[Freeipa-users] Client Auth Failing - Ubuntu 15.10
Jester
jester2.0 at gmail.com
Tue Feb 23 20:14:20 UTC 2016
Recent events from ldap_child.
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400):
ldap_child started.
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
context initialized
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x1000): total buffer size: 52
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x1000): realm_str size: 9
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x1000): got realm_str: MRJESTER.NET
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x1000): princ_str size: 19
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x1000): got princ_str: host/nuc0.mrjester.net
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x1000): keytab_name size: 0
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x1000): lifetime: 86400
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
(0x0200): Will run as [0][0].
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[privileged_krb5_setup] (0x2000): Kerberos context initialized
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
Kerberos context initialized
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user]
(0x0200): Trying to become user [0][0].
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user]
(0x0200): Already user [0].
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
Running as [0][0].
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
getting TGT sync
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[ldap_child_get_tgt_sync] (0x0100): Principal name is:
[host/nuc0.mrjester.net at MRJESTER.NET]
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[ldap_child_get_tgt_sync] (0x0100): Using keytab
[MEMORY:/etc/krb5.keytab]
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
Decrypt integrity check failed
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[ldap_child_get_tgt_sync] (0x2000): Unlinking
[/var/lib/sss/db/ccache_MRJESTER.NET_GsnnAd]
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0020):
ldap_child_get_tgt_sync failed.
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
[prepare_response] (0x0400): Building response for result
[-1765328353]
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer]
(0x2000): response size: 50
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer]
(0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt
integrity check failed]
(Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400):
ldap_child completed successfully
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400):
ldap_child started.
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
context initialized
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x1000): total buffer size: 52
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x1000): realm_str size: 9
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x1000): got realm_str: MRJESTER.NET
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x1000): princ_str size: 19
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x1000): got princ_str: host/nuc0.mrjester.net
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x1000): keytab_name size: 0
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x1000): lifetime: 86400
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
(0x0200): Will run as [0][0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[privileged_krb5_setup] (0x2000): Kerberos context initialized
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
Kerberos context initialized
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user]
(0x0200): Trying to become user [0][0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user]
(0x0200): Already user [0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
Running as [0][0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
getting TGT sync
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[ldap_child_get_tgt_sync] (0x0100): Principal name is:
[host/nuc0.mrjester.net at MRJESTER.NET]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[ldap_child_get_tgt_sync] (0x0100): Using keytab
[MEMORY:/etc/krb5.keytab]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
Decrypt integrity check failed
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[ldap_child_get_tgt_sync] (0x2000): Unlinking
[/var/lib/sss/db/ccache_MRJESTER.NET_2fcAih]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0020):
ldap_child_get_tgt_sync failed.
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
[prepare_response] (0x0400): Building response for result
[-1765328353]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer]
(0x2000): response size: 50
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer]
(0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt
integrity check failed]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400):
ldap_child completed successfully
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400):
ldap_child started.
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
context initialized
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x1000): total buffer size: 52
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x1000): realm_str size: 9
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x1000): got realm_str: MRJESTER.NET
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x1000): princ_str size: 19
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x1000): got princ_str: host/nuc0.mrjester.net
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x1000): keytab_name size: 0
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x1000): lifetime: 86400
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
(0x0200): Will run as [0][0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[privileged_krb5_setup] (0x2000): Kerberos context initialized
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
Kerberos context initialized
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user]
(0x0200): Trying to become user [0][0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user]
(0x0200): Already user [0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
Running as [0][0].
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
getting TGT sync
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x0100): Principal name is:
[host/nuc0.mrjester.net at MRJESTER.NET]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x0100): Using keytab
[MEMORY:/etc/krb5.keytab]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x2000): credentials initialized
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x2000): keytab ccname:
[FILE:/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x2000): credentials stored
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[ldap_child_get_tgt_sync] (0x2000): Renaming
[/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng] to
[/var/lib/sss/db/ccache_MRJESTER.NET]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
[prepare_response] (0x0400): Building response for result [0]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer]
(0x2000): response size: 57
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer]
(0x1000): result [0] krberr [0] msgsize [37] msg
[FILE:/var/lib/sss/db/ccache_MRJESTER.NET]
(Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400):
ldap_child completed successfully
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400):
ldap_child started.
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
context initialized
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x1000): total buffer size: 52
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x1000): realm_str size: 9
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x1000): got realm_str: MRJESTER.NET
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x1000): princ_str size: 19
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x1000): got princ_str: host/nuc0.mrjester.net
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x1000): keytab_name size: 0
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x1000): lifetime: 86400
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
(0x0200): Will run as [0][0].
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[privileged_krb5_setup] (0x2000): Kerberos context initialized
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
Kerberos context initialized
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user]
(0x0200): Trying to become user [0][0].
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user]
(0x0200): Already user [0].
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
Running as [0][0].
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
getting TGT sync
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x0100): Principal name is:
[host/nuc0.mrjester.net at MRJESTER.NET]
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x0100): Using keytab
[MEMORY:/etc/krb5.keytab]
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x2000): credentials initialized
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x2000): keytab ccname:
[FILE:/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c]
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x2000): credentials stored
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[ldap_child_get_tgt_sync] (0x2000): Renaming
[/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c] to
[/var/lib/sss/db/ccache_MRJESTER.NET]
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
[prepare_response] (0x0400): Building response for result [0]
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer]
(0x2000): response size: 57
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer]
(0x1000): result [0] krberr [0] msgsize [37] msg
[FILE:/var/lib/sss/db/ccache_MRJESTER.NET]
(Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400):
ldap_child completed successfully
On Tue, Feb 23, 2016 at 2:54 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Tue, Feb 23, 2016 at 01:32:11PM -0500, Jester wrote:
>> New IPA install of Fedora 23 with FreeIPA 4.2.3. Client is Ubuntu
>> Desktop 15.10 (nuc) with IPA client 4.1.4.
>>
>> ipa-client-install was successful. Host object created, DNS updated, etc.
>>
>> I am not able to log into the Ubuntu client with any user aside from
>> Admin. I get inconsistent password prompting behavior. It doesn't
>> always prompt. Most of the time, it just gives the client not found
>> message. kinit works with all users on the IPA server directly.
>>
>> root at nuc0:/var/lib/sss# kinit admin
>> Password for admin at MRJESTER.NET:
>> root at nuc0:/var/lib/sss# kinit jon
>> kinit: Client 'jon at MRJESTER.NET' not found in Kerberos database while
>> getting initial credentials
>> root at nuc0:/var/lib/sss# kinit jon-test
>> Password for jon-test at MRJESTER.NET:
>> Password expired. You must change it now.
>> Enter new password:
>> Enter it again:
>> kinit: Password change failed while getting initial credentials
>> root at nuc0:/var/lib/sss# kinit jon-test
>> kinit: Client 'jon-test at MRJESTER.NET' not found in Kerberos database
>> while getting initial credentials
>> root at nuc0:/var/lib/sss#
>>
>> I am able to do GSSAPI auth from the client.
>>
>> /usr/bin/ldapsearch -LLL -H ldap://dir0.mrjester.net/ -Y GSSAPI -N -b
>> "dc=mrjester,dc=net" cn
>>
>> Some various messages I see that stand out as possibly related. SSSD
>> debug level 8
>>
>> [parse_krb5_map_user] (0x0200): Warning: krb5_map_user is empty!
>>
>>
>> [sssd[be[mrjester.net]]] [sdap_get_tgt_recv] (0x0400): Child
>> responded: 14 [Decrypt integrity check failed], expired on [0]
>
> Please look into ldap_child with high debug level, it looks like sssd
> has some issues authenticating to the directory.
>
>>
>>
>> [sssd[be[mrjester.net]]] [sdap_kinit_done] (0x0100): Could not get
>> TGT: 14 [Bad address]
>> [sssd[be[mrjester.net]]] [sdap_cli_kinit_done] (0x0400): Cannot get a
>> TGT: ret [1432158219](Authentication Failed)
>> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0100): Marking port
>> 389 of server 'dir0.mrjester.net' as 'not working'
>> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0400): Marking port
>> 389 of duplicate server 'dir0.mrjester.net' as 'not working'
>>
>>
>> [sssd[be[mrjester.net]]] [sbus_get_sender_id_send] (0x2000): Not a
>> sysbus message, quit
>> [sssd[be[mrjester.net]]] [be_get_account_info] (0x0200): Got request
>> for [0x1001][1][name=*]
>> [sssd[be[mrjester.net]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [mrjester.net] to [mrjester.net]
>> [sssd[be[mrjester.net]]] [sdap_idmap_domain_has_algorithmic_mapping]
>> (0x0080): Could not parse domain SID from [(null)]
>> [sssd[be[mrjester.net]]] [sdap_search_user_next_base] (0x0400):
>> Searching for users with base [cn=accounts,dc=mrjester,dc=net]
>> [sssd[be[mrjester.net]]] [sdap_print_server] (0x2000): Searching 10.8.10.40
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x0400): calling
>> ldap_search_ext with
>> [(&(uid=\2a)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=mrjester,dc=net].
>
> Do you use enumerate=true?
>
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [uid]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userPassword]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [uidNumber]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gecos]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [homeDirectory]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [loginShell]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [krbPrincipalName]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTSecurityIdentifier]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [modifyTimestamp]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowLastChange]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowMin]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowMax]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowWarning]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowInactive]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowExpire]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowFlag]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [krbLastPwdChange]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [krbPasswordExpiration]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [pwdAttribute]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [authorizedService]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [accountExpires]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userAccountControl]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [nsAccountLock]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [host]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [loginDisabled]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [loginExpirationTime]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [loginAllowedTimeMap]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaSshPubKey]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUserAuthType]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 12
>> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1b6d100], connected[1], ops[0x1b6e810], ldap[0x1b7a970]
>> [sssd[be[mrjester.net]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set
>> [sssd[be[mrjester.net]]] [sdap_search_user_process] (0x0400): Search
>> for users, returned 0 results.
>> [sssd[be[mrjester.net]]] [sdap_get_users_done] (0x0040): Failed to
>> retrieve users
>> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry
>> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): Search groups
>> with filter: (&(objectclass=group)(ghost=\2a))
>> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): No such entry
>> [sssd[be[mrjester.net]]] [sysdb_delete_user] (0x0400): Error: 2 (No
>> such file or directory)
>> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry
>> [sssd[be[mrjester.net]]] [ipa_id_get_account_info_orig_done] (0x0080):
>> Object not found, ending request
>> [sssd[be[mrjester.net]]] [acctinfo_callback] (0x0100): Request
>> processed. Returned 3,0,Account info lookup failed
>> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1b6d100], connected[1], ops[(nil)], ldap[0x1b7a970]
>> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>>
>>
>>
>> What additional information can I provide or things I can try?
>>
>> Thanks
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list