[Freeipa-users] Client Auth Failing - Ubuntu 15.10
Jester
jester2.0 at gmail.com
Tue Feb 23 20:33:31 UTC 2016
Made no changes to the system between posting. Only tried a couple of
kinits to generate some logs.
Set sssd debug to 9, restarted, did a few kinits.
root at nuc0:/var/log/sssd# service sssd start
root at nuc0:/var/log/sssd# kinit admin
Password for admin at MRJESTER.NET:
root at nuc0:/var/log/sssd# kinit jon
kinit: Client 'jon at MRJESTER.NET' not found in Kerberos database while
getting initial credentials
root at nuc0:/var/log/sssd# kinit jon-test
Password for jon-test at MRJESTER.NET:
kinit: Client 'jon-test at MRJESTER.NET' not found in Kerberos database
while getting initial credentials
On Tue, Feb 23, 2016 at 3:22 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Tue, Feb 23, 2016 at 03:14:20PM -0500, Jester wrote:
>> Recent events from ldap_child.
>>
>>
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400):
>> ldap_child started.
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
>> context initialized
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x1000): total buffer size: 52
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x1000): realm_str size: 9
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x1000): got realm_str: MRJESTER.NET
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x1000): princ_str size: 19
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x1000): got princ_str: host/nuc0.mrjester.net
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x1000): keytab_name size: 0
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x1000): lifetime: 86400
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [unpack_buffer]
>> (0x0200): Will run as [0][0].
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [privileged_krb5_setup] (0x2000): Kerberos context initialized
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
>> Kerberos context initialized
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user]
>> (0x0200): Trying to become user [0][0].
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [become_user]
>> (0x0200): Already user [0].
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
>> Running as [0][0].
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x2000):
>> getting TGT sync
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
>> [host/nuc0.mrjester.net at MRJESTER.NET]
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Using keytab
>> [MEMORY:/etc/krb5.keytab]
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
>> Decrypt integrity check failed
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [ldap_child_get_tgt_sync] (0x2000): Unlinking
>> [/var/lib/sss/db/ccache_MRJESTER.NET_GsnnAd]
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0020):
>> ldap_child_get_tgt_sync failed.
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]]
>> [prepare_response] (0x0400): Building response for result
>> [-1765328353]
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer]
>> (0x2000): response size: 50
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [pack_buffer]
>> (0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt
>> integrity check failed]
>
> Here authenticating with the keytab failed..
>
>> (Tue Feb 23 14:52:37 2016) [[sssd[ldap_child[5646]]]] [main] (0x0400):
>> ldap_child completed successfully
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400):
>> ldap_child started.
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
>> context initialized
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x1000): total buffer size: 52
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x1000): realm_str size: 9
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x1000): got realm_str: MRJESTER.NET
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x1000): princ_str size: 19
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x1000): got princ_str: host/nuc0.mrjester.net
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x1000): keytab_name size: 0
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x1000): lifetime: 86400
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [unpack_buffer]
>> (0x0200): Will run as [0][0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [privileged_krb5_setup] (0x2000): Kerberos context initialized
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
>> Kerberos context initialized
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user]
>> (0x0200): Trying to become user [0][0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [become_user]
>> (0x0200): Already user [0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
>> Running as [0][0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x2000):
>> getting TGT sync
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
>> [host/nuc0.mrjester.net at MRJESTER.NET]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Using keytab
>> [MEMORY:/etc/krb5.keytab]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
>> Decrypt integrity check failed
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [ldap_child_get_tgt_sync] (0x2000): Unlinking
>> [/var/lib/sss/db/ccache_MRJESTER.NET_2fcAih]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0020):
>> ldap_child_get_tgt_sync failed.
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]]
>> [prepare_response] (0x0400): Building response for result
>> [-1765328353]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer]
>> (0x2000): response size: 50
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [pack_buffer]
>> (0x1000): result [14] krberr [-1765328353] msgsize [30] msg [Decrypt
>> integrity check failed]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5647]]]] [main] (0x0400):
>> ldap_child completed successfully
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400):
>> ldap_child started.
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
>> context initialized
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x1000): total buffer size: 52
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x1000): realm_str size: 9
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x1000): got realm_str: MRJESTER.NET
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x1000): princ_str size: 19
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x1000): got princ_str: host/nuc0.mrjester.net
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x1000): keytab_name size: 0
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x1000): lifetime: 86400
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [unpack_buffer]
>> (0x0200): Will run as [0][0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [privileged_krb5_setup] (0x2000): Kerberos context initialized
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
>> Kerberos context initialized
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user]
>> (0x0200): Trying to become user [0][0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [become_user]
>> (0x0200): Already user [0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
>> Running as [0][0].
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x2000):
>> getting TGT sync
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
>> [host/nuc0.mrjester.net at MRJESTER.NET]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Using keytab
>> [MEMORY:/etc/krb5.keytab]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x2000): credentials initialized
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x2000): keytab ccname:
>> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x2000): credentials stored
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [ldap_child_get_tgt_sync] (0x2000): Renaming
>> [/var/lib/sss/db/ccache_MRJESTER.NET_dnwqng] to
>> [/var/lib/sss/db/ccache_MRJESTER.NET]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]]
>> [prepare_response] (0x0400): Building response for result [0]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer]
>> (0x2000): response size: 57
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [pack_buffer]
>> (0x1000): result [0] krberr [0] msgsize [37] msg
>> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET]
>> (Tue Feb 23 14:52:38 2016) [[sssd[ldap_child[5648]]]] [main] (0x0400):
>> ldap_child completed successfully
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400):
>> ldap_child started.
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
>> context initialized
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x1000): total buffer size: 52
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x1000): realm_str size: 9
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x1000): got realm_str: MRJESTER.NET
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x1000): princ_str size: 19
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x1000): got princ_str: host/nuc0.mrjester.net
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x1000): keytab_name size: 0
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x1000): lifetime: 86400
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [unpack_buffer]
>> (0x0200): Will run as [0][0].
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [privileged_krb5_setup] (0x2000): Kerberos context initialized
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
>> Kerberos context initialized
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user]
>> (0x0200): Trying to become user [0][0].
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [become_user]
>> (0x0200): Already user [0].
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
>> Running as [0][0].
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x2000):
>> getting TGT sync
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x2000): got realm_name: [MRJESTER.NET]
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
>> [host/nuc0.mrjester.net at MRJESTER.NET]
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Using keytab
>> [MEMORY:/etc/krb5.keytab]
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x2000): credentials initialized
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x2000): keytab ccname:
>> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c]
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x2000): credentials stored
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [ldap_child_get_tgt_sync] (0x2000): Renaming
>> [/var/lib/sss/db/ccache_MRJESTER.NET_QHqE3c] to
>> [/var/lib/sss/db/ccache_MRJESTER.NET]
>
> ...but here it succeeded...with the same principal..
>
> did you maybe change the keytab in the meantime?
>
> Or, if you crank up the debug_level even higher, you should see the IP
> address of the KDC you're talking to. I wonder if it's always the one
> you'd expect..
>
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]]
>> [prepare_response] (0x0400): Building response for result [0]
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer]
>> (0x2000): response size: 57
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [pack_buffer]
>> (0x1000): result [0] krberr [0] msgsize [37] msg
>> [FILE:/var/lib/sss/db/ccache_MRJESTER.NET]
>> (Tue Feb 23 15:07:40 2016) [[sssd[ldap_child[5745]]]] [main] (0x0400):
>> ldap_child completed successfully
>>
>>
>>
>> On Tue, Feb 23, 2016 at 2:54 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
>> > On Tue, Feb 23, 2016 at 01:32:11PM -0500, Jester wrote:
>> >> New IPA install of Fedora 23 with FreeIPA 4.2.3. Client is Ubuntu
>> >> Desktop 15.10 (nuc) with IPA client 4.1.4.
>> >>
>> >> ipa-client-install was successful. Host object created, DNS updated, etc.
>> >>
>> >> I am not able to log into the Ubuntu client with any user aside from
>> >> Admin. I get inconsistent password prompting behavior. It doesn't
>> >> always prompt. Most of the time, it just gives the client not found
>> >> message. kinit works with all users on the IPA server directly.
>> >>
>> >> root at nuc0:/var/lib/sss# kinit admin
>> >> Password for admin at MRJESTER.NET:
>> >> root at nuc0:/var/lib/sss# kinit jon
>> >> kinit: Client 'jon at MRJESTER.NET' not found in Kerberos database while
>> >> getting initial credentials
>> >> root at nuc0:/var/lib/sss# kinit jon-test
>> >> Password for jon-test at MRJESTER.NET:
>> >> Password expired. You must change it now.
>> >> Enter new password:
>> >> Enter it again:
>> >> kinit: Password change failed while getting initial credentials
>> >> root at nuc0:/var/lib/sss# kinit jon-test
>> >> kinit: Client 'jon-test at MRJESTER.NET' not found in Kerberos database
>> >> while getting initial credentials
>> >> root at nuc0:/var/lib/sss#
>> >>
>> >> I am able to do GSSAPI auth from the client.
>> >>
>> >> /usr/bin/ldapsearch -LLL -H ldap://dir0.mrjester.net/ -Y GSSAPI -N -b
>> >> "dc=mrjester,dc=net" cn
>> >>
>> >> Some various messages I see that stand out as possibly related. SSSD
>> >> debug level 8
>> >>
>> >> [parse_krb5_map_user] (0x0200): Warning: krb5_map_user is empty!
>> >>
>> >>
>> >> [sssd[be[mrjester.net]]] [sdap_get_tgt_recv] (0x0400): Child
>> >> responded: 14 [Decrypt integrity check failed], expired on [0]
>> >
>> > Please look into ldap_child with high debug level, it looks like sssd
>> > has some issues authenticating to the directory.
>> >
>> >>
>> >>
>> >> [sssd[be[mrjester.net]]] [sdap_kinit_done] (0x0100): Could not get
>> >> TGT: 14 [Bad address]
>> >> [sssd[be[mrjester.net]]] [sdap_cli_kinit_done] (0x0400): Cannot get a
>> >> TGT: ret [1432158219](Authentication Failed)
>> >> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0100): Marking port
>> >> 389 of server 'dir0.mrjester.net' as 'not working'
>> >> [sssd[be[mrjester.net]]] [fo_set_port_status] (0x0400): Marking port
>> >> 389 of duplicate server 'dir0.mrjester.net' as 'not working'
>> >>
>> >>
>> >> [sssd[be[mrjester.net]]] [sbus_get_sender_id_send] (0x2000): Not a
>> >> sysbus message, quit
>> >> [sssd[be[mrjester.net]]] [be_get_account_info] (0x0200): Got request
>> >> for [0x1001][1][name=*]
>> >> [sssd[be[mrjester.net]]] [be_req_set_domain] (0x0400): Changing
>> >> request domain from [mrjester.net] to [mrjester.net]
>> >> [sssd[be[mrjester.net]]] [sdap_idmap_domain_has_algorithmic_mapping]
>> >> (0x0080): Could not parse domain SID from [(null)]
>> >> [sssd[be[mrjester.net]]] [sdap_search_user_next_base] (0x0400):
>> >> Searching for users with base [cn=accounts,dc=mrjester,dc=net]
>> >> [sssd[be[mrjester.net]]] [sdap_print_server] (0x2000): Searching 10.8.10.40
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x0400): calling
>> >> ldap_search_ext with
>> >> [(&(uid=\2a)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=mrjester,dc=net].
>> >
>> > Do you use enumerate=true?
>> >
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [objectClass]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [uid]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [userPassword]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [uidNumber]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [gidNumber]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [gecos]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [homeDirectory]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [loginShell]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [krbPrincipalName]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [cn]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [memberOf]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [ipaUniqueID]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [ipaNTSecurityIdentifier]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [modifyTimestamp]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [entryUSN]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [shadowLastChange]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [shadowMin]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [shadowMax]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [shadowWarning]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [shadowInactive]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [shadowExpire]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [shadowFlag]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [krbLastPwdChange]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [krbPasswordExpiration]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [pwdAttribute]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [authorizedService]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [accountExpires]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [userAccountControl]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [nsAccountLock]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [host]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [loginDisabled]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [loginExpirationTime]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [loginAllowedTimeMap]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [ipaSshPubKey]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x1000):
>> >> Requesting attrs: [ipaUserAuthType]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_ext_step] (0x2000):
>> >> ldap_search_ext called, msgid = 12
>> >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
>> >> sh[0x1b6d100], connected[1], ops[0x1b6e810], ldap[0x1b7a970]
>> >> [sssd[be[mrjester.net]]] [sdap_get_generic_op_finished] (0x0400):
>> >> Search result: Success(0), no errmsg set
>> >> [sssd[be[mrjester.net]]] [sdap_search_user_process] (0x0400): Search
>> >> for users, returned 0 results.
>> >> [sssd[be[mrjester.net]]] [sdap_get_users_done] (0x0040): Failed to
>> >> retrieve users
>> >> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry
>> >> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): Search groups
>> >> with filter: (&(objectclass=group)(ghost=\2a))
>> >> [sssd[be[mrjester.net]]] [sysdb_search_groups] (0x2000): No such entry
>> >> [sssd[be[mrjester.net]]] [sysdb_delete_user] (0x0400): Error: 2 (No
>> >> such file or directory)
>> >> [sssd[be[mrjester.net]]] [sysdb_search_by_name] (0x0400): No such entry
>> >> [sssd[be[mrjester.net]]] [ipa_id_get_account_info_orig_done] (0x0080):
>> >> Object not found, ending request
>> >> [sssd[be[mrjester.net]]] [acctinfo_callback] (0x0100): Request
>> >> processed. Returned 3,0,Account info lookup failed
>> >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
>> >> sh[0x1b6d100], connected[1], ops[(nil)], ldap[0x1b7a970]
>> >> [sssd[be[mrjester.net]]] [sdap_process_result] (0x2000): Trace:
>> >> ldap_result found nothing!
>> >>
>> >>
>> >>
>> >> What additional information can I provide or things I can try?
>> >>
>> >> Thanks
>> >>
>> >> --
>> >> Manage your subscription for the Freeipa-users mailing list:
>> >> https://www.redhat.com/mailman/listinfo/freeipa-users
>> >> Go to http://freeipa.org for more info on the project
>> >
>> > --
>> > Manage your subscription for the Freeipa-users mailing list:
>> > https://www.redhat.com/mailman/listinfo/freeipa-users
>> > Go to http://freeipa.org for more info on the project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd_mrjester.net.log
Type: text/x-log
Size: 503437 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160223/073326f0/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap_child.log
Type: text/x-log
Size: 8491 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160223/073326f0/attachment-0001.bin>
More information about the Freeipa-users
mailing list