[Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}
Brian J. Murrell
brian at interlinx.bc.ca
Wed Dec 21 14:53:31 UTC 2016
On Wed, 2016-12-21 at 15:04 +0100, Petr Spacek wrote:
>
> I'm really curious what you will find out :-)
It seems to be like this, over and over again:
[21/Dec/2016:09:39:02.124732240 -0500] conn=77025 fd=107 slot=107 connection from 10.75.22.1 to 10.75.22.247
[21/Dec/2016:09:39:02.125630906 -0500] conn=77025 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci"
[21/Dec/2016:09:39:02.131312941 -0500] conn=77025 op=0 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.138517633 -0500] conn=75097 op=14926 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pc.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=host/pc.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.140094769 -0500] conn=75097 op=14926 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.140571682 -0500] conn=75097 op=14927 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.140877517 -0500] conn=75097 op=14927 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.141169433 -0500] conn=75097 op=14928 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.142218937 -0500] conn=75097 op=14928 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.142565212 -0500] conn=75097 op=14929 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:02.143021565 -0500] conn=75097 op=14929 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.145295331 -0500] conn=75097 op=14930 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pc.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=host/pc.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.146427034 -0500] conn=75097 op=14930 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.146896867 -0500] conn=75097 op=14931 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.147152183 -0500] conn=75097 op=14931 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.147429299 -0500] conn=75097 op=14932 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.148387405 -0500] conn=75097 op=14932 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.148744479 -0500] conn=75097 op=14933 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:02.149055795 -0500] conn=75097 op=14933 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.149713865 -0500] conn=75097 op=14934 SRCH base="fqdn=pc.example.com,cn=computers,cn=accounts,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[21/Dec/2016:09:39:02.150630331 -0500] conn=75097 op=14934 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.150776369 -0500] conn=75097 op=14935 SRCH base="cn=pc.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[21/Dec/2016:09:39:02.151089444 -0500] conn=75097 op=14935 RESULT err=32 tag=101 nentries=0 etime=0
[21/Dec/2016:09:39:02.151857793 -0500] conn=75097 op=14936 MOD dn="fqdn=pc.example.com,cn=computers,cn=accounts,dc=example,dc=com"
[21/Dec/2016:09:39:02.228204527 -0500] conn=75097 op=14936 RESULT err=0 tag=103 nentries=0 etime=0
[21/Dec/2016:09:39:02.232937016 -0500] conn=75097 op=14937 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.234262797 -0500] conn=75097 op=14937 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.235419139 -0500] conn=75097 op=14938 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/server.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=ldap/server.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.236482483 -0500] conn=75097 op=14938 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.236850958 -0500] conn=75097 op=14939 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.237134434 -0500] conn=75097 op=14939 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.237491908 -0500] conn=75097 op=14940 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/pc.example.com at EXAMPLE.COM))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.238406374 -0500] conn=75097 op=14940 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.238753209 -0500] conn=75097 op=14941 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.239000766 -0500] conn=75097 op=14941 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.241077854 -0500] conn=77025 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI
[21/Dec/2016:09:39:02.248835018 -0500] conn=77025 op=1 RESULT err=49 tag=97 nentries=0 etime=0 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Permission denied)
[21/Dec/2016:09:39:02.249350570 -0500] conn=77025 op=2 UNBIND
[21/Dec/2016:09:39:02.249415849 -0500] conn=77025 op=2 fd=107 closed - U1
[21/Dec/2016:09:39:02.281596927 -0500] conn=77026 fd=107 slot=107 connection from 10.75.22.1 to 10.75.22.247
[21/Dec/2016:09:39:02.282507153 -0500] conn=77026 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci"
[21/Dec/2016:09:39:02.288174388 -0500] conn=77026 op=0 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.294448214 -0500] conn=75097 op=14942 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pc.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=host/pc.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.295686515 -0500] conn=75097 op=14942 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.296099469 -0500] conn=75097 op=14943 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.296358585 -0500] conn=75097 op=14943 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.296667021 -0500] conn=75097 op=14944 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.297771804 -0500] conn=75097 op=14944 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.298107679 -0500] conn=75097 op=14945 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:02.298422754 -0500] conn=75097 op=14945 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.300721320 -0500] conn=75097 op=14946 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pc.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=host/pc.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.301907262 -0500] conn=75097 op=14946 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.302325296 -0500] conn=75097 op=14947 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.302574052 -0500] conn=75097 op=14947 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.302872847 -0500] conn=75097 op=14948 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.303854233 -0500] conn=75097 op=14948 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.304210307 -0500] conn=75097 op=14949 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:02.304517943 -0500] conn=75097 op=14949 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.305142293 -0500] conn=75097 op=14950 SRCH base="fqdn=pc.example.com,cn=computers,cn=accounts,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[21/Dec/2016:09:39:02.305858043 -0500] conn=75097 op=14950 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.305969041 -0500] conn=75097 op=14951 SRCH base="cn=pc.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[21/Dec/2016:09:39:02.306251277 -0500] conn=75097 op=14951 RESULT err=32 tag=101 nentries=0 etime=0
[21/Dec/2016:09:39:02.306937826 -0500] conn=75097 op=14952 MOD dn="fqdn=pc.example.com,cn=computers,cn=accounts,dc=example,dc=com"
[21/Dec/2016:09:39:02.353106214 -0500] conn=75097 op=14952 RESULT err=0 tag=103 nentries=0 etime=0
[21/Dec/2016:09:39:02.357520588 -0500] conn=75097 op=14953 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.358848568 -0500] conn=75097 op=14953 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.359992071 -0500] conn=75097 op=14954 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/server.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=ldap/server.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.361037295 -0500] conn=75097 op=14954 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.361364090 -0500] conn=75097 op=14955 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.361613606 -0500] conn=75097 op=14955 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.361986521 -0500] conn=75097 op=14956 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/pc.example.com at EXAMPLE.COM))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.362830028 -0500] conn=75097 op=14956 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.363182383 -0500] conn=75097 op=14957 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.363426979 -0500] conn=75097 op=14957 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.365514668 -0500] conn=77026 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI
[21/Dec/2016:09:39:02.370637191 -0500] conn=77026 op=1 RESULT err=49 tag=97 nentries=0 etime=0 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Permission denied)
[21/Dec/2016:09:39:02.371496018 -0500] conn=77026 op=2 UNBIND
[21/Dec/2016:09:39:02.371562337 -0500] conn=77026 op=2 fd=107 closed - U1
[21/Dec/2016:09:39:02.372286766 -0500] conn=77027 fd=107 slot=107 connection from 10.75.22.1 to 10.75.22.247
[21/Dec/2016:09:39:02.382612891 -0500] conn=77027 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domaincontrollerfunctionality defaultnamingcontext lastusn highestcommittedusn aci"
[21/Dec/2016:09:39:02.388362885 -0500] conn=77027 op=0 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.395620016 -0500] conn=75098 op=18691 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pc.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=host/pc.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.396899117 -0500] conn=75098 op=18691 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.397309511 -0500] conn=75098 op=18692 SRCH base="cn=ipaConfig,cn=etc,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData ipaUserAuthType"
[21/Dec/2016:09:39:02.397602626 -0500] conn=75098 op=18692 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.398124059 -0500] conn=75098 op=18693 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.398370775 -0500] conn=75098 op=18693 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.398813768 -0500] conn=75098 op=18694 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.400461664 -0500] conn=75098 op=18694 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.400695780 -0500] conn=75098 op=18695 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:02.402169438 -0500] conn=75098 op=18695 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.403857733 -0500] conn=75097 op=14958 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/pc.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=host/pc.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.405165473 -0500] conn=75097 op=14958 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.405692105 -0500] conn=75097 op=14959 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.406007820 -0500] conn=75097 op=14959 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.406323576 -0500] conn=75097 op=14960 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.407464679 -0500] conn=75097 op=14960 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.407948271 -0500] conn=75097 op=14961 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:02.408308106 -0500] conn=75097 op=14961 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.409006775 -0500] conn=75097 op=14962 SRCH base="fqdn=pc.example.com,cn=computers,cn=accounts,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[21/Dec/2016:09:39:02.409762364 -0500] conn=75097 op=14962 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.409913642 -0500] conn=75097 op=14963 SRCH base="cn=pc.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL
[21/Dec/2016:09:39:02.410201917 -0500] conn=75097 op=14963 RESULT err=32 tag=101 nentries=0 etime=0
[21/Dec/2016:09:39:02.411004985 -0500] conn=75097 op=14964 MOD dn="fqdn=pc.example.com,cn=computers,cn=accounts,dc=example,dc=com"
[21/Dec/2016:09:39:02.461237272 -0500] conn=75097 op=14964 RESULT err=0 tag=103 nentries=0 etime=0
[21/Dec/2016:09:39:02.465516328 -0500] conn=75097 op=14965 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.466852468 -0500] conn=75097 op=14965 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.467991651 -0500] conn=75097 op=14966 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/server.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=ldap/server.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.469040355 -0500] conn=75097 op=14966 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.469379230 -0500] conn=75097 op=14967 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.469634186 -0500] conn=75097 op=14967 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.470022780 -0500] conn=75097 op=14968 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/pc.example.com at EXAMPLE.COM))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:02.470907487 -0500] conn=75097 op=14968 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.471257082 -0500] conn=75097 op=14969 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:02.471524638 -0500] conn=75097 op=14969 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:02.473712725 -0500] conn=77027 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI
[21/Dec/2016:09:39:02.478818768 -0500] conn=77027 op=1 RESULT err=49 tag=97 nentries=0 etime=0 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Permission denied)
[21/Dec/2016:09:39:02.479284241 -0500] conn=77027 op=2 UNBIND
[21/Dec/2016:09:39:02.479350120 -0500] conn=77027 op=2 fd=107 closed - U1
[21/Dec/2016:09:39:11.861226250 -0500] conn=75097 op=14971 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ipa-dnskeysyncd/server.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/server.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:11.861921719 -0500] conn=75097 op=14971 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.862203634 -0500] conn=75097 op=14972 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:11.862337952 -0500] conn=75097 op=14972 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.862512310 -0500] conn=75097 op=14973 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:11.863068501 -0500] conn=75097 op=14973 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.863353256 -0500] conn=75097 op=14974 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:11.863515653 -0500] conn=75097 op=14974 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.865776297 -0500] conn=75097 op=14975 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ipa-dnskeysyncd/server.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/server.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:11.866325568 -0500] conn=75097 op=14975 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.866617004 -0500] conn=75097 op=14976 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:11.866787921 -0500] conn=75097 op=14976 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.866964438 -0500] conn=75097 op=14977 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:11.867409671 -0500] conn=75097 op=14977 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.867694147 -0500] conn=75097 op=14978 SRCH base="cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[21/Dec/2016:09:39:11.867852224 -0500] conn=75097 op=14978 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.868205098 -0500] conn=75097 op=14979 SRCH base="krbprincipalname=ipa-dnskeysyncd/server.example.com at EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[21/Dec/2016:09:39:11.870079068 -0500] conn=75097 op=14979 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:11.870220706 -0500] conn=75097 op=14980 MOD dn="krbprincipalname=ipa-dnskeysyncd/server.example.com at EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com"
[21/Dec/2016:09:39:11.938719410 -0500] conn=75097 op=14980 RESULT err=0 tag=103 nentries=0 etime=1
[21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 connection from local to /var/run/slapd-EXAMPLE.COM.socket
[21/Dec/2016:09:39:12.039069522 -0500] conn=75097 op=14981 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/EXAMPLE.COM at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=krbtgt/EXAMPLE.COM at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:12.039736952 -0500] conn=75097 op=14981 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:12.040392623 -0500] conn=75097 op=14982 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/server.example.com at EXAMPLE.COM)(krbPrincipalName:caseIgnoreIA5Match:=ldap/server.example.com at EXAMPLE.COM)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:12.040921415 -0500] conn=75097 op=14982 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:12.041183611 -0500] conn=75097 op=14983 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:12.041312649 -0500] conn=75097 op=14983 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:12.041561525 -0500] conn=75097 op=14984 SRCH base="dc=example,dc=com" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ipa-dnskeysyncd/server.example.com at EXAMPLE.COM))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Dec/2016:09:39:12.042005838 -0500] conn=75097 op=14984 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:12.042255995 -0500] conn=75097 op=14985 SRCH base="cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com" scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[21/Dec/2016:09:39:12.042381353 -0500] conn=75097 op=14985 RESULT err=0 tag=101 nentries=1 etime=0
[21/Dec/2016:09:39:12.064476101 -0500] conn=77028 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI
[21/Dec/2016:09:39:12.067486416 -0500] conn=77028 op=0 RESULT err=49 tag=97 nentries=0 etime=0 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Permission denied)
[21/Dec/2016:09:39:12.192506861 -0500] conn=77028 op=1 UNBIND
[21/Dec/2016:09:39:12.192549740 -0500] conn=77028 op=1 fd=107 closed - U1
[21/Dec/2016:09:39:13.518816766 -0500] conn=33 op=2575 SRCH base="ou=sessions,ou=Security Domain,o=ipaca" scope=2 filter="(objectClass=securityDomainSessionEntry)" attrs="cn"
[21/Dec/2016:09:39:13.519167321 -0500] conn=33 op=2575 RESULT err=32 tag=101 nentries=0 etime=0
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161221/aeaee2b4/attachment.sig>
More information about the Freeipa-users
mailing list