[Freeipa-users] Freeipa and sudo
Justin Stephenson
jstephen at redhat.com
Mon Jul 11 14:44:16 UTC 2016
Hello,
From the logs below, it appears the failure occurs when a HBAC
evaluation is done. Can you double-check the HBAC rule 'Unixari na test
servery' ? Also, you can run the below command for testing the expected
HBAC rules are allowing/denying access
# ipa hbactest --user 'simecek.tomas at sd-stc.cz
<mailto:simecek.tomas at sd-stc.cz>' --host 'hostname' --service=sudo
----------------------------------------------------
/(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_attrs_to_rule] (0x1000): Processing rule [Unixari na test
servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_user_attrs_to_rule] (0x1000): Processing users for rule
[Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_search_users] (0x2000): Search users with filter:
(&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_search_users] (0x2000): No such entry//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_user_attrs_to_rule] (0x2000): Added POSIX group
[grpunixadmins] to rule [Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x1000): Processing PAM services for
rule [Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [login] to rule
[Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sshd] to rule
[Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_thost_attrs_to_rule] (0x1000): Processing target hosts for
rule [Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_host_attrs_to_rule] (0x2000): Added host
[spcss-2t-www.linuxdomain.cz] to rule [Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_host_attrs_to_rule] (0x1000):
[fqdn=zp-cml-test.linuxdomain.cz,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
does not map to either a host or hostgroup. Skipping//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for
rule [Unixari na test servery]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting
ALL//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x1000): [7] groups for
[simecek.tomas at sd-stc.cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=UnixAdmins,CN=Users,DC=sd-stc,DC=cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=administrator_Storage_DG,CN=Users,DC=sd-stc,DC=cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=mfcr_MFG,CN=Users,DC=sd-stc,DC=cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=ProvozSluzeb_DG,CN=Users,DC=sd-stc,DC=cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=central_DG,CN=Users,DC=sd-stc,DC=cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=bdcdocswriters,CN=Users,DC=sd-stc,DC=cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x1000): Added group [grpunixadmins] for
user [simecek.tomas at sd-stc.cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[ipa_hbac_evaluate_rules] (0x0080): Access denied by HBAC rules//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 6, <NULL>)
[Success (Permission denied)]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Sending result [6][sd-stc.cz]//
//(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Sent result [6][sd-stc.cz]/
Kind regards,
Justin Stephenson
On 07/11/2016 03:04 AM, Tomas Simecek wrote:
> Hi all,
> thanks and sorry for my late answer again. I am new to mailing lists
> and I assumed noone is respnding when mails are not coming.
> I did not know I have to check on the website.
>
> I have enabled sssd_sudo log and here are outputs from sssd_sudo.log
> and sssd_linuxdomain.cz.log when trying sudo again:
> sssd_sudo.log:
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
> Client connected!
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_cmd_get_version]
> (0x0200): Received client version [1].
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_cmd_get_version]
> (0x0200): Offered version [1].
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
> protocol version [1]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>' matched expression for domain
> 'sd-stc.cz <http://sd-stc.cz>', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>' matched expression for domain
> 'sd-stc.cz <http://sd-stc.cz>', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting default options for [simecek.tomas] from
> [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_ncache_check_str]
> (0x2000): Checking negative cache for
> [NCE/USER/sd-stc.cz/simecek.tomas <http://sd-stc.cz/simecek.tomas>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving default options for [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>] from [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
> (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz
> <mailto:20users at sd-stc.cz>)(sudoUser=%unixadmins at sd-stc.cz
> <mailto:unixadmins at sd-stc.cz>)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
> <mailto:mfcr_mfg at sd-stc.cz>)(sudoUser=%account at sd-stc.cz
> <mailto:account at sd-stc.cz>)(sudoUser=+*))(&(dataExpireTimestamp<=1468220114)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
> About to get sudo rules from cache
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(name=defaults)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for
> [<default options>@sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
> protocol version [1]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>' matched expression for domain
> 'sd-stc.cz <http://sd-stc.cz>', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>' matched expression for domain
> 'sd-stc.cz <http://sd-stc.cz>', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting rules for [simecek.tomas] from [sd-stc.cz
> <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_ncache_check_str]
> (0x2000): Checking negative cache for
> [NCE/USER/sd-stc.cz/simecek.tomas <http://sd-stc.cz/simecek.tomas>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving rules for [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>] from [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
> (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz
> <mailto:20users at sd-stc.cz>)(sudoUser=%unixadmins at sd-stc.cz
> <mailto:unixadmins at sd-stc.cz>)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
> <mailto:mfcr_mfg at sd-stc.cz>)(sudoUser=%account at sd-stc.cz
> <mailto:account at sd-stc.cz>)(sudoUser=+*))(&(dataExpireTimestamp<=1468220114)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
> About to get sudo rules from cache
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
> (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz
> <mailto:20users at sd-stc.cz>)(sudoUser=%unixadmins at sd-stc.cz
> <mailto:unixadmins at sd-stc.cz>)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
> <mailto:mfcr_mfg at sd-stc.cz>)(sudoUser=%account at sd-stc.cz
> <mailto:account at sd-stc.cz>)(sudoUser=+*)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
> Sorting rules with higher-wins logic
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for
> [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:21 2016) [sssd[sudo]] [sbus_message_handler]
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on
> path /org/freedesktop/sssd/service
> (Mon Jul 11 08:55:21 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
>
> Looking at it with my untrained eye gives no clue what could be wrong.
>
> Here is sssd_linuxdomain.cz.log from the same moment:
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_get_account_info] (0x0200): Got request
> for [0x1002][1][name=grpunixadmins]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
> [linuxdomain.cz <http://linuxdomain.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_groups_next_base] (0x0400):
> Searching for groups with base [cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(cn=grpunixadmins)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [posixGroup]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userPassword]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [member]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 32
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 32
> timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [gidNumber]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [member]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaNTSecurityIdentifier]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 32
> finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_groups_process] (0x0400): Search
> for groups, returned 1 results.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_has_deref_support] (0x0400): The
> server supports deref method OpenLDAP
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send] (0x2000):
> About to process group
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): Search users
> with filter:
> (&(objectclass=user)(originalDN=cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_groups] (0x2000): Search
> groups with filter:
> (&(objectclass=group)(originalDN=cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send] (0x2000):
> Looking up 1/1 members of group
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send] (0x2000):
> Members of group
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz] will be
> processed individually
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))][cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [posixGroup]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userPassword]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [member]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 33
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 33
> timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f8415450e50],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f8415450e50],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f8415450e50],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 33
> finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_group_hash_group] (0x2000):
> Marking group as non-posix and setting GID=0!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send] (0x2000):
> About to process group
> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_group_recv] (0x0400): 0 users
> found in the hash table
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_group_recv] (0x0400): 2 groups
> found in the hash table
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
> Processing object grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Processing
> group grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_group] (0x2000): This is a posix
> group
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding
> original DN
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz] to
> attributes of [grpunixadmins].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding
> original mod-Timestamp [20160629090835Z] to attributes of [grpunixadmins].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400): The
> group has 1 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400):
> Group has 1 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Storing info
> for group grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_attrs_get_sid_str] (0x1000): No
> [objectSIDString] attribute. [0][Success]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
> Processing object ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Processing
> group ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_group] (0x2000): This is not a
> posix group
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding
> original DN
> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz] to
> attributes of [ad_admins_external].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding
> original mod-Timestamp [20160629090835Z] to attributes of
> [ad_admins_external].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400): The
> group has 0 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400):
> Group has 0 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Storing info
> for group ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
> Processing object grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): Processing
> group grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): Adding member
> users to group [grpunixadmins]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_fill_memberships] (0x1000):
> member #0
> (cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz):
> [name=ad_admins_external,cn=groups,cn=linuxdomain.cz
> <http://linuxdomain.cz>,cn=sysdb]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
> Processing object ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): Processing
> group ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): Failed to get
> group sid
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): No members for
> group [ad_admins_external]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_nested_done] (0x2000): No external
> members, done(Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:linuxdomain.cz:1f46c9d8-3c33-11e6-9653-005056961bfa))][cn=Default
> Trust View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 34
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 34
> timeout 60
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543e380],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543e380],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 34
> finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [acctinfo_callback] (0x0100): Request
> processed. Returned 0,0,Success (Success)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_get_account_info] (0x0200): Got request
> for [0x3][1][name=simecek.tomas]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
> [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=simecek.tomas))][cn=Default Trust
> View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 35
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 35
> timeout 60
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cece0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 35
> finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400): Executing
> extended operation
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
> ldap_extended_operation sent, msgid = 36
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 36
> timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841540fe90],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841540fe90],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
> ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 36
> finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400): Executing
> extended operation
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
> ldap_extended_operation sent, msgid = 37
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 37
> timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84154511d0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84154511d0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
> ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 37
> finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000): Updating
> memberships for simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
> ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400): Error: 2
> (No such file or directory)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020): Could
> not add member [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>] to group
> [name=simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
> <http://sd-stc.cz>,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000): Updating
> memberships for simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
> ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400): Error: 2
> (No such file or directory)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020): Could
> not add member [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>] to group
> [name=simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
> <http://sd-stc.cz>,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [acctinfo_callback] (0x0100): Request
> processed. Returned 0,0,Success (Success)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
> [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request with
> the following data
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
> SSS_PAM_PREAUTH
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
> sd-stc.cz <http://sd-stc.cz>
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name: not set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_queue_send] (0x1000): Wait queue
> of user [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>] is
> empty, running request [0x7f8415414ac0] immediately.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_resolve_service_send] (0x0100): Trying
> to resolve service 'IPA'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status of
> server 'svlxxipap.linuxdomain.cz <http://svlxxipap.linuxdomain.cz>' is
> 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_port_status] (0x1000): Port status of
> port 0 for server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' is 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_resolve_service_activate_timeout]
> (0x2000): Resolve timeout set to 6 seconds
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status of
> server 'svlxxipap.linuxdomain.cz <http://svlxxipap.linuxdomain.cz>' is
> 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x1000):
> Saving the first resolved server
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x0200): Found
> address for server svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>: [10.1.123.103] TTL 1028
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_resolve_callback] (0x0400):
> Constructed uri 'ldap://svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sss_krb5_realm_has_proxy] (0x0040):
> profile_get_values failed.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Setting up
> signal handler up for pid [30820]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Signal
> handler set up for pid [30820]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [write_pipe_handler] (0x0400): All data has
> been sent!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [read_pipe_handler] (0x0400): EOF received,
> client finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0100): Marking port
> 0 of server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [set_server_common_status] (0x0100):
> Marking server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0400): Marking port
> 0 of duplicate server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010):
> unsupported PAM command [249].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010): password
> not available, offline auth may not work.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [check_wait_queue] (0x1000): Wait queue for
> user [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>] is empty.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_queue_done] (0x1000):
> krb5_auth_queue request [0x7f8415414ac0] done.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Backend
> returned: (0, 0, <NULL>) [Success (Success)]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sending
> result [0][sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sent
> result [0][sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_sig_handler] (0x1000): Waiting for
> child [30820].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_sig_handler] (0x0100): child [30820]
> finished successfully.
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
> [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request with
> the following data
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
> PAM_AUTHENTICATE
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
> sd-stc.cz <http://sd-stc.cz>
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 1
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name: not set
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_queue_send] (0x1000): Wait queue
> of user [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>] is
> empty, running request [0x7f841541e810] immediately.
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_resolve_service_send] (0x0100): Trying
> to resolve service 'IPA'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status of
> server 'svlxxipap.linuxdomain.cz <http://svlxxipap.linuxdomain.cz>' is
> 'working'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_port_status] (0x1000): Port status of
> port 0 for server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' is 'working'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_resolve_service_activate_timeout]
> (0x2000): Resolve timeout set to 6 seconds
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status of
> server 'svlxxipap.linuxdomain.cz <http://svlxxipap.linuxdomain.cz>' is
> 'working'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x1000):
> Saving the first resolved server
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x0200): Found
> address for server svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>: [10.1.123.103] TTL 1028
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_resolve_callback] (0x0400):
> Constructed uri 'ldap://svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sss_krb5_realm_has_proxy] (0x0040):
> profile_get_values failed.
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Setting up
> signal handler up for pid [30821]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Signal
> handler set up for pid [30821]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [write_pipe_handler] (0x0400): All data has
> been sent!
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_get_subdomains] (0x0400): Got get
> subdomains [SD-STC]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaBaseID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaSecondaryBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaIDRangeSize]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaRangeType]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 38
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 38
> timeout 6
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841542c770],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=LINUXDOMAIN.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaBaseID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaSecondaryBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaIDRangeSize]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaRangeType]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841542c770],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=SD-STC.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaBaseID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaIDRangeSize]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaRangeType]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841542c770],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 38
> finished
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTFlatName]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTTrustDirection]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 39
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 39
> timeout 6
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=sd-stc.cz <http://sd-stc.cz>,cn=ad,cn=trusts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaNTFlatName]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaNTTrustDirection]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 39
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_subdom_is_member_dom] (0x0400): 4th
> component is not 'trust', not a member domain
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_subdom_get_forest] (0x2000): The
> forest name is sd-stc.cz <http://sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_subdom_store] (0x0200): Trust
> direction of sd-stc.cz <http://sd-stc.cz> is trust direction not set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_deref_search_with_filter_send]
> (0x2000): Server supports OpenLDAP deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_x_deref_search_send] (0x0400):
> Dereferencing entry [cn=accounts,dc=linuxdomain,dc=cz] using OpenLDAP
> deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>))][cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 40
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 40
> timeout 6
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400): Got
> deref control
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400): All
> deref results from a single control parsed
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 40
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_get_view_name_done] (0x0400): No view
> found, using default.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_get_view_name_done] (0x0400): Found
> view name [default].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_subdomains_callback] (0x0400): Backend
> returned: (0, 0, <NULL>) [Success (Success)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [read_pipe_handler] (0x0400): EOF received,
> client finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000): child
> response [0][3][40].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000): child
> response [0][-1073741822][24].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000): child
> response [0][-1073741823][32].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000): TGT
> times are [1468220118][1468220118][1468256118][1468306518].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000): child
> response [0][6][8].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0100): Marking port
> 0 of server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [set_server_common_status] (0x0100):
> Marking server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0400): Marking port
> 0 of duplicate server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [check_wait_queue] (0x1000): Wait queue for
> user [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>] is empty.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_queue_done] (0x1000):
> krb5_auth_queue request [0x7f841541e810] done.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Backend
> returned: (0, 0, <NULL>) [Success (Success)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sending
> result [0][sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sent
> result [0][sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_sig_handler] (0x1000): Waiting for
> child [30821].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_sig_handler] (0x0100): child [30821]
> finished successfully.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_get_account_info] (0x0200): Got request
> for [0x3][1][name=simecek.tomas]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
> [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=simecek.tomas))][cn=Default Trust
> View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 41
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 41
> timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841542ea90],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 41
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400): Executing
> extended operation
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
> ldap_extended_operation sent, msgid = 42
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 42
> timeout 6
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f8415458f80],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f8415458f80],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
> ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 42
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400): Executing
> extended operation
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
> ldap_extended_operation sent, msgid = 43
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 43
> timeout 6
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841544d770],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841544d770],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
> ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 43
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000): Updating
> memberships for simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
> ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400): Error: 2
> (No such file or directory)
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020): Could
> not add member [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>] to group
> [name=simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
> <http://sd-stc.cz>,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000): Updating
> memberships for simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
> ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400): Error: 2
> (No such file or directory)
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020): Could
> not add member [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>] to group
> [name=simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
> <http://sd-stc.cz>,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [acctinfo_callback] (0x0100): Request
> processed. Returned 0,0,Success (Success)
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
> [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request with
> the following data
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
> PAM_ACCT_MGMT
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
> sd-stc.cz <http://sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name: not set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_access_send] (0x0400): Performing
> access check for user [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_account_expired_rhds] (0x0400):
> Performing RHDS access check for user [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_account_expired] (0x0400): IPA access
> control succeeded, checking AD access control
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_account_expired_ad] (0x0400):
> Performing AD access check for user [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>))][cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [fqdn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [serverHostname]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaSshPubKey]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 44
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 44
> timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543ecb0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [serverHostname]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaSshPubKey]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543ecb0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 44
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_has_deref_support] (0x0400): The
> server supports deref method OpenLDAP
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_deref_search_send] (0x2000): Server
> supports OpenLDAP deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_x_deref_search_send] (0x0400):
> Dereferencing entry [fqdn=spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
> using OpenLDAP deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with [no
> filter][fqdn=spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 45
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 45
> timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400): Got
> deref control
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_deref] (0x1000): Dereferenced
> DN:
> ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_deref] (0x1000): Dereferenced
> DN:
> ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_deref] (0x1000): Dereferenced
> DN:
> ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400): All
> deref results from a single control parsed
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 45
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_hostgroup_info_done] (0x0200): No host
> groups were dereferenced
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_hbac_service_info_next] (0x0400):
> Sending request for next search base:
> [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACService)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(objectClass=ipaHBACService)][cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 46
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 46
> timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=sshd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=ftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=su,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=login,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=su-l,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=sudo,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=sudo-i,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=gdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=gdm-password,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=kdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=crond,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=vsftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=proftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=gssftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 46
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_hbac_servicegroup_info_next] (0x0400):
> Sending request for next search base:
> [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACServiceGroup)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 47
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 47
> timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 47
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_hbac_rule_info_next] (0x0400): Sending
> request for next search base:
> [cn=hbac,dc=linuxdomain,dc=cz][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000): Searching
> 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))][cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaenabledflag]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [accessRuleType]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberUser]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberService]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [serviceCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sourceHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sourceHostCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [externalHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [hostCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 48
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation 48
> timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841545aab0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841545aab0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaenabledflag]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [accessRuleType]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberUser]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberService]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[0x7f841545aab0],
> ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000): Operation 48
> finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_attrs_to_rule] (0x1000): Processing
> rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x1000):
> Processing users for rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): Search users
> with filter:
> (&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): No such entry
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_groups] (0x2000): Search
> groups with filter:
> (&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x2000): Added
> POSIX group [grpunixadmins] to rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x1000):
> Processing PAM services for rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x2000):
> Added service [login] to rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x2000):
> Added service [sshd] to rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_thost_attrs_to_rule] (0x1000):
> Processing target hosts for rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x2000): Added
> host [spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>] to rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x1000):
> [fqdn=zp-cml-test.linuxdomain.cz
> <http://zp-cml-test.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
> does not map to either a host or hostgroup. Skipping
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule] (0x0400):
> Processing source hosts for rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule] (0x2000): Source
> hosts disabled, setting ALL
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000): [7]
> groups for [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=UnixAdmins,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=administrator_Storage_DG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=mfcr_MFG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=ProvozSluzeb_DG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=central_DG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=bdcdocswriters,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000): Added
> group [grpunixadmins] for user [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_hbac_evaluate_rules] (0x0080): Access
> denied by HBAC rules
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Backend
> returned: (0, 6, <NULL>) [Success (Permission denied)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sending
> result [6][sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sent
> result [6][sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
> [sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request with
> the following data
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
> SSS_PAM_PREAUTH
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
> sd-stc.cz <http://sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name: not set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_queue_send] (0x1000): Wait queue
> of user [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>] is
> empty, running request [0x7f8415414ac0] immediately.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_resolve_service_send] (0x0100): Trying
> to resolve service 'IPA'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status of
> server 'svlxxipap.linuxdomain.cz <http://svlxxipap.linuxdomain.cz>' is
> 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_port_status] (0x1000): Port status of
> port 0 for server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' is 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_resolve_service_activate_timeout]
> (0x2000): Resolve timeout set to 6 seconds
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status of
> server 'svlxxipap.linuxdomain.cz <http://svlxxipap.linuxdomain.cz>' is
> 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x1000):
> Saving the first resolved server
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x0200): Found
> address for server svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>: [10.1.123.103] TTL 1028
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_resolve_callback] (0x0400):
> Constructed uri 'ldap://svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sss_krb5_realm_has_proxy] (0x0040):
> profile_get_values failed.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Setting up
> signal handler up for pid [30822]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Signal
> handler set up for pid [30822]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [write_pipe_handler] (0x0400): All data has
> been sent!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_sig_handler] (0x1000): Waiting for
> child [30822].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [child_sig_handler] (0x0100): child [30822]
> finished successfully.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [read_pipe_handler] (0x0400): EOF received,
> client finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0100): Marking port
> 0 of server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [set_server_common_status] (0x0100):
> Marking server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0400): Marking port
> 0 of duplicate server 'svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010):
> unsupported PAM command [249].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010): password
> not available, offline auth may not work.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [check_wait_queue] (0x1000): Wait queue for
> user [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>] is empty.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [krb5_auth_queue_done] (0x1000):
> krb5_auth_queue request [0x7f8415414ac0] done.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Backend
> returned: (0, 0, <NULL>) [Success (Success)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sending
> result [0][sd-stc.cz <http://sd-stc.cz>]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sent
> result [0][sd-stc.cz <http://sd-stc.cz>]
>
> Any idea what to check next?
>
> Thanks a lot.
>
> Tomas
>
>
> 2016-07-04 9:50 GMT+02:00 Tomas Simecek <simecek.tomas at gmail.com
> <mailto:simecek.tomas at gmail.com>>:
>
> Dear freeipa users/admins,
> I'm trying to implement freeipa in our company, so that our Unix
> admins can authenticate on Linux servers using their Windows AD
> account.
> Following this guide
> https://www.freeipa.org/page/Active_Directory_trust_setup it seems
> to work well, they can login without problems.
> What I cannot make working is sudo from their AD accounts on Linux.
>
> No matter what I try, it is still:
>
> sudo systemctl restart httpd
> [sudo] password for simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>:
> Sorry, try again.
>
> Here's our setup:
> Freeipa server: CentOS Linux release 7.2.1511 (Core),
> ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64
> Freeipa client: the same
>
> AD domain name: sd-stc.cz <http://sd-stc.cz>
> IPA domain: linuxdomain.cz <http://linuxdomain.cz>
>
> When digging in logs and googling, I realized that the problem on
> client side could be:
>
> [root at spcss-2t-www ~]# kinit -k
> kinit: Cannot determine realm for host (principal host/spcss-2t-www@)
>
> But this seems to work:
> [root at spcss-2t-www ~]# kinit simecek.tomas at SD-STC.CZ
> <mailto:simecek.tomas at SD-STC.CZ>
> Password for simecek.tomas at SD-STC.CZ <mailto:simecek.tomas at SD-STC.CZ>:
> [root at spcss-2t-www ~]# klist
> Default principal: simecek.tomas at SD-STC.CZ
> <mailto:simecek.tomas at SD-STC.CZ>
>
> Valid starting Expires Service principal
> 07/04/2016 09:36:26 07/04/2016 19:36:26
> krbtgt/SD-STC.CZ at SD-STC.CZ <mailto:SD-STC.CZ at SD-STC.CZ>
> renew until 07/05/2016 09:36:23
>
> My /etc/sssd/sssd.conf:
> [domain/linuxdomain.cz <http://linuxdomain.cz>]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = linuxdomain.cz <http://linuxdomain.cz>
> krb5_realm = LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ>
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>
> chpass_provider = ipa
> ipa_server = svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>
> ldap_tls_cacert = /etc/ipa/ca.crt
> override_shell = /bin/bash
> sudo_provider = ldap
> ldap_uri = ldap://svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>
> ldap_sudo_search_base = ou=sudoers,dc=linuxdomain,dc=cz
> ldap_sasl_mech = GSSAPI
> ldap_sasl_authid = host/spcss-2t-www.linuxdomain.cz at LINUXDOMAIN.CZ
> <mailto:spcss-2t-www.linuxdomain.cz at LINUXDOMAIN.CZ>
> ldap_sasl_realm = LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ>
> krb5_server = svlxxipap.linuxdomain.cz
> <http://svlxxipap.linuxdomain.cz>
>
> [sssd]
> services = nss, sudo, pam, ssh
> config_file_version = 2
>
> domains = linuxdomain.cz <http://linuxdomain.cz>
> [nss]
> homedir_substring = /home
> ....
>
> My /etc/krb5.conf:
> #File modified by ipa-client-install
>
> includedir /var/lib/sss/pubconf/krb5.include.d/
>
> [libdefaults]
> default_realm = LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ>
> dns_lookup_realm = true
> dns_lookup_kdc = true
> rdns = false
> ticket_lifetime = 24h
> forwardable = yes
> udp_preference_limit = 0
> default_ccache_name = KEYRING:persistent:%{uid}
>
>
> [realms]
> LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ> = {
> pkinit_anchors = FILE:/etc/ipa/ca.crt
> }
>
>
> [domain_realm]
> .linuxdomain.cz <http://linuxdomain.cz> = LINUXDOMAIN.CZ
> <http://LINUXDOMAIN.CZ>
> linuxdomain.cz <http://linuxdomain.cz> = LINUXDOMAIN.CZ
> <http://LINUXDOMAIN.CZ>
>
> Would you please suggest which way to investigate?
>
> Thanks
>
> Tomas Simecek
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160711/6ac99e07/attachment.htm>
More information about the Freeipa-users
mailing list