[Freeipa-users] Client Auth Failing - Ubuntu 15.10
Jakub Hrozek
jhrozek at redhat.com
Tue Feb 23 20:22:53 UTC 2016
On Tue, Feb 23, 2016 at 03:14:20PM -0500, Jester wrote:
> Recent events from ldap_child.
>
>
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400):
> ldap_child started.
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
> context initialized
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x1000): total buffer size: 52
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x1000): realm_str size: 9
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x1000): got realm_str: MRJESTER.NET
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x1000): princ_str size: 19
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x1000): got princ_str: host/nuc0.mrjester.net
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x1000): keytab_name size: 0
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x1000): lifetime: 86400
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
> (0x0200): Will run as [0][0].
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [privileged_krb5_setup] (0x2000): Kerberos context initialized
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
> Kerberos context initialized
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user]
> (0x0200): Trying to become user [0][0].
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user]
> (0x0200): Already user [0].
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
> Running as [0][0].
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
> getting TGT sync
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
> [host/nuc0.mrjester.net at MRJESTER.NET]
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [ldap_child_get_tgt_sync] (0x0100): Using keytab
> [MEMORY:/etc/krb5.keytab]
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
> Decrypt integrity check failed
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [ldap_child_get_tgt_sync] (0x2000): Unlinking
> [/var/lib/sss/db/ccache_MRJESTER.NET_GsnnAd]
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0020):
> ldap_child_get_tgt_sync failed.
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
> [prepare_response] (0x0400): Building response for result
> [-1765328353]
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer]
> (0x2000): response size: 50
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer]
> (0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt
> integrity check failed]
Here authenticating with the keytab failed..
> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400):
> ldap_child completed successfully
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400):
> ldap_child started.
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
> context initialized
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x1000): total buffer size: 52
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x1000): realm_str size: 9
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x1000): got realm_str: MRJESTER.NET
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x1000): princ_str size: 19
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x1000): got princ_str: host/nuc0.mrjester.net
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x1000): keytab_name size: 0
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x1000): lifetime: 86400
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
> (0x0200): Will run as [0][0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [privileged_krb5_setup] (0x2000): Kerberos context initialized
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
> Kerberos context initialized
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user]
> (0x0200): Trying to become user [0][0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user]
> (0x0200): Already user [0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
> Running as [0][0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
> getting TGT sync
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
> [host/nuc0.mrjester.net at MRJESTER.NET]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [ldap_child_get_tgt_sync] (0x0100): Using keytab
> [MEMORY:/etc/krb5.keytab]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
> Decrypt integrity check failed
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [ldap_child_get_tgt_sync] (0x2000): Unlinking
> [/var/lib/sss/db/ccache_MRJESTER.NET_2fcAih]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0020):
> ldap_child_get_tgt_sync failed.
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
> [prepare_response] (0x0400): Building response for result
> [-1765328353]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer]
> (0x2000): response size: 50
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer]
> (0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt
> integrity check failed]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400):
> ldap_child completed successfully
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400):
> ldap_child started.
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
> context initialized
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x1000): total buffer size: 52
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x1000): realm_str size: 9
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x1000): got realm_str: MRJESTER.NET
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x1000): princ_str size: 19
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x1000): got princ_str: host/nuc0.mrjester.net
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x1000): keytab_name size: 0
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x1000): lifetime: 86400
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
> (0x0200): Will run as [0][0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [privileged_krb5_setup] (0x2000): Kerberos context initialized
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
> Kerberos context initialized
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user]
> (0x0200): Trying to become user [0][0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user]
> (0x0200): Already user [0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
> Running as [0][0].
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
> getting TGT sync
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
> [host/nuc0.mrjester.net at MRJESTER.NET]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x0100): Using keytab
> [MEMORY:/etc/krb5.keytab]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x2000): credentials initialized
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x2000): keytab ccname:
> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x2000): credentials stored
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [ldap_child_get_tgt_sync] (0x2000): Renaming
> [/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng] to
> [/var/lib/sss/db/ccache_MRJESTER.NET]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
> [prepare_response] (0x0400): Building response for result [0]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer]
> (0x2000): response size: 57
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer]
> (0x1000): result [0] krberr [0] msgsize [37] msg
> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET]
> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400):
> ldap_child completed successfully
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400):
> ldap_child started.
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
> context initialized
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x1000): total buffer size: 52
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x1000): realm_str size: 9
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x1000): got realm_str: MRJESTER.NET
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x1000): princ_str size: 19
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x1000): got princ_str: host/nuc0.mrjester.net
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x1000): keytab_name size: 0
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x1000): lifetime: 86400
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
> (0x0200): Will run as [0][0].
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [privileged_krb5_setup] (0x2000): Kerberos context initialized
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
> Kerberos context initialized
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user]
> (0x0200): Trying to become user [0][0].
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user]
> (0x0200): Already user [0].
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
> Running as [0][0].
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
> getting TGT sync
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
> [host/nuc0.mrjester.net at MRJESTER.NET]
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x0100): Using keytab
> [MEMORY:/etc/krb5.keytab]
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x2000): credentials initialized
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x2000): keytab ccname:
> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c]
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x2000): credentials stored
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [ldap_child_get_tgt_sync] (0x2000): Renaming
> [/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c] to
> [/var/lib/sss/db/ccache_MRJESTER.NET]
...but here it succeeded...with the same principal..
did you maybe change the keytab in the meantime?
Or, if you crank up the debug_level even higher, you should see the IP
address of the KDC you're talking to. I wonder if it's always the one
you'd expect..
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
> [prepare_response] (0x0400): Building response for result [0]
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer]
> (0x2000): response size: 57
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer]
> (0x1000): result [0] krberr [0] msgsize [37] msg
> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET]
> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400):
> ldap_child completed successfully
>
>
>
> On Tue, Feb 23, 2016 at 2:54 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> > On Tue, Feb 23, 2016 at 01:32:11PM -0500, Jester wrote:
> >> New IPA install of Fedora 23 with FreeIPA 4.2.3. Client is Ubuntu
> >> Desktop 15.10 (nuc) with IPA client 4.1.4.
> >>
> >> ipa-client-install was successful. Host object created, DNS updated, etc.
> >>
> >> I am not able to log into the Ubuntu client with any user aside from
> >> Admin. I get inconsistent password prompting behavior. It doesn't
> >> always prompt. Most of the time, it just gives the client not found
> >> message. kinit works with all users on the IPA server directly.
> >>
> >> root at nuc0:/var/lib/sss# kinit admin
> >> Password for admin at MRJESTER.NET:
> >> root at nuc0:/var/lib/sss# kinit jon
> >> kinit: Client 'jon at MRJESTER.NET' not found in Kerberos database while
> >> getting initial credentials
> >> root at nuc0:/var/lib/sss# kinit jon-test
> >> Password for jon-test at MRJESTER.NET:
> >> Password expired. You must change it now.
> >> Enter new password:
> >> Enter it again:
> >> kinit: Password change failed while getting initial credentials
> >> root at nuc0:/var/lib/sss# kinit jon-test
> >> kinit: Client 'jon-test at MRJESTER.NET' not found in Kerberos database
> >> while getting initial credentials
> >> root at nuc0:/var/lib/sss#
> >>
> >> I am able to do GSSAPI auth from the client.
> >>
> >> /usr/bin/ldapsearch -LLL -H ldap://dir0.mrjester.net/ -Y GSSAPI -N -b
> >> "dc=mrjester,dc=net" cn
> >>
> >> Some various messages I see that stand out as possibly related. SSSD
> >> debug level 8
> >>
> >> [parse_krb5_map_user] (0x0200): Warning: krb5_map_user is empty!
> >>
> >>
> >> [sssd[be[mrjester.net]]] [sdap_get_tgt_recv] (0x0400): Child
> >> responded: 14 [Decrypt integrity check failed], expired on [0]
> >
> > Please look into ldap_child with high debug level, it looks like sssd
> > has some issues authenticating to the directory.
> >
> >>
> >>
> >> [sssd[be[mrjester.net]]] [sdap_kinit_done] (0x0100): Could not get
> >> TGT: 14 [Bad address]
> >> [sssd[be[mrjester.net]]] [sdap_cli_kinit_done] (0x0400): Cannot get a
> >> TGT: ret [1432158219](Authentication Failed)
> >> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0100): Marking port
> >> 389 of server 'dir0.mrjester.net' as 'not working'
> >> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0400): Marking port
> >> 389 of duplicate server 'dir0.mrjester.net' as 'not working'
> >>
> >>
> >> [sssd[be[mrjester.net]]] [sbus_get_sender_id_send] (0x2000): Not a
> >> sysbus message, quit
> >> [sssd[be[mrjester.net]]] [be_get_account_info] (0x0200): Got request
> >> for [0x1001][1][name=*]
> >> [sssd[be[mrjester.net]]] [be_req_set_domain] (0x0400): Changing
> >> request domain from [mrjester.net] to [mrjester.net]
> >> [sssd[be[mrjester.net]]] [sdap_idmap_domain_has_algorithmic_mapping]
> >> (0x0080): Could not parse domain SID from [(null)]
> >> [sssd[be[mrjester.net]]] [sdap_search_user_next_base] (0x0400):
> >> Searching for users with base [cn=accounts,dc=mrjester,dc=net]
> >> [sssd[be[mrjester.net]]] [sdap_print_server] (0x2000): Searching 10.8.10.40
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x0400): calling
> >> ldap_search_ext with
> >> [(&(uid=\2a)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=mrjester,dc=net].
> >
> > Do you use enumerate=true?
> >
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [objectClass]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [uid]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [userPassword]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [uidNumber]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [gidNumber]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [gecos]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [homeDirectory]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [loginShell]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [krbPrincipalName]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [cn]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [memberOf]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [ipaUniqueID]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [ipaNTSecurityIdentifier]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [modifyTimestamp]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [entryUSN]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [shadowLastChange]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [shadowMin]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [shadowMax]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [shadowWarning]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [shadowInactive]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [shadowExpire]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [shadowFlag]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [krbLastPwdChange]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [krbPasswordExpiration]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [pwdAttribute]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [authorizedService]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [accountExpires]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [userAccountControl]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [nsAccountLock]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [host]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [loginDisabled]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [loginExpirationTime]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [loginAllowedTimeMap]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [ipaSshPubKey]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
> >> Requesting attrs: [ipaUserAuthType]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x2000):
> >> ldap_search_ext called, msgid = 12
> >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
> >> sh[0x1b6d100], connected[1], ops[0x1b6e810], ldap[0x1b7a970]
> >> [sssd[be[mrjester.net]]] [sdap_get_generic_op_finished] (0x0400):
> >> Search result: Success(0), no errmsg set
> >> [sssd[be[mrjester.net]]] [sdap_search_user_process] (0x0400): Search
> >> for users, returned 0 results.
> >> [sssd[be[mrjester.net]]] [sdap_get_users_done] (0x0040): Failed to
> >> retrieve users
> >> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry
> >> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): Search groups
> >> with filter: (&(objectclass=group)(ghost=\2a))
> >> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): No such entry
> >> [sssd[be[mrjester.net]]] [sysdb_delete_user] (0x0400): Error: 2 (No
> >> such file or directory)
> >> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry
> >> [sssd[be[mrjester.net]]] [ipa_id_get_account_info_orig_done] (0x0080):
> >> Object not found, ending request
> >> [sssd[be[mrjester.net]]] [acctinfo_callback] (0x0100): Request
> >> processed. Returned 3,0,Account info lookup failed
> >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
> >> sh[0x1b6d100], connected[1], ops[(nil)], ldap[0x1b7a970]
> >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
> >> ldap_result found nothing!
> >>
> >>
> >>
> >> What additional information can I provide or things I can try?
> >>
> >> Thanks
> >>
> >> --
> >> Manage your subscription for the Freeipa-users mailing list:
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
> >> Go to http://freeipa.org for more info on the project
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list