[Freeipa-users] subdomain errors
Jakub Hrozek
jhrozek at redhat.com
Mon Apr 3 08:08:53 UTC 2017
On Fri, Mar 31, 2017 at 05:08:13PM -0600, Orion Poplawski wrote:
> I seem to be having some issues with users/groups that may be leading to
> errors in the subdomain status. Can anyone parse this for me?
>
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_cache_entry_attr]
> (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_entry_attr]
> (0x0080): Cannot set ts attrs for
> name=USER at ad.nwra.com,cn=users,cn=ad.nwra.com,cn=sysdb
This can be ignored, it's just a minor performance annoyance we track
upstream.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_cache_entry_attr]
> (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_entry_attr]
> (0x0080): Cannot set ts attrs for
> name=USER at ad.nwra.com,cn=users,cn=ad.nwra.com,cn=sysdb
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_initgr_get_overrides_step] (0x0040): The group
> name=USER at nwra.com,cn=groups,cn=nwra.com,cn=sysdb has no UUID attribute
> objectSIDString, error!
But this seems strange. Before you sanitized (presumably?) the logs, did
the DN name=USER at nwra.com,cn=groups,cn=nwra.com,cn=sysdb correspond to
an IPA object?
Did you run the sidgen task when setting up trusts or did you make sure
all replicas are either trust controllers or trust agents? Does the
entry on the IPA LDAP side have ipaNTSecurityIdentifier attribute?
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides
> failed [22].
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_srv_ad_acct_lookup_done]
> (0x0040): ipa_get_*_acct request failed: [22]: Invalid argument.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_subdomain_account_done]
> (0x0040): ipa_get_*_acct request failed: [22]: Invalid argument.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [dp_reply_std_set] (0x0080):
> DP Error is OK on failed request?
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_cache_entry_attr]
> (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_entry_attr]
> (0x0080): Cannot set ts attrs for
> name=USER at ad.nwra.com,cn=users,cn=ad.nwra.com,cn=sysdb
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_initgr_get_overrides_step] (0x0040): The group
> name=USER at nwra.com,cn=groups,cn=nwra.com,cn=sysdb has no UUID attribute
> objectSIDString, error!
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides
> failed [22].
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_srv_ad_acct_lookup_done]
> (0x0040): ipa_get_*_acct request failed: [22]: Invalid argument.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_subdomain_account_done]
> (0x0040): ipa_get_*_acct request failed: [22]: Invalid argument.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [dp_reply_std_set] (0x0080):
> DP Error is OK on failed request?
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [sdap_ad_tokengroups_get_posix_members] (0x0080): Domain not found for SID
> S-1-5-32-545
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_cache_entry_attr]
> (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [sysdb_set_entry_attr]
> (0x0080): Cannot set ts attrs for
> name=USER at ad.nwra.com,cn=users,cn=ad.nwra.com,cn=sysdb
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_add_ad_memberships_get_next] (0x0020): There are unresolved external
> group memberships even after all groups have been looked up on the LDAP server.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_srv_ad_acct_lookup_done]
> (0x0080): Sudomain lookup failed, will try to reset sudomain..
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [be_fo_reset_svc] (0x0080):
> Cannot retrieve service [ad.nwra.com]
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_srv_ad_acct_lookup_done]
> (0x0040): ipa_get_*_acct request failed: [1432158270]: Subdomain is inactive.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_subdomain_account_done]
> (0x0040): ipa_get_*_acct request failed: [1432158270]: Subdomain is inactive.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [dp_reply_std_set] (0x0080):
> DP Error is OK on failed request?
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_srv_ad_acct_lookup_done]
> (0x0080): Sudomain lookup failed, will try to reset sudomain..
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [be_fo_reset_svc] (0x0080):
> Cannot retrieve service [ad.nwra.com]
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_srv_ad_acct_lookup_done]
> (0x0040): ipa_get_*_acct request failed: [1432158270]: Subdomain is inactive.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [ipa_subdomain_account_done]
> (0x0040): ipa_get_*_acct request failed: [1432158270]: Subdomain is inactive.
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]] [dp_reply_std_set] (0x0080):
> DP Error is OK on failed request?
> (Fri Mar 31 16:54:26 2017) [sssd[be[nwra.com]]]
> [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
>
> --
> Orion Poplawski
> Technical Manager 720-772-5637
> NWRA, Boulder/CoRA Office FAX: 303-415-9702
> 3380 Mitchell Lane orion at nwra.com
> Boulder, CO 80301 http://www.nwra.com
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list