[Freeipa-users] sudo - differences between Centos 6.5 and Centos 7.0?
Tomas Simecek
simecek.tomas at gmail.com
Thu Jul 14 08:09:04 UTC 2016
Thanks all of you guys,
I have updated to:
sssd-krb5-common-1.13.3-22.el6_8.4.x86_64
sssd-1.13.3-22.el6_8.4.x86_64
sssd-ldap-1.13.3-22.el6_8.4.x86_64
sssd-client-1.13.3-22.el6_8.4.x86_64
sssd-ad-1.13.3-22.el6_8.4.x86_64
sssd-proxy-1.13.3-22.el6_8.4.x86_64
libsss_idmap-1.13.3-22.el6_8.4.x86_64
sssd-common-1.13.3-22.el6_8.4.x86_64
sssd-ipa-1.13.3-22.el6_8.4.x86_64
python-sssdconfig-1.13.3-22.el6_8.4.noarch
sssd-krb5-1.13.3-22.el6_8.4.x86_64
sssd-common-pac-1.13.3-22.el6_8.4.x86_64
(there does not seem to be libsss_sudo in Centos as suggested by Danila).
and restarted sssd.
There are two rules enabled. One HBAC as I presented earlier:
Rule name: Unixari na test servery
Enabled: TRUE
User Groups: grpunixadmins
Hosts: spcss-2t-www.linuxdomain.cz, zp-cml-test.linuxdomain.cz
Services: login, sshd, sudo, sudo-i, su, su-l
and one sudo rule:
Rule name: Pokusne
Enabled: TRUE
Command category: all
User Groups: grpunixadmins
Hosts: spcss-2t-www.linuxdomain.cz, zp-cml-test.linuxdomain.cz
Default "all-access" rules are disabled.
When I try to sudo as AD user (member of grpunixadmins) on Centos 6.6, I
still get:
[simecek.tomas at sd-stc.cz@zp-cml-test ~]$ sudo cat /etc/nsswitch.conf
[sudo] password for simecek.tomas at sd-stc.cz:
simecek.tomas at sd-stc.cz is not in the sudoers file. This incident will be
reported.
It works fine on Centos 7 (spcss-2t-www.linuxdomain.cz).
sssd.conf:
[domain/linuxdomain.cz]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = linuxdomain.cz
id_provider = ipa
krb5_realm = LINUXDOMAIN.CZ
auth_provider = ipa
access_provider = ipa
ipa_hostname = zp-cml-test.linuxdomain.cz
chpass_provider = ipa
ipa_server = svlxxipap.linuxdomain.cz
ldap_tls_cacert = /etc/ipa/ca.crt
override_shell = /bin/bash
sudo_provider = ipa
ldap_uri = ldap://svlxxipap.linuxdomain.cz
ldap_sudo_search_base = ou=sudoers,dc=linuxdomain,dc=cz
ldap_sasl_mech = GSSAPI
#ldap_sasl_authid = host/zp-cml-test.linuxdomain.cz at LINUXDOMAIN.CZ
ldap_sasl_authid = host/zp-cml-test.linuxdomain.cz
ldap_sasl_realm = LINUXDOMAIN.CZ
krb5_server = svlxxipap.linuxdomain.cz
debug_level = 0x3ff0
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
domains = linuxdomain.cz
[nss]
homedir_substring = /home
[pam]
[sudo]
debug_level = 0x3ff0
[autofs]
[ssh]
[pac]
[ifp]
sssd_sudo.log from the moment I tried sudo:
(Thu Jul 14 09:53:41 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
(0x0400): No such entry
(Thu Jul 14 09:53:41 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=
simecek.tomas at sd-stc.cz)(sudoUser=#988604700)(sudoUser=%domain\
20users at sd-stc.cz)(sudoUser=%unixadmins at sd-stc.cz
)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz)(sudoUser=%
account at sd-stc.cz)(sudoUser=%wifiadmins at sd-stc.cz
)(sudoUser=+*))(&(dataExpireTimestamp<=1468482821)))]
(Thu Jul 14 09:53:41 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Jul 14 09:53:41 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
(0x0400): No such entry
(Thu Jul 14 09:53:41 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=simecek.tomas at sd-stc.cz
)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz)(sudoUser=%
unixadmins at sd-stc.cz)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
)(sudoUser=%account at sd-stc.cz)(sudoUser=%wifiadmins at sd-stc.cz
)(sudoUser=+*)))]
(Thu Jul 14 09:53:41 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:47 2016) [sssd[sudo]] [client_recv] (0x0200): Client
disconnected!
(Thu Jul 14 09:53:47 2016) [sssd[sudo]] [client_destructor] (0x2000):
Terminated client [0x260b690][17]
(Thu Jul 14 09:53:51 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Jul 14 09:53:51 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
Client connected!
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
protocol version [1]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'simecek.tomas at sd-stc.cz' matched expression for domain '
sd-stc.cz', user is simecek.tomas
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'simecek.tomas at sd-stc.cz' matched expression for domain '
sd-stc.cz', user is simecek.tomas
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting default options for [simecek.tomas] from [sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/sd-stc.cz/simecek.tomas]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving default options for [simecek.tomas at sd-stc.cz] from [sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
(0x0400): No such entry
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=
simecek.tomas at sd-stc.cz)(sudoUser=#988604700)(sudoUser=%domain\
20users at sd-stc.cz)(sudoUser=%unixadmins at sd-stc.cz)(sudoUser=%
wifiadmins at sd-stc.cz)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
)(sudoUser=+*))(&(dataExpireTimestamp<=1468482835)))]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [<default options>@sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
protocol version [1]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'simecek.tomas at sd-stc.cz' matched expression for domain '
sd-stc.cz', user is simecek.tomas
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'simecek.tomas at sd-stc.cz' matched expression for domain '
sd-stc.cz', user is simecek.tomas
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting rules for [simecek.tomas] from [sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/sd-stc.cz/simecek.tomas]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving rules for [simecek.tomas at sd-stc.cz] from [sd-stc.cz]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
(0x0400): No such entry
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=
simecek.tomas at sd-stc.cz)(sudoUser=#988604700)(sudoUser=%domain\
20users at sd-stc.cz)(sudoUser=%unixadmins at sd-stc.cz)(sudoUser=%
wifiadmins at sd-stc.cz)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz
)(sudoUser=+*))(&(dataExpireTimestamp<=1468482835)))]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sysdb_search_group_by_gid]
(0x0400): No such entry
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=simecek.tomas at sd-stc.cz
)(sudoUser=#988604700)(sudoUser=%domain\20users at sd-stc.cz)(sudoUser=%
unixadmins at sd-stc.cz)(sudoUser=%wifiadmins at sd-stc.cz
)(sudoUser=%grpunixadmins)(sudoUser=%mfcr_mfg at sd-stc.cz)(sudoUser=+*)))]
(Thu Jul 14 09:53:55 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[sudo]] [client_recv] (0x0200): Client
disconnected!
(Thu Jul 14 09:53:59 2016) [sssd[sudo]] [client_destructor] (0x2000):
Terminated client [0x260b690][17]
(Thu Jul 14 09:54:01 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
Relevant part of sssd_linuxdomain.cz.log:
(I see only HBAC rule mentioned in the log, not the sudo rule, which is
strange)
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [be_get_account_info]
(0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=simecek.tomas]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
(0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=simecek.tomas))][cn=Default Trust
View,cn=views,cn=accounts,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 10 timeout 6
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7140b0], ldap[0x756770]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 10 finished
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
(0x0400): Executing extended operation
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
(0x2000): ldap_extended_operation sent, msgid = 11
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 11 timeout 6
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7140b0], ldap[0x756770]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7140b0], ldap[0x756770]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_done]
(0x0400): ldap_extended_operation result: Success(0), (null).
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 11 finished
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_search_by_name] (0x0400): No such entry
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
(0x0400): Executing extended operation
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_send]
(0x2000): ldap_extended_operation sent, msgid = 12
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 12 timeout 6
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x712c20], ldap[0x756770]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x712c20], ldap[0x756770]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [ipa_s2n_exop_done]
(0x0400): ldap_extended_operation result: Success(0), (null).
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 12 finished
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
simecek.tomas at sd-stc.cz
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
simecek.tomas at sd-stc.cz] to group [name=simecek.tomas at sd-stc.cz
,cn=groups,cn=sd-stc.cz,cn=sysdb]. Skipping.
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
simecek.tomas at sd-stc.cz
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
simecek.tomas at sd-stc.cz] to group [name=simecek.tomas at sd-stc.cz
,cn=groups,cn=sd-stc.cz,cn=sysdb]. Skipping.
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[(nil)], ldap[0x756770]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
(0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [be_pam_handler]
(0x0100): Got request with the following data
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): command: SSS_PAM_AUTHENTICATE
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): domain: sd-stc.cz
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): user: simecek.tomas at sd-stc.cz
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): service: sudo
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): tty: /dev/pts/0
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): ruser: simecek.tomas at sd-stc.cz
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): rhost:
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): authtok type: 1
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): priv: 0
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): cli_pid: 20051
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): logon name: not set
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[krb5_auth_queue_send] (0x1000): Wait queue of user [simecek.tomas at sd-stc.cz]
is empty, running request [0x755710] immediately.
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
(0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [get_port_status]
(0x1000): Port status of port 0 for server 'svlxxipap.linuxdomain.cz' is
'working'
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [get_server_status]
(0x1000): Status of server 'svlxxipap.linuxdomain.cz' is 'working'
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[be_resolve_server_process] (0x0200): Found address for server
svlxxipap.linuxdomain.cz: [10.1.123.103] TTL 1200
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[ipa_resolve_callback] (0x0400): Constructed uri 'ldap://
svlxxipap.linuxdomain.cz'
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_sLkk1j]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_sLkk1j]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [20056]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [20056]
(Thu Jul 14 09:53:57 2016) [sssd[be[linuxdomain.cz]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [be_get_subdomains]
(0x0400): Got get subdomains [SD-STC]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[objectclass=ipaIDRange][cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSecondaryBaseRID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTTrustedDomainSID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 13
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 13 timeout 6
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x179ad10], ldap[0x756770]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=LINUXDOMAIN.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaBaseID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaBaseRID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaSecondaryBaseRID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaIDRangeSize]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaRangeType]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x179ad10], ldap[0x756770]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=SD-STC.CZ_id_range,cn=ranges,cn=etc,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaBaseID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaBaseRID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaIDRangeSize]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaNTTrustedDomainSID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaRangeType]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x179ad10], ldap[0x756770]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 13 finished
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[objectclass=ipaNTTrustedDomain][cn=trusts,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTTrustedDomainSID]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTTrustDirection]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 14 timeout 6
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7129e0], ldap[0x756770]
(Thu Jul 14 09:53:58 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7129e0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN: [cn=sd-stc.cz,cn=ad,cn=trusts,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaNTFlatName]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaNTTrustedDomainSID]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaNTTrustDirection]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7129e0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 14 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_subdom_is_member_dom] (0x0400): 4th component is not 'trust', not a
member domain
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_subdom_get_forest] (0x2000): The forest name is sd-stc.cz
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [ipa_subdom_store]
(0x0200): Trust direction of sd-stc.cz is trust direction not set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_deref_search_with_filter_send] (0x2000): Server supports OpenLDAP
deref
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_x_deref_search_send] (0x0400): Dereferencing entry
[cn=accounts,dc=linuxdomain,dc=cz] using OpenLDAP deref
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaHost)(fqdn=zp-cml-test.linuxdomain.cz
))][cn=accounts,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 15
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 15 timeout 6
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x775c00], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x775c00], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_x_deref_parse_entry] (0x0400): Got deref control
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_x_deref_parse_entry] (0x0400): All deref results from a single
control parsed
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x775c00], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 15 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_get_view_name_done] (0x0400): No view found, using default.
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_get_view_name_done] (0x0400): Found view name [default].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
[Success]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[(nil)], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
(0x1000): Waiting for child [20056].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
(0x0100): child [20056] finished successfully.
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[parse_krb5_child_response] (0x1000): child response [0][3][45].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[parse_krb5_child_response] (0x1000): child response [0][-1073741822][24].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[parse_krb5_child_response] (0x1000): child response [0][-1073741823][32].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[parse_krb5_child_response] (0x1000): TGT times are
[1468482837][1468482837][1468518837][1468569237].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[parse_krb5_child_response] (0x1000): child response [0][6][8].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [fo_set_port_status]
(0x0100): Marking port 0 of server 'svlxxipap.linuxdomain.cz' as 'working'
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[set_server_common_status] (0x0100): Marking server '
svlxxipap.linuxdomain.cz' as 'working'
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [fo_set_port_status]
(0x0400): Marking port 0 of duplicate server 'svlxxipap.linuxdomain.cz' as
'working'
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [check_wait_queue]
(0x1000): Wait queue for user [simecek.tomas at sd-stc.cz] is empty.
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x755710] done.
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
[Success]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Sending result [0][sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Sent result [0][sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [be_req_set_domain]
(0x0400): Changing request domain from [linuxdomain.cz] to [sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [be_pam_handler]
(0x0100): Got request with the following data
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): command: SSS_PAM_ACCT_MGMT
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): domain: sd-stc.cz
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): user: simecek.tomas at sd-stc.cz
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): service: sudo
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): tty: /dev/pts/0
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): ruser: simecek.tomas at sd-stc.cz
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): rhost:
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): authtok type: 0
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): priv: 0
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): cli_pid: 20051
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [pam_print_data]
(0x0100): logon name: not set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_access_send]
(0x0400): Performing access check for user [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user
[simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_account_expired] (0x0400): IPA access control succeeded, checking AD
access control
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_account_expired_ad] (0x0400): Performing AD access check for user [
simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaHost)(fqdn=zp-cml-test.linuxdomain.cz
))][cn=accounts,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [fqdn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 16
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 16 timeout 60
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7680b0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN: [fqdn=zp-cml-test.linuxdomain.cz
,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [fqdn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [serverHostname]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaSshPubKey]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaUniqueID]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7680b0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 16 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_x_deref_search_send] (0x0400): Dereferencing entry [fqdn=
zp-cml-test.linuxdomain.cz,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
using OpenLDAP deref
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because
scope is set to base.
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
filter][fqdn=zp-cml-test.linuxdomain.cz
,cn=computers,cn=accounts,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 17
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 17 timeout 60
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7680b0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7680b0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_x_deref_parse_entry] (0x0400): Got deref control
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_deref]
(0x1000): Dereferenced DN:
ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_deref]
(0x1000): Dereferenced DN:
ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_x_deref_parse_entry] (0x0400): All deref results from a single
control parsed
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7680b0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 17 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_hbac_service_info_next] (0x0400): Sending request for next search
base: [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACService)]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(objectClass=ipaHBACService)][cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 18
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 18 timeout 60
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=sshd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN: [cn=ftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN: [cn=su,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=login,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=su-l,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=sudo,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=sudo-i,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN: [cn=gdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=gdm-password,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN: [cn=kdm,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=crond,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=vsftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=proftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=gssftp,cn=hbacservices,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 18 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_hbac_servicegroup_info_next] (0x0400): Sending request for next search
base: [cn=hbac,dc=linuxdomain,dc=cz][2][(objectClass=ipaHBACServiceGroup)]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 19
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 19 timeout 60
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [member]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[cn=ftp,cn=hbacservicegroups,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [member]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 19 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_hbac_rule_info_next] (0x0400): Sending request for next search base:
[cn=hbac,dc=linuxdomain,dc=cz][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=
zp-cml-test.linuxdomain.cz
,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=
zp-cml-test.linuxdomain.cz
,cn=computers,cn=accounts,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz)(memberHost=ipaUniqueID=07eac210-3dd9-11e6-abdf-005056961bfa,cn=sudorules,cn=sudo,dc=linuxdomain,dc=cz)))][cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaenabledflag]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accessRuleType]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCategory]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberService]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serviceCategory]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHost]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHostCategory]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalHost]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 20
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 20 timeout 60
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x754780], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x754780], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN:
[ipaUniqueID=9496e5d6-3cf8-11e6-abf9-005056961bfa,cn=hbac,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectclass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipauniqueid]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaenabledflag]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [accessRuleType]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberUser]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberService]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberHost]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x754780], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 20 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [hbac_attrs_to_rule]
(0x1000): Processing rule [Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_user_attrs_to_rule] (0x1000): Processing users for rule [Unixari na
test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sysdb_search_users]
(0x2000): Search users with filter:
(&(objectclass=user)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sysdb_search_users]
(0x2000): No such entry
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sysdb_search_groups]
(0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=cn=grpunixadmins,cn=groups,cn=accounts,dc=linuxdomain,dc=cz))
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_user_attrs_to_rule] (0x2000): Added POSIX group [grpunixadmins] to
rule [Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x1000): Processing PAM services for rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [login] to rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sshd] to rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo] to rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [sudo-i] to rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su] to rule [Unixari
na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_service_attrs_to_rule] (0x2000): Added service [su-l] to rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_thost_attrs_to_rule] (0x1000): Processing target hosts for rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_host_attrs_to_rule] (0x1000):
[fqdn=spcss-2t-www.linuxdomain.cz,cn=computers,cn=accounts,dc=linuxdomain,dc=cz]
does not map to either a host or hostgroup. Skipping
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_host_attrs_to_rule] (0x2000): Added host [zp-cml-test.linuxdomain.cz]
to rule [Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule
[Unixari na test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x1000): [8] groups for [simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=wifi,CN=Users,DC=sd-stc,DC=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=UnixAdmins,CN=Users,DC=sd-stc,DC=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=administrator_Storage_DG,CN=Users,DC=sd-stc,DC=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=mfcr_MFG,CN=Users,DC=sd-stc,DC=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=ProvozSluzeb_DG,CN=Users,DC=sd-stc,DC=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=central_DG,CN=Users,DC=sd-stc,DC=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[CN=bdcdocswriters,CN=Users,DC=sd-stc,DC=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[hbac_eval_user_element] (0x1000): Added group [grpunixadmins] for user [
simecek.tomas at sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [Unixari na
test servery]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
[Success]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[(nil)], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_get_selinux_send] (0x0400): Retrieving SELinux user mapping
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_get_selinux_send] (0x2000): Connection status is [online].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaMigrationEnabled]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSELinuxUserMapDefault]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaSELinuxUserMapOrder]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 21
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 21 timeout 60
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_entry]
(0x1000): OriginalDN: [cn=ipaConfig,cn=etc,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaMigrationEnabled]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaSELinuxUserMapDefault]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_parse_range]
(0x2000): No sub-attributes for [ipaSELinuxUserMapOrder]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x74a420], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 21 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_selinux_get_maps_next] (0x0400): Trying to fetch SELinux maps with
following parameters:
[2][(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=linuxdomain,dc=cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_print_server]
(0x2000): Searching 10.1.123.103
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=linuxdomain,dc=cz].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [seeAlso]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSELinuxUser]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaEnabledFlag]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCategory]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 22
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_add]
(0x2000): New operation 22 timeout 60
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7548e0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[0x7548e0], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_op_destructor]
(0x2000): Operation 22 finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[ipa_selinux_get_maps_done] (0x0400): No SELinux user maps found!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [20058]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [20058]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: sh[0x7516d0], connected[1], ops[(nil)], ldap[0x756770]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success)
[Success]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Sending result [0][sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]]
[be_pam_handler_callback] (0x0100): Sent result [0][sd-stc.cz]
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
(0x1000): Waiting for child [20058].
(Thu Jul 14 09:53:59 2016) [sssd[be[linuxdomain.cz]]] [child_sig_handler]
(0x0100): child [20058] finished successfully.
Thanks for trying to help guys.
Any idea what might be wrong?
Thanks
T.
2016-07-14 9:17 GMT+02:00 Lukas Slebodnik <lslebodn at redhat.com>:
> On (13/07/16 10:32), Danila Ladner wrote:
> >Update to this one:
> >It has been running smoothly on 6.5
> >
> >[root at dev-zlei.sec1 ~]# cat /etc/redhat-release
> >CentOS release 6.5 (Final)
> >
> >[root at dev-zlei.sec1 ~]# rpm -qa | grep sssd
> >sssd-client-1.12.4-47.el6.x86_64
> >sssd-ldap-1.12.4-47.el6.x86_64
> >sssd-ad-1.12.4-47.el6.x86_64
> >python-sssdconfig-1.12.4-47.el6.noarch
> >sssd-common-1.12.4-47.el6.x86_64
> >sssd-proxy-1.12.4-47.el6.x86_64
> >sssd-common-pac-1.12.4-47.el6.x86_64
> >sssd-krb5-1.12.4-47.el6.x86_64
> >sssd-ipa-1.12.4-47.el6.x86_64
> >sssd-krb5-common-1.12.4-47.el6.x86_64
> >sssd-1.12.4-47.el6.x86_64
> >
> +1 for latest sssd even on CentOS 6.5.
>
> If you have a problem with 1.12 (from 6.7)
> then we can look into log files.
> Because there is a still a chance that oyu just hit
> a bug in 1.11 which is solved in 1.12
>
> If it will not work then please provide
> sssd.conf + log files with high debug_level sssd_sudo.log
> and sssd_$domain.log
>
> LS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160714/1df19313/attachment.htm>
More information about the Freeipa-users
mailing list