domain_realm] mapping manually if you have > proper TXT records in DNS && /etc/krb5.conf contains this: > > > dns_lookup_realm = true > dns_lookup_kdc = true > > -- > Petr^2 Spacek > > > ______________________________**_________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/**mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Wed Jun 26 07:49:09 2013 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 26 Jun 2013 09:49:09 +0200 Subject: [Freeipa-users] FreeIPA 3.1.5 User Guide published! In-Reply-To: <51CA86F7.1030103@redhat.com> References: <51C9C048.5070106@redhat.com> <1372193882.1702.6.camel@developer.hunter.org> <51CA86F7.1030103@redhat.com> Message-ID: <51CA9CF5.3000700@redhat.com> On 26.6.2013 08:15, Martin Kosek wrote: > On 06/25/2013 10:58 PM, Dean Hunter wrote: >> On Tue, 2013-06-25 at 18:07 +0200, Martin Kosek wrote: >>> Hello, >>> >>> The FreeIPA Team has published a User Guide for FreeIPA 3.1.x series >>> introduced >>> in Fedora 18: >>> >>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.html >>> >>> Big thanks to Deon Lackey who was the main contributor for this docs! >>> >>> On a side note, FreeIPA team is in process of re-considering and improving our >>> user/development documentation and I am just curious - are FreeIPA users well >>> aware of this documentation, do you use it frequently when you seek FreeIPA >>> related information? Any ideas for improvements? >>> >>> Do you want to continue us to release this guide frequently with FreeIPA >>> releases? For sake of future, we are also considering releasing this User >>> Guide >>> right during FreeIPA release, in a special subpackage (e.g. freeipa-docs). >>> >>> Thanks for any feedback. >>> >> I am also a big fan of up-to-date documentation. I make it a priority to >> research as much as I can before I start into something new. Unfortunately, I >> do not always understand everything I read. And somethimes what I read is no >> longer accurate as I noted a couple of days ago regarding section 14.4 of this >> document. > > Can you please file an upstream ticket using "documentation" component when > you find sections which are no longer accurate or which you would like to > improve? > > https://fedorahosted.org/freeipa/newticket > > Having it noted somewhere helps us with tracking the deficiency and having > enough data to fix it. We could add "Report a bug/ambiguity" links to the docs. This could encourage people to report which parts of docs are not clear enough etc. https://fedorahosted.org/freeipa/ticket/3754 -- Petr^2 Spacek From linux at karasik.org Wed Jun 26 09:28:57 2013 From: linux at karasik.org (Vitaly) Date: Wed, 26 Jun 2013 12:28:57 +0300 Subject: [Freeipa-users] "Decrypt integrity check failed" issue Message-ID: How I should debug & fix "Decrypt integrity check failed" problem? TIA, Vitaly Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7748](info): AS_REQ (12 etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: NEEDED_PREAUTH: username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, Additional pre-authentication required Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): preauth (timestamp) verify failure: Decrypt integrity check failed Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): AS_REQ (12 etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: PREAUTH_FAILED: username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, Decrypt integrity check failed -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbose at redhat.com Wed Jun 26 09:39:06 2013 From: sbose at redhat.com (Sumit Bose) Date: Wed, 26 Jun 2013 11:39:06 +0200 Subject: [Freeipa-users] "Decrypt integrity check failed" issue In-Reply-To: References: Message-ID: <20130626093906.GE27655@localhost.localdomain> On Wed, Jun 26, 2013 at 12:28:57PM +0300, Vitaly wrote: > How I should debug & fix "Decrypt integrity check failed" problem? This typically means wrong password. HTH bye, Sumit > > TIA, > Vitaly > > > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7748](info): AS_REQ (12 > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: NEEDED_PREAUTH: > username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, > Additional pre-authentication required > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): preauth > (timestamp) verify failure: Decrypt integrity check failed > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): AS_REQ (12 > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: PREAUTH_FAILED: > username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, > Decrypt integrity check failed > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users From linux at karasik.org Wed Jun 26 10:00:04 2013 From: linux at karasik.org (Vitaly) Date: Wed, 26 Jun 2013 13:00:04 +0300 Subject: [Freeipa-users] "Decrypt integrity check failed" issue In-Reply-To: <20130626093906.GE27655@localhost.localdomain> References: <20130626093906.GE27655@localhost.localdomain> Message-ID: Well, probably I missed something... I see very weird thing: when my system-auth pam config *contains* pm_krb5 module before pam_ldap, use can login. When there is just pam_ldap, user cannot login. In assumption that we're able to use LDAP authentication, but some wrong with Kerberos, situation should be opposite, IMHO. Password is right. BTW, is there any way (increase debug level?) to get more meaningful message? On Wed, Jun 26, 2013 at 12:39 PM, Sumit Bose wrote: > On Wed, Jun 26, 2013 at 12:28:57PM +0300, Vitaly wrote: > > How I should debug & fix "Decrypt integrity check failed" problem? > > This typically means wrong password. > > HTH > > bye, > Sumit > > > > TIA, > > Vitaly > > > > > > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7748](info): AS_REQ (12 > > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: > NEEDED_PREAUTH: > > username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, > > Additional pre-authentication required > > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): preauth > > (timestamp) verify failure: Decrypt integrity check failed > > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): AS_REQ (12 > > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: > PREAUTH_FAILED: > > username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, > > Decrypt integrity check failed > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users at redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at karasik.org Wed Jun 26 10:19:23 2013 From: linux at karasik.org (Vitaly) Date: Wed, 26 Jun 2013 13:19:23 +0300 Subject: [Freeipa-users] "Decrypt integrity check failed" issue In-Reply-To: References: <20130626093906.GE27655@localhost.localdomain> Message-ID: Update: Sumit, you were right - my problem was related to user password. To be more precise, it wasn't wrong password, but probably some password's properties/policy. After resetting password via IPA console this user is able to login. I don't understand why. But I'm really want to understand what caused to this problem and what is explanation to this magic pam_ldap vs pam_lap+pam_krb5 difference. On Wed, Jun 26, 2013 at 1:00 PM, Vitaly wrote: > Well, probably I missed something... > I see very weird thing: when my system-auth pam config *contains* pm_krb5 > module before pam_ldap, use can login. When there is just pam_ldap, user > cannot login. > In assumption that we're able to use LDAP authentication, but some wrong > with Kerberos, situation should be opposite, IMHO. > > Password is right. BTW, is there any way (increase debug level?) to get > more meaningful message? > > > > > On Wed, Jun 26, 2013 at 12:39 PM, Sumit Bose wrote: > >> On Wed, Jun 26, 2013 at 12:28:57PM +0300, Vitaly wrote: >> > How I should debug & fix "Decrypt integrity check failed" problem? >> >> This typically means wrong password. >> >> HTH >> >> bye, >> Sumit >> > >> > TIA, >> > Vitaly >> > >> > >> > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7748](info): AS_REQ (12 >> > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: >> NEEDED_PREAUTH: >> > username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, >> > Additional pre-authentication required >> > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): preauth >> > (timestamp) verify failure: Decrypt integrity check failed >> > Jun 26 09:06:10 serv02.prod.example.com krb5kdc[7767](info): AS_REQ (12 >> > etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.99.21: >> PREAUTH_FAILED: >> > username at PROD.EXAMPLE.COM for krbtgt/PROD.EXAMPLE.COM at PROD.EXAMPLE.COM, >> > Decrypt integrity check failed >> >> > _______________________________________________ >> > Freeipa-users mailing list >> > Freeipa-users at redhat.com >> > https://www.redhat.com/mailman/listinfo/freeipa-users >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sakodak at gmail.com Wed Jun 26 14:43:03 2013 From: sakodak at gmail.com (KodaK) Date: Wed, 26 Jun 2013 09:43:03 -0500 Subject: [Freeipa-users] AEGIS "integration" Message-ID: My manager sent this line item to me today for his meeting with a director over operations: "Discuss long term authentication of aix and linux systems. Most likely need to integrate with aegis" Besides the fact that I don't know what they mean here by "integrate" -- has anyone done anything with AEGIS that might "fit the description" so to speak? A bit of background: they (the windows folks, of which the director in question is one) have been trying to push IPA out since the day I put it in. I'm wondering if this is yet another artificial barrier they're using to attempt to justify that decision. -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian_lee1 at jabil.com Wed Jun 26 15:58:35 2013 From: brian_lee1 at jabil.com (Brian Lee) Date: Wed, 26 Jun 2013 11:58:35 -0400 Subject: [Freeipa-users] AEGIS "integration" In-Reply-To: References: Message-ID: I would be interested in this as well. We're utilizing AEGIS, so any integration options or user experience would be quite helpful. On Wed, Jun 26, 2013 at 10:43 AM, KodaK wrote: > My manager sent this line item to me today for his meeting with a director > over operations: > > "Discuss long term authentication of aix and linux systems. Most likely > need to integrate with aegis" > > Besides the fact that I don't know what they mean here by "integrate" -- > has anyone done anything with AEGIS that might "fit the description" so to > speak? > > A bit of background: they (the windows folks, of which the director in > question is one) have been trying to push IPA out since the day I put it > in. I'm wondering if this is yet another artificial barrier they're using > to attempt to justify that decision. > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua at azariah.com Wed Jun 26 23:23:50 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Wed, 26 Jun 2013 15:23:50 -0800 Subject: [Freeipa-users] Upgrade/Migration steps In-Reply-To: <51C84D33.8040601@redhat.com> References: <2973063.rlmeuNKcsR@hosanna> <9884921.ekZ8118jpq@hosanna> <51C84D33.8040601@redhat.com> Message-ID: <28018996.cex5JG7Umr@hosanna> Finally circling back around to this. On Monday, June 24, 2013 09:44:19 Rob Crittenden wrote: > It's really confusing how you ended up with a CA DS instance configured > without SSL. You're telling me. :) > In any case, by default we configure port 7390 for SSL. StartTLS > shouldn't be needed. > > You may also need to set nsSSL3Ciphers. Sorry, LDAP newbie here. What would I add, and to which files? I assume the dse.ldif for the PKI-CA. What entries would I add for the SSL config? > And you need to create an entry: > > cn=RSA,cn=encryption,cn=config > objectclass=top > objectclass=nsEncryptionModule > cn=RSA > nsSSLPersonalitySSL=Server-Cert > nsSSLToken=internal (software) > nsSSLActivation=on When you say "create entry," is that just adding that to the dse.ldif, or am I adding it to the LDAP DB? (Again, LDAP newbie here). Feel free to point me to docs on this subject. I do want to learn, just not sure where to start. Thank you (again!) for all your help! j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A From andrew at wasielewski.co.uk Wed Jun 26 22:01:56 2013 From: andrew at wasielewski.co.uk (Andrew Wasielewski) Date: Wed, 26 Jun 2013 23:01:56 +0100 Subject: [Freeipa-users] Problem with automount - "Additional pre-authentication required" Message-ID: <2277757.1Yj6aaPzX0@localhost.localdomain> I am pretty new to FreeIPA. I am setting up a server to manage a small home network. I am unable to get automount to work on the client. When I start autofs, I see this in syslog:- [root at localhost ~]# automount -f -d Starting automounter version 5.0.5-31.fc14, master map auto.master using kernel protocol version 5.01 lookup_nss_read_master: reading master files auto.master parse_init: parse(sun): init gathered global options: (null) lookup_read_master: lookup(file): read entry /misc lookup_read_master: lookup(file): read entry /net lookup_read_master: lookup(file): read entry +auto.master lookup_nss_read_master: reading master files auto.master parse_init: parse(sun): init gathered global options: (null) lookup_nss_read_master: reading master ldap auto.master parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". parse_server_string: lookup(ldap): mapname auto.master parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 2, sasl_mech: GSSAPI parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK credential cache: (null) parse_init: parse(sun): init gathered global options: (null) find_server: trying server uri ldap://server.wasielewski.co.uk do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_do_kinit: initializing kerberos ticket: client principal host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK sasl_do_kinit: calling krb5_parse_name on client principal host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK sasl_do_kinit: Using tgs name krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK sasl_do_kinit: krb5_get_init_creds_keytab failed with error -1765328203 do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://server.wasielewski.co.uk do_reconnect: lookup(ldap): failed to find available server lookup(file): failed to read included master map auto.master On the server I see the following in /var/log/krb5kdc.log (client IP addr redacted):- Jun 26 22:43:29 server.wasielewski.co.uk krb5kdc[10514](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) xxx.xxx.xxx.xxx: NEEDED_PREAUTH: host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK for krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK, Additional pre-authentication required Jun 26 22:43:29 server.wasielewski.co.uk krb5kdc[10514](info): closing down fd 5 On the client the ticket cache is:- [root at localhost ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin at WASIELEWSKI.CO.UK Valid starting Expires Service principal 06/26/13 20:48:45 06/27/13 20:48:41 krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK but on the server it is: [root at server log]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin at WASIELEWSKI.CO.UK Valid starting Expires Service principal 06/26/13 00:04:51 06/27/13 00:04:47 krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK 06/26/13 00:04:54 06/27/13 00:04:47 ldap/server.wasielewski.co.uk at WASIELEWSKI.CO.UK Should I also have a ticket for LDAP on the client? Server is running FreeIPA 2.2.2 on FC17. Client is on FC14. I had to download the freeipa-client package (and others) from Koji as they were no longer available for FC14 in the usual repos. I ran ipa-client-install, but in the end had to apply most of the config manually. However everything else (IPA domain user login, IPA web UI etc.) that I would expect runs OK on the client. It is only automount that is giving problems. I am sure I have got something very simple wrong...hopefully one of the masters can put me right. Regards, Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: From pviktori at redhat.com Thu Jun 27 12:52:39 2013 From: pviktori at redhat.com (Petr Viktorin) Date: Thu, 27 Jun 2013 14:52:39 +0200 Subject: [Freeipa-users] Problem with automount - "Additional pre-authentication required" In-Reply-To: <2277757.1Yj6aaPzX0@localhost.localdomain> References: <2277757.1Yj6aaPzX0@localhost.localdomain> Message-ID: <51CC3597.1050203@redhat.com> On 06/27/2013 12:01 AM, Andrew Wasielewski wrote: > I am pretty new to FreeIPA. I am setting up a server to manage a small > home network. > [...] > > Server is running FreeIPA 2.2.2 on FC17. Client is on FC14. I had to > download the freeipa-client package (and others) from Koji as they were > no longer available for FC14 in the usual repos. I ran > ipa-client-install, but in the end had to apply most of the config > manually. However everything else (IPA domain user login, IPA web UI > etc.) that I would expect runs OK on the client. It is only automount > that is giving problems. Fedora 14 has been unsupported for a year and a half (and Fedora 17 will reach end of life in a few months). You really should upgrade your systems. What version of IPA did you download for F14? > I am sure I have got something very simple wrong...hopefully one of the > masters can put me right. > > Regards, > > Andrew -- Petr? From ovalousek at vendavo.com Thu Jun 27 12:47:55 2013 From: ovalousek at vendavo.com (Ondrej Valousek) Date: Thu, 27 Jun 2013 12:47:55 +0000 Subject: [Freeipa-users] Problem with automount - "Additional pre-authentication required" In-Reply-To: <2277757.1Yj6aaPzX0@localhost.localdomain> References: <2277757.1Yj6aaPzX0@localhost.localdomain> Message-ID: <1B2E2C093FF3B7459F3C605C42E4B50404FC266C@exmb2> apparently your nsswitch.conf looks like automount: files ldap Fix it so that it looks like: automount: files sss and configure sssd to provide maps for automounter Then you could try running # automount -m to see if all maps are visible..... ________________________________ From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Andrew Wasielewski [andrew at wasielewski.co.uk] Sent: Thursday, June 27, 2013 12:01 AM To: freeipa-users at redhat.com Subject: [Freeipa-users] Problem with automount - "Additional pre-authentication required" I am pretty new to FreeIPA. I am setting up a server to manage a small home network. I am unable to get automount to work on the client. When I start autofs, I see this in syslog:- [root at localhost ~]# automount -f -d Starting automounter version 5.0.5-31.fc14, master map auto.master using kernel protocol version 5.01 lookup_nss_read_master: reading master files auto.master parse_init: parse(sun): init gathered global options: (null) lookup_read_master: lookup(file): read entry /misc lookup_read_master: lookup(file): read entry /net lookup_read_master: lookup(file): read entry +auto.master lookup_nss_read_master: reading master files auto.master parse_init: parse(sun): init gathered global options: (null) lookup_nss_read_master: reading master ldap auto.master parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". parse_server_string: lookup(ldap): mapname auto.master parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 2, sasl_mech: GSSAPI parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK credential cache: (null) parse_init: parse(sun): init gathered global options: (null) find_server: trying server uri ldap://server.wasielewski.co.uk do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_do_kinit: initializing kerberos ticket: client principal host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK sasl_do_kinit: calling krb5_parse_name on client principal host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK sasl_do_kinit: Using tgs name krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK sasl_do_kinit: krb5_get_init_creds_keytab failed with error -1765328203 do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://server.wasielewski.co.uk do_reconnect: lookup(ldap): failed to find available server lookup(file): failed to read included master map auto.master On the server I see the following in /var/log/krb5kdc.log (client IP addr redacted):- Jun 26 22:43:29 server.wasielewski.co.uk krb5kdc[10514](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) xxx.xxx.xxx.xxx: NEEDED_PREAUTH: host/server.wasielewski.co.uk at WASIELEWSKI.CO.UK for krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK, Additional pre-authentication required Jun 26 22:43:29 server.wasielewski.co.uk krb5kdc[10514](info): closing down fd 5 On the client the ticket cache is:- [root at localhost ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin at WASIELEWSKI.CO.UK Valid starting Expires Service principal 06/26/13 20:48:45 06/27/13 20:48:41 krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK but on the server it is: [root at server log]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin at WASIELEWSKI.CO.UK Valid starting Expires Service principal 06/26/13 00:04:51 06/27/13 00:04:47 krbtgt/WASIELEWSKI.CO.UK at WASIELEWSKI.CO.UK 06/26/13 00:04:54 06/27/13 00:04:47 ldap/server.wasielewski.co.uk at WASIELEWSKI.CO.UK Should I also have a ticket for LDAP on the client? Server is running FreeIPA 2.2.2 on FC17. Client is on FC14. I had to download the freeipa-client package (and others) from Koji as they were no longer available for FC14 in the usual repos. I ran ipa-client-install, but in the end had to apply most of the config manually. However everything else (IPA domain user login, IPA web UI etc.) that I would expect runs OK on the client. It is only automount that is giving problems. I am sure I have got something very simple wrong...hopefully one of the masters can put me right. Regards, Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: From grimme at atix.de Thu Jun 27 19:11:26 2013 From: grimme at atix.de (Marc Grimme) Date: Thu, 27 Jun 2013 21:11:26 +0200 (CEST) Subject: [Freeipa-users] I/O Problems after update to IPA Version RHEL6.4 In-Reply-To: <1350300956.32677.1372360048870.JavaMail.root@atix.de> Message-ID: <986495448.32681.1372360286836.JavaMail.root@atix.de> Hi together, I updated my ipa servers last week. Since then the primary master is running under heavy load. It look like that the ldap server reponsible for my domain is causing high I/O load. It's writing its logs over and over again. Also the CPU is loaded: top - 21:09:53 up 6 days, 4:18, 2 users, load average: 1.73, 1.71, 1.74 Tasks: 107 total, 1 running, 106 sleeping, 0 stopped, 0 zombie Cpu0 : 37.5%us, 1.9%sy, 0.0%ni, 0.0%id, 54.4%wa, 0.0%hi, 0.0%si, 6.2%st Mem: 1922724k total, 1547748k used, 374976k free, 133928k buffers Swap: 2064376k total, 1812k used, 2062564k free, 233944k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 32134 dirsrv 20 0 1626m 652m 16m S 35.8 34.8 66:33.38 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-CL-ATIX -i /var/run/dirsrv/slapd-CL-ATIX.pid -w /var/run/d 912 root 20 0 314m 47m 7220 S 5.3 2.6 0:02.11 /usr/bin/python -E /usr/sbin/ipa-replica-manage list 2012 root 20 0 192m 5280 1536 S 0.3 0.3 3:43.13 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid 1 root 20 0 21304 1352 1092 S 0.0 0.1 0:06.61 /sbin/init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kthreadd] ... Look at two following ls on the db directory. -----------------------X8-------------------------------- [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db insgesamt 155484 -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 drwx------ 2 dirsrv dirsrv 4096 21. Jun 16:48 userRoot [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db insgesamt 191500 -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289611 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289612 -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289613 ----------------------------X8------------------------------------ All the apps are pretty slow with authentication. The server is exclusivly running ipa. Any ideas how I can proceed? Thanks for you help. Marc. -- Marc Grimme ATIX - The Linux & Open Source Company ATIX Informationstechnologie und Consulting AG Einsteinstra?e 10 85716 Unterschlei?heim www.atix.de From rmeggins at redhat.com Thu Jun 27 19:24:17 2013 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 27 Jun 2013 13:24:17 -0600 Subject: [Freeipa-users] I/O Problems after update to IPA Version RHEL6.4 In-Reply-To: <986495448.32681.1372360286836.JavaMail.root@atix.de> References: <986495448.32681.1372360286836.JavaMail.root@atix.de> Message-ID: <51CC9161.80207@redhat.com> On 06/27/2013 01:11 PM, Marc Grimme wrote: > Hi together, > I updated my ipa servers last week. > Since then the primary master is running under heavy load. What exactly do you mean by "heavy load"? > It look like that the ldap server reponsible for my domain is causing high I/O load. Where do you see high I/O load? > It's writing its logs over and over again. What do you mean by that? > Also the CPU is loaded: > top - 21:09:53 up 6 days, 4:18, 2 users, load average: 1.73, 1.71, 1.74 > Tasks: 107 total, 1 running, 106 sleeping, 0 stopped, 0 zombie > Cpu0 : 37.5%us, 1.9%sy, 0.0%ni, 0.0%id, 54.4%wa, 0.0%hi, 0.0%si, 6.2%st > Mem: 1922724k total, 1547748k used, 374976k free, 133928k buffers > Swap: 2064376k total, 1812k used, 2062564k free, 233944k cached > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 32134 dirsrv 20 0 1626m 652m 16m S 35.8 34.8 66:33.38 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-CL-ATIX -i /var/run/dirsrv/slapd-CL-ATIX.pid -w /var/run/d > 912 root 20 0 314m 47m 7220 S 5.3 2.6 0:02.11 /usr/bin/python -E /usr/sbin/ipa-replica-manage list > 2012 root 20 0 192m 5280 1536 S 0.3 0.3 3:43.13 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid > 1 root 20 0 21304 1352 1092 S 0.0 0.1 0:06.61 /sbin/init > 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kthreadd] > ... What would you expect to see instead of the above numbers? What do you mean by "CPU is loaded"? CPU% 35.8 is not necessarily bad or good. > > Look at two following ls on the db directory. > -----------------------X8-------------------------------- > [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db > insgesamt 155484 > -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 > -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 > -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 > -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 > -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 > -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 > -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 > drwx------ 2 dirsrv dirsrv 4096 21. Jun 16:48 userRoot > [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db > insgesamt 191500 > -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 > -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 > -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 > -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 > -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 > -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 > -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289611 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289612 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289613 > ----------------------------X8------------------------------------ There are a lot of transaction logs, but not too many, for write intensive applications. > > All the apps are pretty slow with authentication. logconv.pl - man logconv.pl > > The server is exclusivly running ipa. > > Any ideas how I can proceed? > > Thanks for you help. > > Marc. > From grimme at atix.de Thu Jun 27 19:33:47 2013 From: grimme at atix.de (Marc Grimme) Date: Thu, 27 Jun 2013 21:33:47 +0200 (CEST) Subject: [Freeipa-users] I/O Problems after update to IPA Version RHEL6.4 In-Reply-To: <51CC9161.80207@redhat.com> Message-ID: <124944934.32716.1372361627943.JavaMail.root@atix.de> With heavy load I mean that the ldap process is consuming MUCH more CPU usage then before. As you can see from the top screenshot is that I/O Wait is 54.4% and CPU around 50% this is way too much. And this is not good. Before it was always around 0-1%. I see that the db log files for the slapd are changed and updated over and over again. This might indicate loads of changes in the db. But I cannot explain those changes, as currently nothing should be going on. What I also found in the logs is this message. Don't know what that means: [27/Jun/2013:19:10:12 +0200] - Retry count exceeded in modify [27/Jun/2013:20:18:43 +0200] - Retry count exceeded in modify [27/Jun/2013:21:20:44 +0200] - Retry count exceeded in modify Hope this makes it a little more clear. Thanks Marc. ----- Original Message ----- From: "Rich Megginson" To: "Marc Grimme" Cc: freeipa-users at redhat.com Sent: Thursday, June 27, 2013 9:24:17 PM Subject: Re: [Freeipa-users] I/O Problems after update to IPA Version RHEL6.4 On 06/27/2013 01:11 PM, Marc Grimme wrote: > Hi together, > I updated my ipa servers last week. > Since then the primary master is running under heavy load. What exactly do you mean by "heavy load"? > It look like that the ldap server reponsible for my domain is causing high I/O load. Where do you see high I/O load? > It's writing its logs over and over again. What do you mean by that? > Also the CPU is loaded: > top - 21:09:53 up 6 days, 4:18, 2 users, load average: 1.73, 1.71, 1.74 > Tasks: 107 total, 1 running, 106 sleeping, 0 stopped, 0 zombie > Cpu0 : 37.5%us, 1.9%sy, 0.0%ni, 0.0%id, 54.4%wa, 0.0%hi, 0.0%si, 6.2%st > Mem: 1922724k total, 1547748k used, 374976k free, 133928k buffers > Swap: 2064376k total, 1812k used, 2062564k free, 233944k cached > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 32134 dirsrv 20 0 1626m 652m 16m S 35.8 34.8 66:33.38 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-CL-ATIX -i /var/run/dirsrv/slapd-CL-ATIX.pid -w /var/run/d > 912 root 20 0 314m 47m 7220 S 5.3 2.6 0:02.11 /usr/bin/python -E /usr/sbin/ipa-replica-manage list > 2012 root 20 0 192m 5280 1536 S 0.3 0.3 3:43.13 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid > 1 root 20 0 21304 1352 1092 S 0.0 0.1 0:06.61 /sbin/init > 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kthreadd] > ... What would you expect to see instead of the above numbers? What do you mean by "CPU is loaded"? CPU% 35.8 is not necessarily bad or good. > > Look at two following ls on the db directory. > -----------------------X8-------------------------------- > [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db > insgesamt 155484 > -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 > -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 > -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 > -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 > -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 > -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 > -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 > drwx------ 2 dirsrv dirsrv 4096 21. Jun 16:48 userRoot > [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db > insgesamt 191500 > -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 > -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 > -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 > -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 > -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 > -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 > -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289611 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289612 > -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289613 > ----------------------------X8------------------------------------ There are a lot of transaction logs, but not too many, for write intensive applications. > > All the apps are pretty slow with authentication. logconv.pl - man logconv.pl > > The server is exclusivly running ipa. > > Any ideas how I can proceed? > > Thanks for you help. > > Marc. > From rmeggins at redhat.com Thu Jun 27 19:40:48 2013 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 27 Jun 2013 13:40:48 -0600 Subject: [Freeipa-users] I/O Problems after update to IPA Version RHEL6.4 In-Reply-To: <124944934.32716.1372361627943.JavaMail.root@atix.de> References: <124944934.32716.1372361627943.JavaMail.root@atix.de> Message-ID: <51CC9540.30404@redhat.com> On 06/27/2013 01:33 PM, Marc Grimme wrote: > With heavy load I mean that the ldap process is consuming MUCH more CPU usage then before. Than before what? That is, now it is consuming a lot of CPU. Previously, it was not? What has changed between then and now? > As you can see from the top screenshot is that I/O Wait is 54.4% and CPU around 50% this is way too much. And this is not good. > Before it was always around 0-1%. You mean, it's idle? What does logconv.pl say? > > I see that the db log files for the slapd are changed and updated over and over again. This might indicate loads of changes in the db. But I cannot explain those changes, as currently nothing should be going on. > > What I also found in the logs is this message. > Don't know what that means: > [27/Jun/2013:19:10:12 +0200] - Retry count exceeded in modify > [27/Jun/2013:20:18:43 +0200] - Retry count exceeded in modify > [27/Jun/2013:21:20:44 +0200] - Retry count exceeded in modify This is a bug we are working on - https://fedorahosted.org/389/ticket/47412 and a related bug is https://fedorahosted.org/389/ticket/47392 > > Hope this makes it a little more clear. > > Thanks Marc. > ----- Original Message ----- > From: "Rich Megginson" > To: "Marc Grimme" > Cc: freeipa-users at redhat.com > Sent: Thursday, June 27, 2013 9:24:17 PM > Subject: Re: [Freeipa-users] I/O Problems after update to IPA Version RHEL6.4 > > On 06/27/2013 01:11 PM, Marc Grimme wrote: >> Hi together, >> I updated my ipa servers last week. >> Since then the primary master is running under heavy load. > What exactly do you mean by "heavy load"? > >> It look like that the ldap server reponsible for my domain is causing high I/O load. > Where do you see high I/O load? > >> It's writing its logs over and over again. > What do you mean by that? > >> Also the CPU is loaded: >> top - 21:09:53 up 6 days, 4:18, 2 users, load average: 1.73, 1.71, 1.74 >> Tasks: 107 total, 1 running, 106 sleeping, 0 stopped, 0 zombie >> Cpu0 : 37.5%us, 1.9%sy, 0.0%ni, 0.0%id, 54.4%wa, 0.0%hi, 0.0%si, 6.2%st >> Mem: 1922724k total, 1547748k used, 374976k free, 133928k buffers >> Swap: 2064376k total, 1812k used, 2062564k free, 233944k cached >> >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND >> 32134 dirsrv 20 0 1626m 652m 16m S 35.8 34.8 66:33.38 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-CL-ATIX -i /var/run/dirsrv/slapd-CL-ATIX.pid -w /var/run/d >> 912 root 20 0 314m 47m 7220 S 5.3 2.6 0:02.11 /usr/bin/python -E /usr/sbin/ipa-replica-manage list >> 2012 root 20 0 192m 5280 1536 S 0.3 0.3 3:43.13 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid >> 1 root 20 0 21304 1352 1092 S 0.0 0.1 0:06.61 /sbin/init >> 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kthreadd] >> ... > What would you expect to see instead of the above numbers? What do you > mean by "CPU is loaded"? CPU% 35.8 is not necessarily bad or good. > >> Look at two following ls on the db directory. >> -----------------------X8-------------------------------- >> [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db >> insgesamt 155484 >> -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 >> -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 >> -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 >> -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 >> -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 >> -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 >> -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 >> drwx------ 2 dirsrv dirsrv 4096 21. Jun 16:48 userRoot >> [root at axinfra01-1 dirsrv]# ls -l /var/lib/dirsrv/slapd-CL-ATIX/db >> insgesamt 191500 >> -rw------- 1 dirsrv dirsrv 24576 27. Jun 17:37 __db.001 >> -rw------- 1 dirsrv dirsrv 1728512 27. Jun 21:07 __db.002 >> -rw------- 1 dirsrv dirsrv 10002432 27. Jun 21:07 __db.003 >> -rw------- 1 dirsrv dirsrv 1081344 27. Jun 21:07 __db.004 >> -rw------- 1 dirsrv dirsrv 8126464 27. Jun 21:08 __db.005 >> -rw------- 1 dirsrv dirsrv 90112 27. Jun 21:07 __db.006 >> -rw------- 1 dirsrv dirsrv 49 27. Jun 17:37 DBVERSION >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289597 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289598 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289599 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289600 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289601 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289602 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289603 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289604 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289605 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289606 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:07 log.0000289607 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289608 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289609 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289610 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289611 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289612 >> -rw------- 1 dirsrv dirsrv 10485760 27. Jun 21:08 log.0000289613 >> ----------------------------X8------------------------------------ > There are a lot of transaction logs, but not too many, for write > intensive applications. > >> All the apps are pretty slow with authentication. > logconv.pl - man logconv.pl >> The server is exclusivly running ipa. >> >> Any ideas how I can proceed? >> >> Thanks for you help. >> >> Marc. >> From natxo.asenjo at gmail.com Thu Jun 27 22:18:05 2013 From: natxo.asenjo at gmail.com (natxo asenjo) Date: Fri, 28 Jun 2013 00:18:05 +0200 Subject: [Freeipa-users] I/O Problems after update to IPA Version RHEL6.4 In-Reply-To: <124944934.32716.1372361627943.JavaMail.root@atix.de> References: <124944934.32716.1372361627943.JavaMail.root@atix.de> Message-ID: <51CCBA1D.4040505@gmail.com> On 06/27/2013 09:33 PM, Marc Grimme wrote: > With heavy load I mean that the ldap process is consuming MUCH more CPU usage then before. > As you can see from the top screenshot is that I/O Wait is 54.4% and CPU around 50% this is way too much. And this is not good. > Before it was always around 0-1%. >> top - 21:09:53 up 6 days, 4:18, 2 users, load average: 1.73, 1.71, 1.74 >> Tasks: 107 total, 1 running, 106 sleeping, 0 stopped, 0 zombie >> Cpu0 : 37.5%us, 1.9%sy, 0.0%ni, 0.0%id, 54.4%wa, 0.0%hi, 0.0%si, 6.2%st >> Mem: 1922724k total, 1547748k used, 374976k free, 133928k buffers >> Swap: 2064376k total, 1812k used, 2062564k free, 233944k cached >> >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND >> 32134 dirsrv 20 0 1626m 652m 16m S 35.8 34.8 66:33.38 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-CL-ATIX -i /var/run/dirsrv/slapd-CL-ATIX.pid -w /var/run/d >> 912 root 20 0 314m 47m 7220 S 5.3 2.6 0:02.11 /usr/bin/python -E /usr/sbin/ipa-replica-manage list >> 2012 root 20 0 192m 5280 1536 S 0.3 0.3 3:43.13 /usr/sbin/snmpd -LS0-6d -Lf /dev/null -p /var/run/snmpd.pid >> 1 root 20 0 21304 1352 1092 S 0.0 0.1 0:06.61 /sbin/init >> 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kthreadd] you only have one cpu, and the load it is getting is too much for it. With one cpu, you should see a load under 1, with 2, under 2, etc. For an explanation on what you are seeing there, take a look at this: http://en.wikipedia.org/wiki/Load_%28computing%29#Unix-style_load_calculation When the cpu is in i/o wait state that means the processor has to wait until it gets data for processing. It *usually* is storage and/or network contention. A few questions to get you troubleshooting off the top of my head: Is this a vm or a real hardware server? What are the specs? Is your network being used now more heavily than before the upgrade? Where is the storage? DAS, NAS, SAN? Is it enterprise grade storage, slow sata disks, fast sas disks? If network storage (nfs, iscsi): what speed is your storage network switching layer? Is it isolated from the normal network switches? Fiber channel? What speed are the switches? If it is a vm: are the disks properly aligned to the specs of your storage vendor? Be aware that load tuning is a very complicated business. If this is a vm and you can allocate another cpu to it, you could try that. But if the underlying host hardware is memory/cpu/disk/network constrained, it will not help much. Lots of variables to take into account, I am afraid -- groet, natxo From themailrobot at gmail.com Fri Jun 28 06:09:56 2013 From: themailrobot at gmail.com (Mail Robot) Date: Fri, 28 Jun 2013 14:09:56 +0800 Subject: [Freeipa-users] FreeIPA as Samba 4 Backend Message-ID: Hi everyone, I am new to this mailing list. At the moment I would like to migrate all of my users from Microsoft Active Directory to Open Source, and what I have in mind is getting it into Samba 4. In extending the functionality of it, I decided to intergrate FreeIPA as the backend to Samba 4. I saw some obsolete reference on how to use FreeIPA as Samba 4 backend, but I don't know where are the new reference. Herewith I would seek advise on how to go for my mission. Thank you Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From simo at redhat.com Fri Jun 28 12:57:32 2013 From: simo at redhat.com (Simo Sorce) Date: Fri, 28 Jun 2013 08:57:32 -0400 Subject: [Freeipa-users] FreeIPA as Samba 4 Backend In-Reply-To: References: Message-ID: <1372424252.31944.10.camel@willson.li.ssimo.org> On Fri, 2013-06-28 at 14:09 +0800, Mail Robot wrote: > Hi everyone, > > > I am new to this mailing list. > > > At the moment I would like to migrate all of my users from Microsoft > Active Directory to Open Source, and what I have in mind is getting it > into Samba 4. > > > In extending the functionality of it, I decided to intergrate FreeIPA > as the backend to Samba 4. > > > I saw some obsolete reference on how to use FreeIPA as Samba 4 > backend, but I don't know where are the new reference. > > > Herewith I would seek advise on how to go for my mission. Sorry to foil your plans but FreIPa cannot be used as an LDAP backend to Samba4. We abandoned that path a few years ago as it became clear it was highly unlikely it would work. What we've done is that we change our integratioj strategy and introduced cross-realm trusts that would with Active Directory. In the future this should work also with Samba4, but Samba4 code base currently lacks support for cross-forest trusts. Simo. -- Simo Sorce * Red Hat, Inc * New York From dpal at redhat.com Fri Jun 28 19:03:25 2013 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 28 Jun 2013 15:03:25 -0400 Subject: [Freeipa-users] AEGIS "integration" In-Reply-To: References: Message-ID: <51CDDDFD.3090001@redhat.com> On 06/26/2013 11:58 AM, Brian Lee wrote: > I would be interested in this as well. We're utilizing AEGIS, so any > integration options or user experience would be quite helpful. > > > On Wed, Jun 26, 2013 at 10:43 AM, KodaK > wrote: > > My manager sent this line item to me today for his meeting with a > director over operations: > > "Discuss long term authentication of aix and linux systems. Most > likely need to integrate with aegis" > > Besides the fact that I don't know what they mean here by > "integrate" -- has anyone done anything with AEGIS that might "fit > the description" so to speak? > > A bit of background: they (the windows folks, of which the > director in question is one) have been trying to push IPA out > since the day I put it in. I'm wondering if this is yet another > artificial barrier they're using to attempt to justify that decision. > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users I did a quick scan of the AEGIS docs. http://mysite.verizon.net/ralph.a.smith1/aegis/howto-html/working_in_teams.html#id2535810 General requirement is to have the same users on all systems. This can be accomplished by using SSSD+ FreeIPA on Linux and AIX LDAP client against FreeIPA if needed on AIX. See client configuration chapter on FreeIPA Fedora docs and pages on FreeIPA wiki. They also mention NFS. It would be really beneficial to use NFS4 with FreeIPA. You can find pointers to how to do this in the presentations by Steve Dickson at Red Hat summit for the last 2-3 years. http://rhsummit.files.wordpress.com/2013/06/dickson_t_0230_evolvingimprovingredhatenterpriselinuxnfs.pdf http://rhsummit.files.wordpress.com/2012/03/dickson_the_evolution_nfs_protocol.pdf -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Fri Jun 28 19:13:25 2013 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 28 Jun 2013 15:13:25 -0400 Subject: [Freeipa-users] migrate-ds "is not a POSIX user" In-Reply-To: References: Message-ID: <51CDE055.10801@redhat.com> On 06/19/2013 04:39 PM, Alex Lawrence wrote: > Hello! > > I'm working on trying to migrate users into FreeIPA 3.1.5 (Fedora 18) > from DS389 (CentOS 6) 1.2.2. I've enabled migration on DS389 and I'm > attempting to migrate a subset of people using: > > ipa migrate-ds --user-container="ou=Systems & > Networking,ou=Personnel,dc=plu,dc=edu" --ignore* ldap://LDAP-SERVER:389 > > The out put is: > > ----------- > migrate-ds: > ----------- > Migrated: > Failed user: > %UID%: %UID% is not a POSIX user > %UID%: %UID% is not a POSIX user > %UID%: %UID% is not a POSIX user > > And so on. > > I've imported my schema into FreeIPA so that it knows my additional > attributes; however, just to be safe I've also tried running the > import ignoring any objectclass in use with the same output. > > --user-ignore-objectclass=pluEduPerson,mailRecipient,eduPerson,posixAccount,inetOrgPerson,organizationalPerson > > I've added the posixAccount object class to a handful of accounts in > question on my DS389 side to be sure that was not an issue either and > that gives me the same result. > > I'm sure this is something simple that I'm missing, any suggestions > would be appreciated. > > Alex > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users Did anyone help you here? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Fri Jun 28 19:16:32 2013 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 28 Jun 2013 15:16:32 -0400 Subject: [Freeipa-users] possible to use a different kerberos server for some users? In-Reply-To: <51C37592.2020704@indiana.edu> References: <51C37592.2020704@indiana.edu> Message-ID: <51CDE110.3050605@redhat.com> On 06/20/2013 05:35 PM, Brian Wheeler wrote: > Hello! > > So here's the situation I'm in. The university has its AD domain > locked down pretty tight -- getting a trust is out of the question, > creating new users isn't allowed, and they seem to have no interest in > supporting linux management. > > I'd like to be able to leverage the AD kerberos server but manage > users locally. > > So here's what I'm thinking about doing: putting my site users/groups > and copies of the relevant AD users into IPA. The site users would > have UIDs > 1 billion and the users from AD would have whatever > unixuid attribute they have (only the uid is stored in AD -- they > didn't do a full posix setup). The IDs will not conflict with each > other, so I'm set there. > > I'd have two entries in sssd.conf: one entry would have a min/max id > matching the AD users and the other would be 1 billion+ to match the > local users/groups. The AD range would use the university's AD > kerberos for authentication and IPA for everything else. The other > would use IPA normally. > > I was able to get this working successfully when setting up 389 > manually by using two nearly identical configs in sssd and making the > AD one resolve first, but I can't seem to figure out the magic chant > for making it work with IPA. > > So, is something like this even possible? Is there a better way to be > able to use IPA and stay out of the password business for the real > users of my system? If it comes down to it, I'll manually set up 389 > and do it the way I prototyped it, but I'd really like to have > something resembling a "standard" build. This is all on RHEL6. If a > newer version of IPA is required I'd be ok with installing it. > > Brian > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users Was there any help provided here? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From dpal at redhat.com Fri Jun 28 19:18:13 2013 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 28 Jun 2013 15:18:13 -0400 Subject: [Freeipa-users] Slow week Message-ID: <51CDE175.1000606@redhat.com> Hello, Next week will be a bit slow for us due to vacation time and conferences. We are sorry if we would lag in our responses and help. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From brian_lee1 at jabil.com Fri Jun 28 19:28:17 2013 From: brian_lee1 at jabil.com (Brian Lee) Date: Fri, 28 Jun 2013 15:28:17 -0400 Subject: [Freeipa-users] AEGIS "integration" In-Reply-To: <51CDDDFD.3090001@redhat.com> References: <51CDDDFD.3090001@redhat.com> Message-ID: Dmitri, Still not clear on how we're going to be using AEGIS, but I know integration always makes management happy. If I get pulled into implementation with AEGIS, I'll ask less vague questions. Just glad to know there's some opportunities there. Thanks, Brian On Fri, Jun 28, 2013 at 3:03 PM, Dmitri Pal wrote: > On 06/26/2013 11:58 AM, Brian Lee wrote: > > I would be interested in this as well. We're utilizing AEGIS, so any > integration options or user experience would be quite helpful. > > > On Wed, Jun 26, 2013 at 10:43 AM, KodaK wrote: > >> My manager sent this line item to me today for his meeting with a >> director over operations: >> >> "Discuss long term authentication of aix and linux systems. Most >> likely need to integrate with aegis" >> >> Besides the fact that I don't know what they mean here by "integrate" >> -- has anyone done anything with AEGIS that might "fit the description" so >> to speak? >> >> A bit of background: they (the windows folks, of which the director in >> question is one) have been trying to push IPA out since the day I put it >> in. I'm wondering if this is yet another artificial barrier they're using >> to attempt to justify that decision. >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > > > _______________________________________________ > Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users > > > > I did a quick scan of the AEGIS docs. > > http://mysite.verizon.net/ralph.a.smith1/aegis/howto-html/working_in_teams.html#id2535810 > > General requirement is to have the same users on all systems. > This can be accomplished by using SSSD+ FreeIPA on Linux and AIX LDAP > client against FreeIPA if needed on AIX. > See client configuration chapter on FreeIPA Fedora docs and pages on > FreeIPA wiki. > > They also mention NFS. It would be really beneficial to use NFS4 with > FreeIPA. > You can find pointers to how to do this in the presentations by Steve > Dickson at Red Hat summit for the last 2-3 years. > > http://rhsummit.files.wordpress.com/2013/06/dickson_t_0230_evolvingimprovingredhatenterpriselinuxnfs.pdf > > http://rhsummit.files.wordpress.com/2012/03/dickson_the_evolution_nfs_protocol.pdf > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Fri Jun 28 19:40:57 2013 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 28 Jun 2013 15:40:57 -0400 Subject: [Freeipa-users] AEGIS "integration" In-Reply-To: References: <51CDDDFD.3090001@redhat.com> Message-ID: <51CDE6C9.4050400@redhat.com> On 06/28/2013 03:28 PM, Brian Lee wrote: > Dmitri, > > Still not clear on how we're going to be using AEGIS, but I know > integration always makes management happy. If I get pulled into > implementation with AEGIS, I'll ask less vague questions. Just glad to > know there's some opportunities there. I scanned the docs on the AEGIS side in search of LDAP/Kerberos/Authentication with 0 results. Which made me look from a different angle. AEGIS seems to consume operating system in a preconfigured way assuming all the identities are sorted out underneath. SSSD and IPA do exactly that. My point is that they are on the different layers and IPA + SSSD will provide a nice foundation but there are no direct requirements from one to another. > > Thanks, > Brian > > > On Fri, Jun 28, 2013 at 3:03 PM, Dmitri Pal > wrote: > > On 06/26/2013 11:58 AM, Brian Lee wrote: >> I would be interested in this as well. We're utilizing AEGIS, so >> any integration options or user experience would be quite helpful. >> >> >> On Wed, Jun 26, 2013 at 10:43 AM, KodaK > > wrote: >> >> My manager sent this line item to me today for his meeting >> with a director over operations: >> >> "Discuss long term authentication of aix and linux systems. >> Most likely need to integrate with aegis" >> >> Besides the fact that I don't know what they mean here by >> "integrate" -- has anyone done anything with AEGIS that might >> "fit the description" so to speak? >> >> A bit of background: they (the windows folks, of which the >> director in question is one) have been trying to push IPA out >> since the day I put it in. I'm wondering if this is yet >> another artificial barrier they're using to attempt to >> justify that decision. >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > I did a quick scan of the AEGIS docs. > http://mysite.verizon.net/ralph.a.smith1/aegis/howto-html/working_in_teams.html#id2535810 > > General requirement is to have the same users on all systems. > This can be accomplished by using SSSD+ FreeIPA on Linux and AIX > LDAP client against FreeIPA if needed on AIX. > See client configuration chapter on FreeIPA Fedora docs and pages > on FreeIPA wiki. > > They also mention NFS. It would be really beneficial to use NFS4 > with FreeIPA. > You can find pointers to how to do this in the presentations by > Steve Dickson at Red Hat summit for the last 2-3 years. > http://rhsummit.files.wordpress.com/2013/06/dickson_t_0230_evolvingimprovingredhatenterpriselinuxnfs.pdf > http://rhsummit.files.wordpress.com/2012/03/dickson_the_evolution_nfs_protocol.pdf > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From dpal at redhat.com Fri Jun 28 21:25:09 2013 From: dpal at redhat.com (Dmitri Pal) Date: Fri, 28 Jun 2013 17:25:09 -0400 Subject: [Freeipa-users] migrate-ds "is not a POSIX user" In-Reply-To: <51CDE055.10801@redhat.com> References: <51CDE055.10801@redhat.com> Message-ID: <51CDFF35.8090604@redhat.com> On 06/28/2013 03:13 PM, Dmitri Pal wrote: > On 06/19/2013 04:39 PM, Alex Lawrence wrote: >> Hello! >> >> I'm working on trying to migrate users into FreeIPA 3.1.5 (Fedora 18) >> from DS389 (CentOS 6) 1.2.2. I've enabled migration on DS389 and I'm >> attempting to migrate a subset of people using: >> >> ipa migrate-ds --user-container="ou=Systems & >> Networking,ou=Personnel,dc=plu,dc=edu" --ignore* ldap://LDAP-SERVER:389 >> >> The out put is: >> >> ----------- >> migrate-ds: >> ----------- >> Migrated: >> Failed user: >> %UID%: %UID% is not a POSIX user >> %UID%: %UID% is not a POSIX user >> %UID%: %UID% is not a POSIX user >> >> And so on. >> >> I've imported my schema into FreeIPA so that it knows my additional >> attributes; however, just to be safe I've also tried running the >> import ignoring any objectclass in use with the same output. >> >> --user-ignore-objectclass=pluEduPerson,mailRecipient,eduPerson,posixAccount,inetOrgPerson,organizationalPerson >> >> I've added the posixAccount object class to a handful of accounts in >> question on my DS389 side to be sure that was not an issue either and >> that gives me the same result. >> >> I'm sure this is something simple that I'm missing, any suggestions >> would be appreciated. Please check the accounts that are skipped, they are most likely missing some POSIX required attribute (though from LDAP point of view it is an optional attribute), UID for example or SN. Please add missing attributes and try again. The easiest way to do this is to compare posix attributes between the entry that is migrated without problems and one that is not accepted. There are only 6 posix attributes so it should be easy to spot. If you can't do it in your existing instance take an LDIF load it it into another instance and modify users there then migrate from that instance. I hope this would give you at least a starting point, have a nice weekend. >> >> Alex >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users at redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > Did anyone help you here? > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users at redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshua at azariah.com Sat Jun 29 07:40:16 2013 From: joshua at azariah.com (Joshua J. Kugler) Date: Fri, 28 Jun 2013 23:40:16 -0800 Subject: [Freeipa-users] Service...not found in Kerberos database Message-ID: <1464774.RA4R9SJAkZ@hosanna> We are trying to query an IPA server from a new IPA server (not replication, just trying to query to recreate accounts). But, when I run the query, I get this: [root at ipan ~]# ipa -vvv -e xmlrpc_uri=https://ipa0.lab.whamcloud.com/ipa/xml user-show jkugler ipa: INFO: trying https://ipa0.lab.whamcloud.com/ipa/xml ipa: INFO: Forwarding 'user_show' to server u'https://ipa0.lab.whamcloud.com/ipa/xml' ipa: ERROR: Service 'HTTP at ipa0.lab.whamcloud.com' not found in Kerberos database I've done some googling, and what the answers I found had to do with DNS issues, but I don't believe that is the cause in our case, due to DNS lookups seeming to work. [root at ipan ~]# host ipan.lab.whamcloud.com ipan.lab.whamcloud.com has address 10.10.0.50 [root at ipan ~]# host ipa0.lab.whamcloud.com ipa0.lab.whamcloud.com has address 10.10.0.4 [root at ipan ~]# host 10.10.0.50 50.0.10.10.in-addr.arpa domain name pointer ipan.lab.whamcloud.com. [root at ipan ~]# host 10.10.0.4 4.0.10.10.in-addr.arpa domain name pointer ipa0.lab.whamcloud.com. What config do I need to tweak on the new server to allow it to query the old server? Thanks! j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design joshua at azariah.com - Jabber: pedahzur at gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A