[Freeipa-users] Freeipa and sudo
Tomas Simecek
simecek.tomas at gmail.com
Mon Jul 11 17:33:06 UTC 2016
Hi Justin,
thanks for your response.
The rule you're referring to is the rule granting AD user's group access to
servers through ssh, not the sudo rule. I'm not sure why is the rule
referred in logs when doing sudo. Accessing servers using AD accounts and
ssh works fine.
Sudo rule is called Pokusne:
[root at svlxxipap ~]# ipa sudorule-show
Rule name: Pokusne
Rule name: Pokusne
Enabled: TRUE
Command category: all
User Groups: grpunixadmins
Hosts: spcss-2t-www.linuxdomain.cz, zp-cml-test.linuxdomain.cz
Here I tried to run command you suggested:
[root at svlxxipap ~]# ipa hbactest --user 'simecek.tomas at sd-stc.cz' --host
spcss-2t-www.linuxdomain.cz --service=sudo
---------------------
Access granted: False
---------------------
Not matched rules: Unixari na test servery
But why do we test HBAC rules when sudo is required? Sudo permission is
granted through sudo rules, or am I wrong?
Thanks
Tomas
2016-07-11 16:44 GMT+02:00 Justin Stephenson <jstephen at redhat.com>:
> Hello,
>
> From the logs below, it appears the failure occurs when a HBAC evaluation
> is done. Can you double-check the HBAC rule 'Unixari na test servery' ?
> Also, you can run the below command for testing the expected HBAC rules are
> allowing/denying access
>
> # ipa hbactest --user ' <simecek.tomas at sd-stc.cz>
> simecek.tomas at sd-stc.cz' --host 'hostname' --service=sudo
>
> ----------------------------------------------------
>
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_attrs_to_rule] (0x1000): Processing rule
> [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x1000): Processing
> users for rule [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): Search users with
> filter:
> (&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): No such entry*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_groups] (0x2000): Search groups
> with filter:
> (&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x2000): Added POSIX
> group [grpunixadmins] to rule [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x1000):
> Processing PAM services for rule [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x2000): Added
> service [login] to rule [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x2000): Added
> service [sshd] to rule [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_thost_attrs_to_rule] (0x1000): Processing
> target hosts for rule [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x2000): Added host
> [spcss-2t-www.linuxdomain.cz <http://spcss-2t-www.linuxdomain.cz>] to rule
> [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x1000):
> [fqdn=zp-cml-test.linuxdomain.cz
> <http://zp-cml-test.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
> does not map to either a host or hostgroup. Skipping*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule] (0x0400): Processing
> source hosts for rule [Unixari na test servery]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule] (0x2000): Source
> hosts disabled, setting ALL*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000): [7] groups
> for [simecek.tomas at sd-stc.cz <simecek.tomas at sd-stc.cz>]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=UnixAdmins,CN=Users,DC=sd-stc,DC=cz]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=administrator_Storage_DG,CN=Users,DC=sd-stc,DC=cz]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=mfcr_MFG,CN=Users,DC=sd-stc,DC=cz]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=ProvozSluzeb_DG,CN=Users,DC=sd-stc,DC=cz]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=central_DG,CN=Users,DC=sd-stc,DC=cz]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000): Skipping
> non-group memberOf [CN=bdcdocswriters,CN=Users,DC=sd-stc,DC=cz]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000): Added group
> [grpunixadmins] for user [simecek.tomas at sd-stc.cz
> <simecek.tomas at sd-stc.cz>]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_hbac_evaluate_rules] (0x0080): Access
> denied by HBAC rules*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Backend
> returned: (0, 6, <NULL>) [Success (Permission denied)]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sending
> result [6][sd-stc.cz <http://sd-stc.cz>]*
> *(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100): Sent result
> [6][sd-stc.cz <http://sd-stc.cz>]*
>
>
> Kind regards,
>
> Justin Stephenson
> On 07/11/2016 03:04 AM, Tomas Simecek wrote:
>
> Hi all,
> thanks and sorry for my late answer again. I am new to mailing lists and
> I assumed noone is respnding when mails are not coming.
> I did not know I have to check on the website.
>
> I have enabled sssd_sudo log and here are outputs from sssd_sudo.log and
> sssd_linuxdomain.cz.log when trying sudo again:
> sssd_sudo.log:
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
> Client connected!
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
> protocol version [1]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name ' <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz'
> matched expression for domain 'sd-stc.cz', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name ' <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz'
> matched expression for domain 'sd-stc.cz', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting default options for [simecek.tomas] from [sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/sd-stc.cz/simecek.tomas]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [ <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [ <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> ]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving default options for [simecek.tomas at sd-stc.cz] from [sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
> (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> )(sudoUser=#988604700)(sudoUser=%domain\ <20users at sd-stc.cz>
> 20users at sd-stc.cz)(sudoUser=% <unixadmins at sd-stc.cz>unixadmins at sd-stc.cz
> )(sudoUser=%grpunixadmins)(sudoUser=% <mfcr_mfg at sd-stc.cz>
> mfcr_mfg at sd-stc.cz)(sudoUser=% <account at sd-stc.cz>account at sd-stc.cz
> )(sudoUser=+*))(&(dataExpireTimestamp<=1468220114)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
> About to get sudo rules from cache
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(name=defaults)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 0 rules for [<default options>@sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
> protocol version [1]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name ' <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz'
> matched expression for domain 'sd-stc.cz', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name ' <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz'
> matched expression for domain 'sd-stc.cz', user is simecek.tomas
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting rules for [simecek.tomas] from [sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/sd-stc.cz/simecek.tomas]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [ <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [ <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> ]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving rules for [ <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz]
> from [sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
> (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> )(sudoUser=#988604700)(sudoUser=%domain\ <20users at sd-stc.cz>
> 20users at sd-stc.cz)(sudoUser=% <unixadmins at sd-stc.cz>unixadmins at sd-stc.cz
> )(sudoUser=%grpunixadmins)(sudoUser=% <mfcr_mfg at sd-stc.cz>
> mfcr_mfg at sd-stc.cz)(sudoUser=% <account at sd-stc.cz>account at sd-stc.cz
> )(sudoUser=+*))(&(dataExpireTimestamp<=1468220114)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
> About to get sudo rules from cache
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
> (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> )(sudoUser=#988604700)(sudoUser=%domain\ <20users at sd-stc.cz>
> 20users at sd-stc.cz)(sudoUser=% <unixadmins at sd-stc.cz>unixadmins at sd-stc.cz
> )(sudoUser=%grpunixadmins)(sudoUser=% <mfcr_mfg at sd-stc.cz>
> mfcr_mfg at sd-stc.cz)(sudoUser=% <account at sd-stc.cz>account at sd-stc.cz
> )(sudoUser=+*)))]
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
> Sorting rules with higher-wins logic
> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 1 rules for [simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:21 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Mon Jul 11 08:55:21 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
>
> Looking at it with my untrained eye gives no clue what could be wrong.
>
> Here is sssd_linuxdomain.cz.log from the same moment:
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [be_get_account_info] (0x0200): Got request for
> [0x1002][1][name=grpunixadmins]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
> (0x0400): Changing request domain from [linuxdomain.cz] to [linuxdomain.cz
> ]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_groups_next_base] (0x0400): Searching for groups with base
> [cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(cn=grpunixadmins)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTSecurityIdentifier]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 32
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 32 timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [gidNumber]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [member]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaNTSecurityIdentifier]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 32 finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_nested_group_process_send] (0x2000): About to process group
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_users] (0x2000): Search users with filter:
> (&(objectclass=user)(originalDN=cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_users] (0x2000): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_nested_group_process_send] (0x2000): Looking up 1/1 members of group
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_nested_group_process_send] (0x2000): Members of group
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz] will be
> processed individually
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))][cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTSecurityIdentifier]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 33
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 33 timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f8415450e50], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f8415450e50], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectClass]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaUniqueID]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [modifyTimestamp]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [entryUSN]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f8415450e50], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 33 finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_nested_group_hash_group] (0x2000): Marking group as non-posix and
> setting GID=0!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_nested_group_process_send] (0x2000): About to process group
> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_nested_group_recv] (0x0400): 0 users found in the hash table
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_nested_group_recv] (0x0400): 2 groups found in the hash table
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_primary_name] (0x0400): Processing object grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_group]
> (0x0400): Processing group grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_group]
> (0x2000): This is a posix group
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz] to attributes
> of [grpunixadmins].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
> [20160629090835Z] to attributes of [grpunixadmins].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_ghost_members] (0x0400): The group has 1 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_ghost_members] (0x0400): Group has 1 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_group]
> (0x0400): Storing info for group grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_attrs_get_sid_str] (0x1000): No [objectSIDString] attribute.
> [0][Success]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_primary_name] (0x0400): Processing object ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_group]
> (0x0400): Processing group ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_group]
> (0x2000): This is not a posix group
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz] to
> attributes of [ad_admins_external].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
> [20160629090835Z] to attributes of [ad_admins_external].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_ghost_members] (0x0400): The group has 0 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_ghost_members] (0x0400): Group has 0 members
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_group]
> (0x0400): Storing info for group ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_primary_name] (0x0400): Processing object grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_grpmem]
> (0x0400): Processing group grpunixadmins
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_grpmem]
> (0x0400): Adding member users to group [grpunixadmins]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_fill_memberships] (0x1000): member #0
> (cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz):
> [name=ad_admins_external,cn=groups,cn=linuxdomain.cz,cn=sysdb]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_primary_name] (0x0400): Processing object ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_grpmem]
> (0x0400): Processing group ad_admins_external
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_grpmem]
> (0x0400): Failed to get group sid
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_save_grpmem]
> (0x0400): No members for group [ad_admins_external]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_nested_done]
> (0x2000): No external members, done(Mon Jul 11 08:55:14 2016) [sssd[be[
> linuxdomain.cz]]] [sdap_print_server] (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:linuxdomain.cz:1f46c9d8-3c33-11e6-9653-005056961bfa))][cn=Default
> Trust View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 34
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 34 timeout 60
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543e380], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543e380], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 34 finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success (Success)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [be_get_account_info] (0x0200): Got request for [0x3][1][name=simecek.tomas]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
> (0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=simecek.tomas))][cn=Default Trust
> View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 35
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 35 timeout 60
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cece0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 35 finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x0400): Executing extended operation
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x2000): ldap_extended_operation sent, msgid = 36
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 36 timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841540fe90], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841540fe90], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_done]
> (0x0400): ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 36 finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x0400): Executing extended operation
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x2000): ldap_extended_operation sent, msgid = 37
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 37 timeout 6
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84154511d0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84154511d0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_done]
> (0x0400): ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 37 finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz] to group [name=
> simecek.tomas at sd-stc.cz,cn=groups,cn=sd-stc.cz,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz] to group [name=
> simecek.tomas at sd-stc.cz,cn=groups,cn=sd-stc.cz,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success (Success)
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
> (0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [be_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): command: SSS_PAM_PREAUTH
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): domain: sd-stc.cz
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): user: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): service: sudo
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): ruser: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): rhost:
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): priv: 0
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz] is empty, running
> request [0x7f8415414ac0] immediately.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
> (0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'svlxxipap.linuxdomain.cz' is
> 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
> (0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [be_resolve_server_process] (0x0200): Found address for server
> svlxxipap.linuxdomain.cz: [10.1.123.103] TTL 1028
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://
> svlxxipap.linuxdomain.cz'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [sss_krb5_realm_has_proxy] (0x0040): profile_get_values failed.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [30820]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [30820]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [read_pipe_handler]
> (0x0400): EOF received, client finished
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [set_server_common_status] (0x0100): Marking server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_store_creds] (0x0010): unsupported PAM command [249].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_store_creds] (0x0010): password not available, offline auth may
> not work.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [check_wait_queue]
> (0x1000): Wait queue for user [ <simecek.tomas at sd-stc.cz>
> simecek.tomas at sd-stc.cz] is empty.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f8415414ac0]
> done.
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success (Success)]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][sd-stc.cz]
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
> (0x1000): Waiting for child [30820].
> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
> (0x0100): child [30820] finished successfully.
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
> (0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [be_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): command: PAM_AUTHENTICATE
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): domain: sd-stc.cz
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): user: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): service: sudo
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): ruser: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): rhost:
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): authtok type: 1
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): priv: 0
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz] is empty, running
> request [0x7f841541e810] immediately.
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
> (0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'svlxxipap.linuxdomain.cz' is
> 'working'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
> (0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [be_resolve_server_process] (0x0200): Found address for server
> svlxxipap.linuxdomain.cz: [10.1.123.103] TTL 1028
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://
> svlxxipap.linuxdomain.cz'
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sss_krb5_realm_has_proxy] (0x0040): profile_get_values failed.
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [30821]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [30821]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getDomains on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [be_get_subdomains]
> (0x0400): Got get subdomains [SD-STC]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaSecondaryBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 38
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 38 timeout 6
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841542c770], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=LINUXDOMAIN.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectClass]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaBaseID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaSecondaryBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaIDRangeSize]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaRangeType]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841542c770], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=SD-STC.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectClass]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaBaseID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaBaseRID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaIDRangeSize]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaRangeType]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841542c770], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 38 finished
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTTrustDirection]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 39
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 39 timeout 6
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN: [cn=sd-stc.cz,cn=ad,cn=trusts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaNTFlatName]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaNTTrustedDomainSID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaNTTrustDirection]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 39 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_subdom_is_member_dom] (0x0400): 4th component is not 'trust', not a
> member domain
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_subdom_get_forest] (0x2000): The forest name is sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [ipa_subdom_store]
> (0x0200): Trust direction of sd-stc.cz is trust direction not set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_deref_search_with_filter_send] (0x2000): Server supports OpenLDAP
> deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_x_deref_search_send] (0x0400): Dereferencing entry
> [cn=accounts,dc=linuxdomain,dc=cz] using OpenLDAP deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=spcss-2t-www.linuxdomain.cz
> ))][cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 40
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 40 timeout 6
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_x_deref_parse_entry] (0x0400): Got deref control
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
> control parsed
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f84153cc180], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 40 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_get_view_name_done] (0x0400): No view found, using default.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_get_view_name_done] (0x0400): Found view name [default].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
> [Success (Success)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [read_pipe_handler]
> (0x0400): EOF received, client finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [parse_krb5_child_response] (0x1000): child response [0][3][40].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [parse_krb5_child_response] (0x1000): child response [0][-1073741822][24].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [parse_krb5_child_response] (0x1000): child response [0][-1073741823][32].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [parse_krb5_child_response] (0x1000): TGT times are
> [1468220118][1468220118][1468256118][1468306518].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [parse_krb5_child_response] (0x1000): child response [0][6][8].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [set_server_common_status] (0x0100): Marking server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [check_wait_queue]
> (0x1000): Wait queue for user [ <simecek.tomas at sd-stc.cz>
> simecek.tomas at sd-stc.cz] is empty.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f841541e810]
> done.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success (Success)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
> (0x1000): Waiting for child [30821].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
> (0x0100): child [30821] finished successfully.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_get_account_info] (0x0200): Got request for [0x3][1][name=simecek.tomas]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
> (0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=simecek.tomas))][cn=Default Trust
> View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 41
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 41 timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841542ea90], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 41 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x0400): Executing extended operation
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x2000): ldap_extended_operation sent, msgid = 42
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 42 timeout 6
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f8415458f80], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f8415458f80], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_done]
> (0x0400): ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 42 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x0400): Executing extended operation
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
> (0x2000): ldap_extended_operation sent, msgid = 43
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 43 timeout 6
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841544d770], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841544d770], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_done]
> (0x0400): ldap_extended_operation result: Success(0), (null).
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 43 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz] to group [name=
> simecek.tomas at sd-stc.cz,cn=groups,cn=sd-stc.cz,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz] to group [name=
> simecek.tomas at sd-stc.cz,cn=groups,cn=sd-stc.cz,cn=sysdb]. Skipping.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success (Success)
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
> (0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [be_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): command: PAM_ACCT_MGMT
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): domain: sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): user: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): service: sudo
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): ruser: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): rhost:
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): priv: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_access_send]
> (0x0400): Performing access check for user [simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user
> [simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_account_expired] (0x0400): IPA access control succeeded, checking AD
> access control
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_account_expired_ad] (0x0400): Performing AD access check for user [
> simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=spcss-2t-www.linuxdomain.cz
> ))][cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [fqdn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 44
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 44 timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543ecb0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN: [fqdn=spcss-2t-www.linuxdomain.cz
> ,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [fqdn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [serverHostname]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaSshPubKey]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaUniqueID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543ecb0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 44 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_x_deref_search_send] (0x0400): Dereferencing entry [fqdn=
> spcss-2t-www.linuxdomain.cz,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
> using OpenLDAP deref
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
> filter][fqdn=spcss-2t-www.linuxdomain.cz
> ,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 45
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 45 timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_x_deref_parse_entry] (0x0400): Got deref control
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_deref]
> (0x1000): Dereferenced DN:
> ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_deref]
> (0x1000): Dereferenced DN:
> ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_deref]
> (0x1000): Dereferenced DN:
> ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
> control parsed
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 45 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_hbac_service_info_next] (0x0400): Sending request for next search
> base: [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACService)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(objectClass=ipaHBACService)][cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 46
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 46 timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=sshd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN: [cn=ftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN: [cn=su,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=login,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=su-l,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=sudo,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=sudo-i,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN: [cn=gdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=gdm-password,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN: [cn=kdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=crond,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=vsftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=proftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=gssftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 46 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_hbac_servicegroup_info_next] (0x0400): Sending request for next search
> base: [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACServiceGroup)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 47
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 47 timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [member]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841543f610], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 47 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_hbac_rule_info_next] (0x0400): Sending request for next search base:
> [cn=hbac,dc=linuxdomain,dc=cz][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=
> spcss-2t-www.linuxdomain.cz
> ,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
> (0x2000): Searching 10.1.123.103
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=
> spcss-2t-www.linuxdomain.cz
> ,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))][cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaenabledflag]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accessRuleType]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberService]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serviceCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHostCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 48
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
> (0x2000): New operation 48 timeout 60
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841545aab0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841545aab0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
> (0x1000): OriginalDN:
> [ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [objectclass]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [cn]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipauniqueid]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [ipaenabledflag]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [accessRuleType]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberUser]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberService]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
> (0x2000): No sub-attributes for [memberHost]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[0x7f841545aab0], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_op_destructor] (0x2000): Operation 48 finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_attrs_to_rule] (0x1000): Processing rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_user_attrs_to_rule] (0x1000): Processing users for rule [Unixari na
> test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_users] (0x2000): Search users with filter:
> (&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_users] (0x2000): No such entry
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_user_attrs_to_rule] (0x2000): Added POSIX group [grpunixadmins] to
> rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_service_attrs_to_rule] (0x1000): Processing PAM services for rule
> [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_service_attrs_to_rule] (0x2000): Added service [login] to rule
> [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_service_attrs_to_rule] (0x2000): Added service [sshd] to rule
> [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_thost_attrs_to_rule] (0x1000): Processing target hosts for rule
> [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_host_attrs_to_rule] (0x2000): Added host [
> spcss-2t-www.linuxdomain.cz] to rule [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_host_attrs_to_rule] (0x1000): [fqdn=zp-cml-test.linuxdomain.cz,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
> does not map to either a host or hostgroup. Skipping
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule
> [Unixari na test servery]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x1000): [7] groups for [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
> [CN=UnixAdmins,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
> [CN=administrator_Storage_DG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
> [CN=mfcr_MFG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
> [CN=ProvozSluzeb_DG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
> [CN=central_DG,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
> [CN=bdcdocswriters,CN=Users,DC=sd-stc,DC=cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [hbac_eval_user_element] (0x1000): Added group [grpunixadmins] for user [
> simecek.tomas at sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_hbac_evaluate_rules] (0x0080): Access denied by HBAC rules
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 6, <NULL>)
> [Success (Permission denied)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sending result [6][sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sent result [6][sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f8415400af0], connected[1],
> ops[(nil)], ldap[0x7f8415405dc0]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
> (0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [be_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): command: SSS_PAM_PREAUTH
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): domain: sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): user: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): service: sudo
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): tty: /dev/pts/0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): ruser: <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): rhost:
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): priv: 0
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): cli_pid: 30819
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [
> <simecek.tomas at sd-stc.cz>simecek.tomas at sd-stc.cz] is empty, running
> request [0x7f8415414ac0] immediately.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
> (0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'svlxxipap.linuxdomain.cz' is
> 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
> (0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_resolve_server_process] (0x0200): Found address for server
> svlxxipap.linuxdomain.cz: [10.1.123.103] TTL 1028
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://
> svlxxipap.linuxdomain.cz'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [sss_krb5_realm_has_proxy] (0x0040): profile_get_values failed.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [30822]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [30822]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
> (0x1000): Waiting for child [30822].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
> (0x0100): child [30822] finished successfully.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [read_pipe_handler]
> (0x0400): EOF received, client finished
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [set_server_common_status] (0x0100): Marking server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server '
> svlxxipap.linuxdomain.cz' as 'working'
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_store_creds] (0x0010): unsupported PAM command [249].
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_store_creds] (0x0010): password not available, offline auth may
> not work.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]] [check_wait_queue]
> (0x1000): Wait queue for user [ <simecek.tomas at sd-stc.cz>
> simecek.tomas at sd-stc.cz] is empty.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f8415414ac0]
> done.
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success (Success)]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][sd-stc.cz]
> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][sd-stc.cz]
>
> Any idea what to check next?
>
> Thanks a lot.
>
> Tomas
>
>
> 2016-07-04 9:50 GMT+02:00 Tomas Simecek <simecek.tomas at gmail.com>:
>
>> Dear freeipa users/admins,
>> I'm trying to implement freeipa in our company, so that our Unix admins
>> can authenticate on Linux servers using their Windows AD account.
>> Following this guide
>> https://www.freeipa.org/page/Active_Directory_trust_setup it seems to
>> work well, they can login without problems.
>> What I cannot make working is sudo from their AD accounts on Linux.
>>
>> No matter what I try, it is still:
>>
>> sudo systemctl restart httpd
>> [sudo] password for simecek.tomas at sd-stc.cz:
>> Sorry, try again.
>>
>> Here's our setup:
>> Freeipa server: CentOS Linux release 7.2.1511 (Core),
>> ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64
>> Freeipa client: the same
>>
>> AD domain name: sd-stc.cz
>> IPA domain: linuxdomain.cz
>>
>> When digging in logs and googling, I realized that the problem on client
>> side could be:
>>
>> [root at spcss-2t-www ~]# kinit -k
>> kinit: Cannot determine realm for host (principal host/spcss-2t-www@)
>>
>> But this seems to work:
>> [root at spcss-2t-www ~]# kinit simecek.tomas at SD-STC.CZ
>> Password for simecek.tomas at SD-STC.CZ:
>> [root at spcss-2t-www ~]# klist
>> Default principal: simecek.tomas at SD-STC.CZ
>>
>> Valid starting Expires Service principal
>> 07/04/2016 09:36:26 07/04/2016 19:36:26 krbtgt/ <SD-STC.CZ at SD-STC.CZ>
>> SD-STC.CZ at SD-STC.CZ
>> renew until 07/05/2016 09:36:23
>>
>> My /etc/sssd/sssd.conf:
>> [domain/linuxdomain.cz]
>>
>> cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = linuxdomain.cz
>> krb5_realm = LINUXDOMAIN.CZ
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> ipa_hostname = spcss-2t-www.linuxdomain.cz
>> chpass_provider = ipa
>> ipa_server = svlxxipap.linuxdomain.cz
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> override_shell = /bin/bash
>> sudo_provider = ldap
>> ldap_uri = ldap://svlxxipap.linuxdomain.cz
>> ldap_sudo_search_base = ou=sudoers,dc=linuxdomain,dc=cz
>> ldap_sasl_mech = GSSAPI
>> ldap_sasl_authid = host/spcss-2t-www.linuxdomain.cz at LINUXDOMAIN.CZ
>> ldap_sasl_realm = LINUXDOMAIN.CZ
>> krb5_server = svlxxipap.linuxdomain.cz
>>
>> [sssd]
>> services = nss, sudo, pam, ssh
>> config_file_version = 2
>>
>> domains = linuxdomain.cz
>> [nss]
>> homedir_substring = /home
>> ....
>>
>> My /etc/krb5.conf:
>> #File modified by ipa-client-install
>>
>> includedir /var/lib/sss/pubconf/krb5.include.d/
>>
>> [libdefaults]
>> default_realm = LINUXDOMAIN.CZ
>> dns_lookup_realm = true
>> dns_lookup_kdc = true
>> rdns = false
>> ticket_lifetime = 24h
>> forwardable = yes
>> udp_preference_limit = 0
>> default_ccache_name = KEYRING:persistent:%{uid}
>>
>>
>> [realms]
>> LINUXDOMAIN.CZ = {
>> pkinit_anchors = FILE:/etc/ipa/ca.crt
>> }
>>
>>
>> [domain_realm]
>> .linuxdomain.cz = LINUXDOMAIN.CZ
>> linuxdomain.cz = LINUXDOMAIN.CZ
>>
>> Would you please suggest which way to investigate?
>>
>> Thanks
>>
>> Tomas Simecek
>>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160711/8a1bcc35/attachment.htm>
More information about the Freeipa-users
mailing list