[Freeipa-users] Freeipa and sudo
Justin Stephenson
jstephen at redhat.com
Mon Jul 11 17:53:08 UTC 2016
Great, glad to hear it is working for you.
-Justin
On 07/11/2016 01:46 PM, Tomas Simecek wrote:
> OK,
> thanks Justin, problem solved :-)
> I have re-checked the HBAC rule you mentioned and I noticed I can add
> "sudo" to services.
> When I added, it suddenly works. I'm idiot.
> I thought that's why we have sudo rules in IPA.
>
> Thank you big time!
>
> Tomas
>
> 2016-07-11 16:44 GMT+02:00 Justin Stephenson <jstephen at redhat.com
> <mailto:jstephen at redhat.com>>:
>
> Hello,
>
> From the logs below, it appears the failure occurs when a HBAC
> evaluation is done. Can you double-check the HBAC rule 'Unixari na
> test servery' ? Also, you can run the below command for testing
> the expected HBAC rules are allowing/denying access
>
> # ipa hbactest --user 'simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>' --host 'hostname' --service=sudo
>
> ----------------------------------------------------
>
> /(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_attrs_to_rule] (0x1000):
> Processing rule [Unixari na test servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x1000):
> Processing users for rule [Unixari na test servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000):
> Search users with filter:
> (&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): No
> such entry//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [sysdb_search_groups] (0x2000):
> Search groups with filter:
> (&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x2000):
> Added POSIX group [grpunixadmins] to rule [Unixari na test
> servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule]
> (0x1000): Processing PAM services for rule [Unixari na test
> servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule]
> (0x2000): Added service [login] to rule [Unixari na test
> servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule]
> (0x2000): Added service [sshd] to rule [Unixari na test servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_thost_attrs_to_rule]
> (0x1000): Processing target hosts for rule [Unixari na test
> servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x2000):
> Added host [spcss-2t-www.linuxdomain.cz
> <http://spcss-2t-www.linuxdomain.cz>] to rule [Unixari na test
> servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x1000):
> [fqdn=zp-cml-test.linuxdomain.cz
> <http://zp-cml-test.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
> does not map to either a host or hostgroup. Skipping//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule]
> (0x0400): Processing source hosts for rule [Unixari na test
> servery]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule]
> (0x2000): Source hosts disabled, setting ALL//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000):
> [7] groups for [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf
> [CN=UnixAdmins,CN=Users,DC=sd-stc,DC=cz]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf
> [CN=administrator_Storage_DG,CN=Users,DC=sd-stc,DC=cz]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf
> [CN=mfcr_MFG,CN=Users,DC=sd-stc,DC=cz]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf
> [CN=ProvozSluzeb_DG,CN=Users,DC=sd-stc,DC=cz]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf
> [CN=central_DG,CN=Users,DC=sd-stc,DC=cz]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf
> [CN=bdcdocswriters,CN=Users,DC=sd-stc,DC=cz]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000):
> Added group [grpunixadmins] for user [simecek.tomas at sd-stc.cz
> <mailto:simecek.tomas at sd-stc.cz>]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [ipa_hbac_evaluate_rules] (0x0080):
> Access denied by HBAC rules//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
> Backend returned: (0, 6, <NULL>) [Success (Permission denied)]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
> Sending result [6][sd-stc.cz <http://sd-stc.cz>]//
> //(Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
> Sent result [6][sd-stc.cz <http://sd-stc.cz>]/
>
>
> Kind regards,
>
> Justin Stephenson
>
> On 07/11/2016 03:04 AM, Tomas Simecek wrote:
>> Hi all,
>> thanks and sorry for my late answer again. I am new to mailing
>> lists and I assumed noone is respnding when mails are not coming.
>> I did not know I have to check on the website.
>>
>> I have enabled sssd_sudo log and here are outputs from
>> sssd_sudo.log and sssd_linuxdomain.cz.log when trying sudo again:
>> sssd_sudo.log:
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [accept_fd_handler]
>> (0x0400): Client connected!
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_cmd_get_version]
>> (0x0200): Received client version [1].
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_cmd_get_version]
>> (0x0200): Offered version [1].
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000):
>> Using protocol version [1]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sss_parse_name_for_domains] (0x0200): name
>> 'simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>'
>> matched expression for domain 'sd-stc.cz <http://sd-stc.cz>',
>> user is simecek.tomas
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sss_parse_name_for_domains] (0x0200): name
>> 'simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>'
>> matched expression for domain 'sd-stc.cz <http://sd-stc.cz>',
>> user is simecek.tomas
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_cmd_parse_query_done] (0x0200): Requesting default
>> options for [simecek.tomas] from [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_ncache_check_str]
>> (0x2000): Checking negative cache for
>> [NCE/USER/sd-stc.cz/simecek.tomas <http://sd-stc.cz/simecek.tomas>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user]
>> (0x0200): Requesting info about [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user]
>> (0x0400): Returning info for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules]
>> (0x0400): Retrieving default options for [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] from [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sysdb_search_group_by_gid] (0x0400): No such entry
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>> with
>> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz
>> <mailto:20users at sd-stc.cz>)(sudoUser=%unixadmins at sd-stc.cz
>> <mailto:unixadmins at sd-stc.cz>)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
>> <mailto:mfcr_mfg at sd-stc.cz>)(sudoUser=%account at sd-stc.cz
>> <mailto:account at sd-stc.cz>)(sudoUser=+*))(&(dataExpireTimestamp<=1468220114)))]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules]
>> (0x2000): About to get sudo rules from cache
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>> with [(&(objectClass=sudoRule)(|(name=defaults)))]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules
>> for [<default options>@sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000):
>> Using protocol version [1]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sss_parse_name_for_domains] (0x0200): name
>> 'simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>'
>> matched expression for domain 'sd-stc.cz <http://sd-stc.cz>',
>> user is simecek.tomas
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sss_parse_name_for_domains] (0x0200): name
>> 'simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>'
>> matched expression for domain 'sd-stc.cz <http://sd-stc.cz>',
>> user is simecek.tomas
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for
>> [simecek.tomas] from [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sss_ncache_check_str]
>> (0x2000): Checking negative cache for
>> [NCE/USER/sd-stc.cz/simecek.tomas <http://sd-stc.cz/simecek.tomas>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user]
>> (0x0200): Requesting info about [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_user]
>> (0x0400): Returning info for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules]
>> (0x0400): Retrieving rules for [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] from [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sysdb_search_group_by_gid] (0x0400): No such entry
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>> with
>> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz
>> <mailto:20users at sd-stc.cz>)(sudoUser=%unixadmins at sd-stc.cz
>> <mailto:unixadmins at sd-stc.cz>)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
>> <mailto:mfcr_mfg at sd-stc.cz>)(sudoUser=%account at sd-stc.cz
>> <mailto:account at sd-stc.cz>)(sudoUser=+*))(&(dataExpireTimestamp<=1468220114)))]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sudosrv_get_rules]
>> (0x2000): About to get sudo rules from cache
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sysdb_search_group_by_gid] (0x0400): No such entry
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>> with
>> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz
>> <mailto:20users at sd-stc.cz>)(sudoUser=%unixadmins at sd-stc.cz
>> <mailto:unixadmins at sd-stc.cz>)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
>> <mailto:mfcr_mfg at sd-stc.cz>)(sudoUser=%account at sd-stc.cz
>> <mailto:account at sd-stc.cz>)(sudoUser=+*)))]
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]] [sort_sudo_rules]
>> (0x0400): Sorting rules with higher-wins logic
>> (Mon Jul 11 08:55:14 2016) [sssd[sudo]]
>> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules
>> for [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:21 2016) [sssd[sudo]] [sbus_message_handler]
>> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>> on path /org/freedesktop/sssd/service
>> (Mon Jul 11 08:55:21 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>>
>> Looking at it with my untrained eye gives no clue what could be
>> wrong.
>>
>> Here is sssd_linuxdomain.cz.log from the same moment:
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_get_account_info] (0x0200): Got
>> request for [0x1002][1][name=grpunixadmins]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
>> [linuxdomain.cz <http://linuxdomain.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_groups_next_base] (0x0400):
>> Searching for groups with base [cn=accounts,dc=linuxdomain,dc=cz]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(cn=grpunixadmins)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [posixGroup]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userPassword]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [member]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTSecurityIdentifier]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [modifyTimestamp]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 32
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 32 timeout 6
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [gidNumber]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [member]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaNTSecurityIdentifier]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [modifyTimestamp]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 32 finished
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_groups_process] (0x0400):
>> Search for groups, returned 1 results.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_has_deref_support] (0x0400): The
>> server supports deref method OpenLDAP
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send]
>> (0x2000): About to process group
>> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): No such
>> entry
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_groups] (0x2000): Search
>> groups with filter:
>> (&(objectclass=group)(originalDN=cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send]
>> (0x2000): Looking up 1/1 members of group
>> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send]
>> (0x2000): Members of group
>> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
>> will be processed individually
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))][cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [posixGroup]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userPassword]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [member]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTSecurityIdentifier]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [modifyTimestamp]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 33
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 33 timeout 6
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f8415450e50],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f8415450e50],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [modifyTimestamp]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f8415450e50],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 33 finished
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_group_hash_group]
>> (0x2000): Marking group as non-posix and setting GID=0!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_group_process_send]
>> (0x2000): About to process group
>> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_group_recv] (0x0400): 0
>> users found in the hash table
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_group_recv] (0x0400): 2
>> groups found in the hash table
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
>> Processing object grpunixadmins
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Processing
>> group grpunixadmins
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_group] (0x2000): This is a
>> posix group
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original DN
>> [cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz] to
>> attributes of [grpunixadmins].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original mod-Timestamp [20160629090835Z] to attributes of
>> [grpunixadmins].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400):
>> The group has 1 members
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400):
>> Group has 1 members
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Storing
>> info for group grpunixadmins
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_attrs_get_sid_str] (0x1000): No
>> [objectSIDString] attribute. [0][Success]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
>> Processing object ad_admins_external
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Processing
>> group ad_admins_external
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_group] (0x2000): This is
>> not a posix group
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original DN
>> [cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz]
>> to attributes of [ad_admins_external].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original mod-Timestamp [20160629090835Z] to attributes of
>> [ad_admins_external].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400):
>> The group has 0 members
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_ghost_members] (0x0400):
>> Group has 0 members
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_group] (0x0400): Storing
>> info for group ad_admins_external
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
>> Processing object grpunixadmins
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400):
>> Processing group grpunixadmins
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): Adding
>> member users to group [grpunixadmins]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_fill_memberships] (0x1000):
>> member #0
>> (cn=ad_admins_external,cn=groups,cn=accounts,dc=linuxdomain,dc=cz):
>> [name=ad_admins_external,cn=groups,cn=linuxdomain.cz
>> <http://linuxdomain.cz>,cn=sysdb]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_primary_name] (0x0400):
>> Processing object ad_admins_external
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400):
>> Processing group ad_admins_external
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): Failed to
>> get group sid
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_save_grpmem] (0x0400): No
>> members for group [ad_admins_external]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_nested_done] (0x2000): No
>> external members, done(Mon Jul 11 08:55:14 2016)
>> [sssd[be[linuxdomain.cz <http://linuxdomain.cz>]]]
>> [sdap_print_server] (0x2000): Searching 10.1.123.103
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:linuxdomain.cz:1f46c9d8-3c33-11e6-9653-005056961bfa))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 34
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 34 timeout 60
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543e380],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543e380],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 34 finished
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [acctinfo_callback] (0x0100): Request
>> processed. Returned 0,0,Success (Success)
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_get_account_info] (0x0200): Got
>> request for [0x3][1][name=simecek.tomas]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
>> [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaUserOverride)(uid=simecek.tomas))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 35
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 35 timeout 60
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cece0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 35 finished
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400):
>> Executing extended operation
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
>> ldap_extended_operation sent, msgid = 36
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 36 timeout 6
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841540fe90],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841540fe90],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
>> ldap_extended_operation result: Success(0), (null).
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 36 finished
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_by_name] (0x0400): No
>> such entry
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400):
>> Executing extended operation
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
>> ldap_extended_operation sent, msgid = 37
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 37 timeout 6
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84154511d0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84154511d0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
>> ldap_extended_operation result: Success(0), (null).
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 37 finished
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000):
>> Updating memberships for simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
>> ldb_modify failed: [No such object](32)[ldb_wait: No such object
>> (32)]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400):
>> Error: 2 (No such file or directory)
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020):
>> Could not add member [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] to group
>> [name=simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
>> <http://sd-stc.cz>,cn=sysdb]. Skipping.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000):
>> Updating memberships for simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
>> ldb_modify failed: [No such object](32)[ldb_wait: No such object
>> (32)]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400):
>> Error: 2 (No such file or directory)
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020):
>> Could not add member [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] to group
>> [name=simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
>> <http://sd-stc.cz>,cn=sysdb]. Skipping.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [acctinfo_callback] (0x0100): Request
>> processed. Returned 0,0,Success (Success)
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
>> on path /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
>> [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request
>> with the following data
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
>> SSS_PAM_PREAUTH
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
>> sd-stc.cz <http://sd-stc.cz>
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 0
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok
>> type: 0
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name:
>> not set
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_queue_send] (0x1000): Wait
>> queue of user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] is empty, running request
>> [0x7f8415414ac0] immediately.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_resolve_service_send] (0x0100):
>> Trying to resolve service 'IPA'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status
>> of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_port_status] (0x1000): Port
>> status of port 0 for server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_resolve_service_activate_timeout]
>> (0x2000): Resolve timeout set to 6 seconds
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status
>> of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x1000):
>> Saving the first resolved server
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x0200):
>> Found address for server svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>: [10.1.123.103] TTL 1028
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_resolve_callback] (0x0400):
>> Constructed uri 'ldap://svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sss_krb5_realm_has_proxy] (0x0040):
>> profile_get_values failed.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000):
>> Setting up signal handler up for pid [30820]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Signal
>> handler set up for pid [30820]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [write_pipe_handler] (0x0400): All
>> data has been sent!
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [read_pipe_handler] (0x0400): EOF
>> received, client finished
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0100): Marking
>> port 0 of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [set_server_common_status] (0x0100):
>> Marking server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0400): Marking
>> port 0 of duplicate server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010):
>> unsupported PAM command [249].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010):
>> password not available, offline auth may not work.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [check_wait_queue] (0x1000): Wait
>> queue for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] is empty.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_queue_done] (0x1000):
>> krb5_auth_queue request [0x7f8415414ac0] done.
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Backend returned: (0, 0, <NULL>) [Success (Success)]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sending result [0][sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sent result [0][sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_sig_handler] (0x1000): Waiting
>> for child [30820].
>> (Mon Jul 11 08:55:14 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_sig_handler] (0x0100): child
>> [30820] finished successfully.
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
>> on path /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
>> [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request
>> with the following data
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
>> PAM_AUTHENTICATE
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
>> sd-stc.cz <http://sd-stc.cz>
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 1
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok
>> type: 0
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name:
>> not set
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_queue_send] (0x1000): Wait
>> queue of user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] is empty, running request
>> [0x7f841541e810] immediately.
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_resolve_service_send] (0x0100):
>> Trying to resolve service 'IPA'
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status
>> of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_port_status] (0x1000): Port
>> status of port 0 for server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_resolve_service_activate_timeout]
>> (0x2000): Resolve timeout set to 6 seconds
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status
>> of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x1000):
>> Saving the first resolved server
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x0200):
>> Found address for server svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>: [10.1.123.103] TTL 1028
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_resolve_callback] (0x0400):
>> Constructed uri 'ldap://svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>'
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sss_krb5_realm_has_proxy] (0x0040):
>> profile_get_values failed.
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000):
>> Setting up signal handler up for pid [30821]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Signal
>> handler set up for pid [30821]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [write_pipe_handler] (0x0400): All
>> data has been sent!
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.dataprovider.getDomains
>> on path /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_get_subdomains] (0x0400): Got get
>> subdomains [SD-STC]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaBaseID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaBaseRID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaSecondaryBaseRID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaIDRangeSize]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTTrustedDomainSID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaRangeType]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 38
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 38 timeout 6
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841542c770],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=LINUXDOMAIN.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaBaseID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaBaseRID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaSecondaryBaseRID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaIDRangeSize]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaRangeType]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841542c770],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=SD-STC.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaBaseID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaBaseRID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaIDRangeSize]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaNTTrustedDomainSID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaRangeType]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841542c770],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 38 finished
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTFlatName]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTTrustedDomainSID]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTTrustDirection]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 39
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 39 timeout 6
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:18 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=sd-stc.cz
>> <http://sd-stc.cz>,cn=ad,cn=trusts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaNTFlatName]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaNTTrustedDomainSID]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaNTTrustDirection]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 39 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_subdom_is_member_dom] (0x0400):
>> 4th component is not 'trust', not a member domain
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_subdom_get_forest] (0x2000): The
>> forest name is sd-stc.cz <http://sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_subdom_store] (0x0200): Trust
>> direction of sd-stc.cz <http://sd-stc.cz> is trust direction not set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_deref_search_with_filter_send]
>> (0x2000): Server supports OpenLDAP deref
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_x_deref_search_send] (0x0400):
>> Dereferencing entry [cn=accounts,dc=linuxdomain,dc=cz] using
>> OpenLDAP deref
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaHost)(fqdn=spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>))][cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 40
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 40 timeout 6
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400):
>> Got deref control
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400):
>> All deref results from a single control parsed
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f84153cc180],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x2000): Total count [0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 40 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_get_view_name_done] (0x0400): No
>> view found, using default.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_get_view_name_done] (0x0400):
>> Found view name [default].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_subdomains_callback] (0x0400):
>> Backend returned: (0, 0, <NULL>) [Success (Success)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [read_pipe_handler] (0x0400): EOF
>> received, client finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000):
>> child response [0][3][40].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000):
>> child response [0][-1073741822][24].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000):
>> child response [0][-1073741823][32].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000):
>> TGT times are [1468220118][1468220118][1468256118][1468306518].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [parse_krb5_child_response] (0x1000):
>> child response [0][6][8].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0100): Marking
>> port 0 of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [set_server_common_status] (0x0100):
>> Marking server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0400): Marking
>> port 0 of duplicate server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [check_wait_queue] (0x1000): Wait
>> queue for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] is empty.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_queue_done] (0x1000):
>> krb5_auth_queue request [0x7f841541e810] done.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Backend returned: (0, 0, <NULL>) [Success (Success)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sending result [0][sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sent result [0][sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_sig_handler] (0x1000): Waiting
>> for child [30821].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_sig_handler] (0x0100): child
>> [30821] finished successfully.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_get_account_info] (0x0200): Got
>> request for [0x3][1][name=simecek.tomas]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
>> [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaUserOverride)(uid=simecek.tomas))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 41
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 41 timeout 60
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841542ea90],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 41 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400):
>> Executing extended operation
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
>> ldap_extended_operation sent, msgid = 42
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 42 timeout 6
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f8415458f80],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f8415458f80],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
>> ldap_extended_operation result: Success(0), (null).
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 42 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_by_name] (0x0400): No
>> such entry
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x0400):
>> Executing extended operation
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_send] (0x2000):
>> ldap_extended_operation sent, msgid = 43
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 43 timeout 6
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841544d770],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841544d770],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_exop_done] (0x0400):
>> ldap_extended_operation result: Success(0), (null).
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 43 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000):
>> Updating memberships for simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
>> ldb_modify failed: [No such object](32)[ldb_wait: No such object
>> (32)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400):
>> Error: 2 (No such file or directory)
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020):
>> Could not add member [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] to group
>> [name=simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
>> <http://sd-stc.cz>,cn=sysdb]. Skipping.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_s2n_save_objects] (0x2000):
>> Updating memberships for simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0080):
>> ldb_modify failed: [No such object](32)[ldb_wait: No such object
>> (32)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_mod_group_member] (0x0400):
>> Error: 2 (No such file or directory)
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_update_members_ex] (0x0020):
>> Could not add member [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] to group
>> [name=simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>,cn=groups,cn=sd-stc.cz
>> <http://sd-stc.cz>,cn=sysdb]. Skipping.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [acctinfo_callback] (0x0100): Request
>> processed. Returned 0,0,Success (Success)
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
>> on path /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
>> [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request
>> with the following data
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
>> PAM_ACCT_MGMT
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
>> sd-stc.cz <http://sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok
>> type: 0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name:
>> not set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_access_send] (0x0400):
>> Performing access check for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_account_expired_rhds] (0x0400):
>> Performing RHDS access check for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_account_expired] (0x0400): IPA
>> access control succeeded, checking AD access control
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_account_expired_ad] (0x0400):
>> Performing AD access check for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaHost)(fqdn=spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>))][cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [fqdn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [serverHostname]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaSshPubKey]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 44
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 44 timeout 60
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543ecb0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [fqdn=spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [serverHostname]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaSshPubKey]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543ecb0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x2000): Total count [0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 44 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_has_deref_support] (0x0400): The
>> server supports deref method OpenLDAP
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_deref_search_send] (0x2000):
>> Server supports OpenLDAP deref
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_x_deref_search_send] (0x0400):
>> Dereferencing entry [fqdn=spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
>> using OpenLDAP deref
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with [no
>> filter][fqdn=spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 45
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 45 timeout 60
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400):
>> Got deref control
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_deref] (0x1000):
>> Dereferenced DN:
>> ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_deref] (0x1000):
>> Dereferenced DN:
>> ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_deref] (0x1000):
>> Dereferenced DN:
>> ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_x_deref_parse_entry] (0x0400):
>> All deref results from a single control parsed
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x2000): Total count [0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 45 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_hostgroup_info_done] (0x0200): No
>> host groups were dereferenced
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_hbac_service_info_next] (0x0400):
>> Sending request for next search base:
>> [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACService)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(objectClass=ipaHBACService)][cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [member]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 46
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 46 timeout 60
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=sshd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=ftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=su,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=login,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=su-l,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=sudo,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=sudo-i,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=gdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=gdm-password,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=kdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=crond,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=vsftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=proftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN: [cn=gssftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x2000): Total count [0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 46 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_hbac_servicegroup_info_next]
>> (0x0400): Sending request for next search base:
>> [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACServiceGroup)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [member]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 47
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 47 timeout 60
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [member]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [member]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841543f610],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x2000): Total count [0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 47 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_hbac_rule_info_next] (0x0400):
>> Sending request for next search base:
>> [cn=hbac,dc=linuxdomain,dc=cz][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_print_server] (0x2000):
>> Searching 10.1.123.103
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=51215b28-3dd0-11e6-b387-005056961bfa,cn=ng,cn=alt,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))][cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaenabledflag]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [accessRuleType]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberUser]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userCategory]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberService]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [serviceCategory]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sourceHost]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sourceHostCategory]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [externalHost]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberHost]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [hostCategory]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 48
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_add] (0x2000): New operation
>> 48 timeout 60
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841545aab0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841545aab0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_entry] (0x1000):
>> OriginalDN:
>> [ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaenabledflag]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [accessRuleType]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberUser]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberService]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberHost]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[0x7f841545aab0],
>> ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x0400): Search result: Success(0), no errmsg set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_get_generic_op_finished]
>> (0x2000): Total count [0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_op_destructor] (0x2000):
>> Operation 48 finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_attrs_to_rule] (0x1000):
>> Processing rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x1000):
>> Processing users for rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_users] (0x2000): No such
>> entry
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sysdb_search_groups] (0x2000): Search
>> groups with filter:
>> (&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_user_attrs_to_rule] (0x2000):
>> Added POSIX group [grpunixadmins] to rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x1000):
>> Processing PAM services for rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x2000):
>> Added service [login] to rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_service_attrs_to_rule] (0x2000):
>> Added service [sshd] to rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_thost_attrs_to_rule] (0x1000):
>> Processing target hosts for rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x2000):
>> Added host [spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>] to rule [Unixari na test
>> servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_host_attrs_to_rule] (0x1000):
>> [fqdn=zp-cml-test.linuxdomain.cz
>> <http://zp-cml-test.linuxdomain.cz>,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
>> does not map to either a host or hostgroup. Skipping
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule] (0x0400):
>> Processing source hosts for rule [Unixari na test servery]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_shost_attrs_to_rule] (0x2000):
>> Source hosts disabled, setting ALL
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000): [7]
>> groups for [simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [CN=UnixAdmins,CN=Users,DC=sd-stc,DC=cz]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf
>> [CN=administrator_Storage_DG,CN=Users,DC=sd-stc,DC=cz]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [CN=mfcr_MFG,CN=Users,DC=sd-stc,DC=cz]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf
>> [CN=ProvozSluzeb_DG,CN=Users,DC=sd-stc,DC=cz]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [CN=central_DG,CN=Users,DC=sd-stc,DC=cz]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf
>> [CN=bdcdocswriters,CN=Users,DC=sd-stc,DC=cz]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [hbac_eval_user_element] (0x1000):
>> Added group [grpunixadmins] for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_hbac_evaluate_rules] (0x0080):
>> Access denied by HBAC rules
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Backend returned: (0, 6, <NULL>) [Success (Permission denied)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sending result [6][sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sent result [6][sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x7f8415400af0], connected[1], ops[(nil)], ldap[0x7f8415405dc0]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
>> on path /org/freedesktop/sssd/dataprovider
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sbus_get_sender_id_send] (0x2000):
>> Not a sysbus message, quit
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [linuxdomain.cz <http://linuxdomain.cz>] to
>> [sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler] (0x0100): Got request
>> with the following data
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): command:
>> SSS_PAM_PREAUTH
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): domain:
>> sd-stc.cz <http://sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): user:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): service: sudo
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): tty: /dev/pts/0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): ruser:
>> simecek.tomas at sd-stc.cz <mailto:simecek.tomas at sd-stc.cz>
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): rhost:
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): authtok type: 0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): newauthtok
>> type: 0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): priv: 0
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): cli_pid: 30819
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [pam_print_data] (0x0100): logon name:
>> not set
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_queue_send] (0x1000): Wait
>> queue of user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] is empty, running request
>> [0x7f8415414ac0] immediately.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_resolve_service_send] (0x0100):
>> Trying to resolve service 'IPA'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status
>> of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_port_status] (0x1000): Port
>> status of port 0 for server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_resolve_service_activate_timeout]
>> (0x2000): Resolve timeout set to 6 seconds
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [get_server_status] (0x1000): Status
>> of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' is 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x1000):
>> Saving the first resolved server
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_resolve_server_process] (0x0200):
>> Found address for server svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>: [10.1.123.103] TTL 1028
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [ipa_resolve_callback] (0x0400):
>> Constructed uri 'ldap://svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [sss_krb5_realm_has_proxy] (0x0040):
>> profile_get_values failed.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000):
>> Setting up signal handler up for pid [30822]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_handler_setup] (0x2000): Signal
>> handler set up for pid [30822]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [write_pipe_handler] (0x0400): All
>> data has been sent!
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_sig_handler] (0x1000): Waiting
>> for child [30822].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [child_sig_handler] (0x0100): child
>> [30822] finished successfully.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [read_pipe_handler] (0x0400): EOF
>> received, client finished
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0100): Marking
>> port 0 of server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [set_server_common_status] (0x0100):
>> Marking server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [fo_set_port_status] (0x0400): Marking
>> port 0 of duplicate server 'svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>' as 'working'
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010):
>> unsupported PAM command [249].
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_store_creds] (0x0010):
>> password not available, offline auth may not work.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [check_wait_queue] (0x1000): Wait
>> queue for user [simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>] is empty.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [krb5_auth_queue_done] (0x1000):
>> krb5_auth_queue request [0x7f8415414ac0] done.
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Backend returned: (0, 0, <NULL>) [Success (Success)]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sending result [0][sd-stc.cz <http://sd-stc.cz>]
>> (Mon Jul 11 08:55:19 2016) [sssd[be[linuxdomain.cz
>> <http://linuxdomain.cz>]]] [be_pam_handler_callback] (0x0100):
>> Sent result [0][sd-stc.cz <http://sd-stc.cz>]
>>
>> Any idea what to check next?
>>
>> Thanks a lot.
>>
>> Tomas
>>
>>
>> 2016-07-04 9:50 GMT+02:00 Tomas Simecek <simecek.tomas at gmail.com
>> <mailto:simecek.tomas at gmail.com>>:
>>
>> Dear freeipa users/admins,
>> I'm trying to implement freeipa in our company, so that our
>> Unix admins can authenticate on Linux servers using their
>> Windows AD account.
>> Following this guide
>> https://www.freeipa.org/page/Active_Directory_trust_setup it
>> seems to work well, they can login without problems.
>> What I cannot make working is sudo from their AD accounts on
>> Linux.
>>
>> No matter what I try, it is still:
>>
>> sudo systemctl restart httpd
>> [sudo] password for simecek.tomas at sd-stc.cz
>> <mailto:simecek.tomas at sd-stc.cz>:
>> Sorry, try again.
>>
>> Here's our setup:
>> Freeipa server: CentOS Linux release 7.2.1511 (Core),
>> ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64
>> Freeipa client: the same
>>
>> AD domain name: sd-stc.cz <http://sd-stc.cz>
>> IPA domain: linuxdomain.cz <http://linuxdomain.cz>
>>
>> When digging in logs and googling, I realized that the
>> problem on client side could be:
>>
>> [root at spcss-2t-www ~]# kinit -k
>> kinit: Cannot determine realm for host (principal
>> host/spcss-2t-www@)
>>
>> But this seems to work:
>> [root at spcss-2t-www ~]# kinit simecek.tomas at SD-STC.CZ
>> <mailto:simecek.tomas at SD-STC.CZ>
>> Password for simecek.tomas at SD-STC.CZ
>> <mailto:simecek.tomas at SD-STC.CZ>:
>> [root at spcss-2t-www ~]# klist
>> Default principal: simecek.tomas at SD-STC.CZ
>> <mailto:simecek.tomas at SD-STC.CZ>
>>
>> Valid starting Expires Service principal
>> 07/04/2016 09:36:26 07/04/2016 19:36:26
>> krbtgt/SD-STC.CZ at SD-STC.CZ <mailto:SD-STC.CZ at SD-STC.CZ>
>> renew until 07/05/2016 09:36:23
>>
>> My /etc/sssd/sssd.conf:
>> [domain/linuxdomain.cz <http://linuxdomain.cz>]
>>
>> cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = linuxdomain.cz <http://linuxdomain.cz>
>> krb5_realm = LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ>
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> ipa_hostname = spcss-2t-www.linuxdomain.cz
>> <http://spcss-2t-www.linuxdomain.cz>
>> chpass_provider = ipa
>> ipa_server = svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> override_shell = /bin/bash
>> sudo_provider = ldap
>> ldap_uri = ldap://svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>
>> ldap_sudo_search_base = ou=sudoers,dc=linuxdomain,dc=cz
>> ldap_sasl_mech = GSSAPI
>> ldap_sasl_authid =
>> host/spcss-2t-www.linuxdomain.cz at LINUXDOMAIN.CZ
>> <mailto:spcss-2t-www.linuxdomain.cz at LINUXDOMAIN.CZ>
>> ldap_sasl_realm = LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ>
>> krb5_server = svlxxipap.linuxdomain.cz
>> <http://svlxxipap.linuxdomain.cz>
>>
>> [sssd]
>> services = nss, sudo, pam, ssh
>> config_file_version = 2
>>
>> domains = linuxdomain.cz <http://linuxdomain.cz>
>> [nss]
>> homedir_substring = /home
>> ....
>>
>> My /etc/krb5.conf:
>> #File modified by ipa-client-install
>>
>> includedir /var/lib/sss/pubconf/krb5.include.d/
>>
>> [libdefaults]
>> default_realm = LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ>
>> dns_lookup_realm = true
>> dns_lookup_kdc = true
>> rdns = false
>> ticket_lifetime = 24h
>> forwardable = yes
>> udp_preference_limit = 0
>> default_ccache_name = KEYRING:persistent:%{uid}
>>
>>
>> [realms]
>> LINUXDOMAIN.CZ <http://LINUXDOMAIN.CZ> = {
>> pkinit_anchors = FILE:/etc/ipa/ca.crt
>> }
>>
>>
>> [domain_realm]
>> .linuxdomain.cz <http://linuxdomain.cz> = LINUXDOMAIN.CZ
>> <http://LINUXDOMAIN.CZ>
>> linuxdomain.cz <http://linuxdomain.cz> = LINUXDOMAIN.CZ
>> <http://LINUXDOMAIN.CZ>
>>
>> Would you please suggest which way to investigate?
>>
>> Thanks
>>
>> Tomas Simecek
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160711/d3a13e2f/attachment.htm>
More information about the Freeipa-users
mailing list