Discussion:
Using SSSD with Samab4 DC
(too old to reply)
Chris Hayes
2013-07-30 23:58:49 UTC
Permalink
Hi everyone,

My aim is to have consistent Active Directory Users/Groups to Unix
UID/GID designations across several Linux machines joined to that
domain. Ideally without explicitly setting these in the directory.

After failing to get Winbind with a RID backend to work as desired, a
Samba user suggested that I try using SSSD instead.

For the last few hours I've been trying to get this to work; but
without much luck.

Right now I'm hitting a problem whereby SSSD's unable to find valid
users because none of my directory users have the attribute
"dataExpireTimestamp" and this is part of the search filter.

(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(0x0400): Search users with filter:
(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE
xpireTimestamp<=1375226518)(!(lastLogin=*))))
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_callback": 0x186bbc0
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_timeout": 0x186bce0
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Destroying timer event 0x186bce0 "ltdb_timeout"
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Ending timer event 0x186bbc0 "ltdb_callback"
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(0x0400): No such entry

I've tried explicitly setting this without any luck. IT seems to be
ignoring the following line.

ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)

And here's what I mean about that attribute affecting the search.
First using the filter that SSSD is using, second time using one that
doesn't reference the "dataExpireTimestamp" attribute.

/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33
'(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))'
- -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local
# returned 0 records
# 0 entries
# 0 referrals

/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33
'(&(objectclass=user)(!(lastLogin=*)))' -UAdministrator%XXX -b
CN=Users,DC=devdom,DC=orange,DC=local
[...]
# returned 5 records
# 5 entries
# 0 referrals

I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my Domain
Controller.

This is my current SSSD configuration (/etc/sssd/sssd.conf):

[sssd]
domains = DEVDOM
services = nss, pam
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
offline_credentials_expiration = 0
reconnection_retries = 3

[domain/DEVDOM]
debug_level = 9

description = LDAP domain with AD server
id_provider = ldap
auth_provider = krb5
;auth_provider = ldap
ldap_default_bind_dn =
cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local
ldap_default_authtok_type = password
ldap_default_authtok = XXX
;ldap_user_object_class = person
;ldap_user_name = msSFU30Name
;ldap_user_uid_number = msSFU30UidNumber
;ldap_user_gid_number = msSFU30GidNumber
;ldap_user_home_directory = msSFU30HomeDirectory
;ldap_user_shell = msSFU30LoginShell
;ldap_user_principal = userPrincipalName
;ldap_group_object_class = group
;ldap_group_name = msSFU30Name
;ldap_group_gid_number = msSFU30GidNumber

enumerate = TRUE
;cache_credentials = TRUE

chpass_provider = krb5

;tls_reqcert = demand
;ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt

ldap_id_mapping = True
ldap_idmap_default_domain_sid = S-1-5-21-2003857637-2616505931-2053645484
ldap_idmap_range_min = 70000
ldap_idmap_range_max = 7000000
ldap_schema = ad

;; kerberos config ;;
auth_provider = krb5
krb5_server = hirst.devdom.orange.local
krb5_realm = DEVDOM.ORANGE.LOCAL
krb5_changepw_principle = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15
;cache_credentials = True

;;
https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html
;;
ldap_referrals = False
;ldap_search_base = CN=users,DC=devdom,DC=orange,DC=local
ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
;ldap_group_search_base =
CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)

Any ideas as to what could help would be really appreciated.

Thanks for your time,
- --
Chris Hayes
Stephen Gallagher
2013-07-31 00:42:23 UTC
Permalink
Post by Chris Hayes
Hi everyone,
My aim is to have consistent Active Directory Users/Groups to Unix
UID/GID designations across several Linux machines joined to that
domain. Ideally without explicitly setting these in the directory.
After failing to get Winbind with a RID backend to work as desired,
a Samba user suggested that I try using SSSD instead.
For the last few hours I've been trying to get this to work; but
without much luck.
Right now I'm hitting a problem whereby SSSD's unable to find
valid users because none of my directory users have the attribute
"dataExpireTimestamp" and this is part of the search filter.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE
xpireTimestamp<=1375226518)(!(lastLogin=*))))
That's not an LDAP search (though it uses the same syntax). That's an
internal search of our cache, which uses an LDAP-like database. The
dataExpireTimestamp is an internal attribute we use to identify when a
cached entry is expired and needs to be refreshed.
Post by Chris Hayes
tevent: Added timed event "ltdb_callback": 0x186bbc0 (Wed Jul 31
00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added
timed event "ltdb_timeout": 0x186bce0 (Wed Jul 31 00:21:58 2013)
[sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event
0x186bce0 "ltdb_timeout" (Wed Jul 31 00:21:58 2013)
[sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event
0x186bbc0 "ltdb_callback" (Wed Jul 31 00:21:58 2013)
[sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): No such entry
What this is telling you is that the entry wasn't found in the cache.
The next steps in the log *should* show it attempting to ask the LDAP
server to refresh the cache. We need to see more to help debug the
situation. If it's not going to LDAP here, it probably means that some
earlier attempt to talk to LDAP put the SSSD into 'offline' mode. This
may have been due to a misconfiguration, such as the server not
allowing the bind user access.
Post by Chris Hayes
I've tried explicitly setting this without any luck. IT seems to
be ignoring the following line.
ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
And here's what I mean about that attribute affecting the search.
First using the filter that SSSD is using, second time using one
that doesn't reference the "dataExpireTimestamp" attribute.
/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33
'(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))'
- -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local
Post by Chris Hayes
# returned 0 records # 0 entries # 0 referrals
/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33
'(&(objectclass=user)(!(lastLogin=*)))' -UAdministrator%XXX -b
CN=Users,DC=devdom,DC=orange,DC=local [...] # returned 5 records #
5 entries # 0 referrals
As I said above, you're confusing an internal cache lookup against our
LDB database with an LDAP search.
Post by Chris Hayes
I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my
Domain Controller.
I *strongly* encourage you to try SSSD 1.9.x (available in Fedora,
RHEL 6.4+ and many other distributions; you didn't say which OS you
were running). Among other things, it's *much* easier to configure for
AD (especially if you use realmd or adcli to set up the keytab)
Post by Chris Hayes
[sssd] domains = DEVDOM services = nss, pam config_file_version =
2 reconnection_retries = 3 sbus_timeout = 30
[nss] filter_groups = root filter_users = root reconnection_retries
= 3
[pam] offline_credentials_expiration = 0 reconnection_retries = 3
[domain/DEVDOM] debug_level = 9
description = LDAP domain with AD server id_provider = ldap
auth_provider = krb5 ;auth_provider = ldap ldap_default_bind_dn =
cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local
ldap_default_authtok_type = password ldap_default_authtok = XXX
Not related, but you almost certainly don't want to be using
password-auth for the bind DN if you're not encrypting the
communication channel with LDAPS, LDAP+TLS or LDAP+SASL. The LDAP
protocol puts the password on the wire in plaintext for all to intercept.

The best solution would be to set SSSD (1.9.x+) up with adcli to join
the realm and create a keytab that you could use for SSSD's
authentication to the server.
Post by Chris Hayes
;ldap_user_object_class = person ;ldap_user_name = msSFU30Name
;ldap_user_uid_number = msSFU30UidNumber ;ldap_user_gid_number =
msSFU30GidNumber ;ldap_user_home_directory = msSFU30HomeDirectory
;ldap_user_shell = msSFU30LoginShell ;ldap_user_principal =
userPrincipalName ;ldap_group_object_class = group ;ldap_group_name
= msSFU30Name ;ldap_group_gid_number = msSFU30GidNumber
enumerate = TRUE ;cache_credentials = TRUE
chpass_provider = krb5
;tls_reqcert = demand ;ldap_tls_cacert =
/etc/pki/tls/certs/ca-bundle.crt
ldap_id_mapping = True ldap_idmap_default_domain_sid =
S-1-5-21-2003857637-2616505931-2053645484 ldap_idmap_range_min =
70000 ldap_idmap_range_max = 7000000 ldap_schema = ad
;; kerberos config ;; auth_provider = krb5 krb5_server =
hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL
krb5_changepw_principle = kadmin/changepw krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout =
15 ;cache_credentials = True
;;
https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html
;;
Post by Chris Hayes
ldap_referrals = False ;ldap_search_base =
CN=users,DC=devdom,DC=orange,DC=local ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
;ldap_group_search_base =
Post by Chris Hayes
CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)
Any ideas as to what could help would be really appreciated.
Thanks for your time,
As I said above, we really need more logs (at level 6 or above) to
help you figure out where things went wrong. I notice that you're
using 'enumerate = True', so there's a very real possibility that the
initial enumeration run that occurs when you start SSSD is detecting
an error and marking the SSSD offline. While you're testing right now,
I'd recommend setting that to False and using 'getent passwd
<username>' to test whether IDs are coming back. If that works, but it
doesn't when you turn enumerate back on, it probably means that one or
more of the entries in LDAP is invalid or contradictory, and you'll
need to check the enumerate logs for the reason.

Good enough to start with? You may also want to review
https://fedorahosted.org/sssd/wiki/FAQ#Troubleshooting for some more
tricks (though some are outdated; we support the 'ad' ldap_schema now
as well. I'll fix later; right now the Fedora Infrastructure is having
a planned patch outage)
Rowland Penny
2013-07-31 09:03:58 UTC
Permalink
OK, try this sssd.conf:

[sssd]
domains = DEVDOM
services = nss, pam
config_file_version = 2

[nss]

[pam]

[domain/DEVDOM]
debug_level = 9
description = LDAP domain with AD server
cache_credentials = True
enumerate = TRUE
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap

krb5_server = hirst.devdom.orange.local
krb5_kpasswd = hirst.devdom.orange.local
krb5_realm = DEVDOM.ORANGE.LOCAL

ldap_referrals = false
ldap_sasl_mech = GSSAPI
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true

ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName

ldap_group_object_class = group
ldap_group_name = sAMAccountName

This is based on my working conf file, but you need to have in the clients
smb.conf, this:

[global]
workgroup = DEVDOM
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
password server = HIRST.DEVDOM.ORANGE.LOCAL
realm = DEVDOM.ORANGE.LOCAL
security = ads

Also the computer needs to be joined to the domain.

Rowland
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everyone,
My aim is to have consistent Active Directory Users/Groups to Unix
UID/GID designations across several Linux machines joined to that
domain. Ideally without explicitly setting these in the directory.
After failing to get Winbind with a RID backend to work as desired, a
Samba user suggested that I try using SSSD instead.
For the last few hours I've been trying to get this to work; but
without much luck.
Right now I'm hitting a problem whereby SSSD's unable to find valid
users because none of my directory users have the attribute
"dataExpireTimestamp" and this is part of the search filter.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE
xpireTimestamp<=1375226518)(!(lastLogin=*))))
Added timed event "ltdb_callback": 0x186bbc0
Added timed event "ltdb_timeout": 0x186bce0
Destroying timer event 0x186bce0 "ltdb_timeout"
Ending timer event 0x186bbc0 "ltdb_callback"
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(0x0400): No such entry
I've tried explicitly setting this without any luck. IT seems to be
ignoring the following line.
ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
And here's what I mean about that attribute affecting the search.
First using the filter that SSSD is using, second time using one that
doesn't reference the "dataExpireTimestamp" attribute.
/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33
'(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))'
- -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local
# returned 0 records
# 0 entries
# 0 referrals
/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33
'(&(objectclass=user)(!(lastLogin=*)))' -UAdministrator%XXX -b
CN=Users,DC=devdom,DC=orange,DC=local
[...]
# returned 5 records
# 5 entries
# 0 referrals
I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my Domain
Controller.
[sssd]
domains = DEVDOM
services = nss, pam
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
offline_credentials_expiration = 0
reconnection_retries = 3
[domain/DEVDOM]
debug_level = 9
description = LDAP domain with AD server
id_provider = ldap
auth_provider = krb5
;auth_provider = ldap
ldap_default_bind_dn =
cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local
ldap_default_authtok_type = password
ldap_default_authtok = XXX
;ldap_user_object_class = person
;ldap_user_name = msSFU30Name
;ldap_user_uid_number = msSFU30UidNumber
;ldap_user_gid_number = msSFU30GidNumber
;ldap_user_home_directory = msSFU30HomeDirectory
;ldap_user_shell = msSFU30LoginShell
;ldap_user_principal = userPrincipalName
;ldap_group_object_class = group
;ldap_group_name = msSFU30Name
;ldap_group_gid_number = msSFU30GidNumber
enumerate = TRUE
;cache_credentials = TRUE
chpass_provider = krb5
;tls_reqcert = demand
;ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_id_mapping = True
ldap_idmap_default_domain_sid = S-1-5-21-2003857637-2616505931-2053645484
ldap_idmap_range_min = 70000
ldap_idmap_range_max = 7000000
ldap_schema = ad
;; kerberos config ;;
auth_provider = krb5
krb5_server = hirst.devdom.orange.local
krb5_realm = DEVDOM.ORANGE.LOCAL
krb5_changepw_principle = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15
;cache_credentials = True
;;
https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html
;;
ldap_referrals = False
;ldap_search_base = CN=users,DC=devdom,DC=orange,DC=local
ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
;ldap_group_search_base =
CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)
Any ideas as to what could help would be really appreciated.
Thanks for your time,
- --
Chris Hayes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJR+FM5AAoJELgO0A8EguAKbF0IAKIjfYwO2zFpuhmk97TgsV21
T/nFBTpMPbkv7qsELkI5E+s+E4xo66nowrVG2GYuO9DBQ1MxCjNamR8Py/8Qa9de
0CIcWzCKe1/SYLNmQ30AOcNxc1S0n3Z7rMTtXDUU/O7gj/v/qbb174lFnn+7+l9R
B8MJ1YFmZUrgcJrs33X+antsIqcIfbQptXt1Z6CUH/qSFEmJ58fhE5fXeQJIw07n
9UxokKmE3HN19bIBwQQ1QHBskcg0oGqrRO/oHE9Jqb3y1CKZlvjsLFJlsi/9aUr2
lppZB9OECXSJyovQNj4R0QboU+AKkO6QNefrUyekUxws/OZNeU7PWCCQ8/HtdlY=
=LP+G
-----END PGP SIGNATURE-----
_______________________________________________
sssd-users mailing list
sssd-users at lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fedorahosted.org/pipermail/sssd-users/attachments/20130731/36e3974f/attachment.html>
Chris Hayes
2013-07-31 20:30:42 UTC
Permalink
Hi Rowland,

Thanks for your advice. I've implemented the configuration that you
suggested, changing it to match my domain.

Still not having any luck though; here's the log (tailing it in the
background) for when I run the following getent command.

Any thoughts would be really appreciated. I'm still on version 1.8.4
and ideally I'd like stick with that as it's what Debian provides.

root at blipp:~# getent passwd "DEVDOM\MURHPY" MURPHY "DEVDOM+MURPHY"
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): dbus conn: 16CE7F0
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sbus_message_handler]
(0x4000): Received SBUS method [getAccountInfo]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_get_account_info]
(0x0100): Got request for [4097][1][name=DEVDOM\MURHPY]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_id_op_connect_step] (0x4000): beginning to connect
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_port_status]
(0x1000): Port status of port 0 for server '(no name)' is 'neutral'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to
10 seconds
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_srv_send]
(0x0400): The status of SRV lookup is neutral
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolve_get_domain_send] (0x1000): Host name is: blipp
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_is_address]
(0x4000): [blipp] does not look like an IP address
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_step] (0x2000): Querying files
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record
of 'blipp' in files
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolve_get_domain_done] (0x1000): The full FQDN is:
blipp.devdom.orange.local
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_srv_cont]
(0x0100): Searching for servers via SRV query
'_ldap._tcp.devdom.orange.local'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_getsrv_send]
(0x0100): Trying to resolve SRV record of '_ldap._tcp.devdom.orange.local'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_srv_done]
(0x0400): Inserted server 'hirst.devdom.orange.local:389' for service LDAP
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'LDAP' as 'resolved'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_server_status]
(0x1000): Status of server 'hirst.devdom.orange.local' is 'name not
resolved'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_is_address]
(0x4000): [hirst.devdom.orange.local] does not look like an IP address
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_step] (0x2000): Querying files
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record
of 'hirst.devdom.orange.local' in files
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[set_server_common_status] (0x0100): Marking server
'hirst.devdom.orange.local' as 'resolving name'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_step] (0x2000): Querying files
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA
record of 'hirst.devdom.orange.local' in files
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_next] (0x0200): No more address families to retry
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_step] (0x2000): Querying DNS
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record
of 'hirst.devdom.orange.local' in DNS
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[set_server_common_status] (0x0100): Marking server
'hirst.devdom.orange.local' as 'name resolved'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done]
(0x1000): Saving the first resolved server
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done]
(0x0200): Found address for server hirst.devdom.orange.local:
[192.168.1.33] TTL 900
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_uri_callback]
(0x0400): Constructed uri 'ldap://hirst.devdom.orange.local:389'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sss_ldap_init_send]
(0x4000): Using file descriptor [23] for LDAP connection.
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sss_ldap_init_send]
(0x0400): Setting 6 seconds timeout for connecting
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://hirst.devdom.orange.local:389/??base] with fd [23].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_rootdse_send]
(0x4000): Getting rootdse
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(objectclass=*)][].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedExtension]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedFeatures]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedLDAPVersion]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedSASLMechanisms]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[defaultNamingContext]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[highestCommittedUSN]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e4340],
ldap[0x16a9f40]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_parse_entry]
(0x4000): OriginalDN: [].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e4340],
ldap[0x16a9f40]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_rootdse_done]
(0x4000): Got rootdse
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_naming_context]
(0x0200): Using value from [defaultNamingContext] as naming context.
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_search_base] to
[DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[common_parse_search_base] (0x0100): Search base added:
[DEFAULT][DC=devdom,DC=orange,DC=local][SUBTREE][]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_user_search_base] to
[DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[common_parse_search_base] (0x0100): Search base added:
[USER][DC=devdom,DC=orange,DC=local][SUBTREE][]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_group_search_base] to
[DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[common_parse_search_base] (0x0100): Search base added:
[GROUP][DC=devdom,DC=orange,DC=local][SUBTREE][]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_netgroup_search_base] to
[DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[common_parse_search_base] (0x0100): Search base added:
[NETGROUP][DC=devdom,DC=orange,DC=local][SUBTREE][]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_sudo_search_base] to
[DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[common_parse_search_base] (0x0100): Search base added:
[SUDO][DC=devdom,DC=orange,DC=local][SUBTREE][]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_service_search_base] to
[DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[common_parse_search_base] (0x0100): Search base added:
[SERVICE][DC=devdom,DC=orange,DC=local][SUBTREE][]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_autofs_search_base] to
[DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[common_parse_search_base] (0x0100): Search base added:
[AUTOFS][DC=devdom,DC=orange,DC=local][SUBTREE][]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_get_server_opts_from_rootdse] (0x4000): USN value: 3813 (int: 3813)
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_kinit_send]
(0x0400): Attempting kinit (default, (null), DEVDOM.ORANGE.LOCAL, 86400)
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_kinit_next_kdc]
(0x1000): Resolving next KDC for service KERBEROS
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_server_status]
(0x1000): Status of server 'hirst.devdom.orange.local' is 'name resolved'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_port_status]
(0x1000): Port status of port 0 for server 'hirst.devdom.orange.local'
is 'neutral'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to
10 seconds
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_server_status]
(0x1000): Status of server 'hirst.devdom.orange.local' is 'name resolved'
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done]
(0x1000): Saving the first resolved server
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done]
(0x0200): Found address for server hirst.devdom.orange.local:
[192.168.1.33] TTL 900
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT...
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]]
[create_tgt_req_send_buffer] (0x1000): buffer size: 37
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [12990]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [12990]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [set_tgt_child_timeout]
(0x0400): Setting 6 seconds timeout for tgt child
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[(nil)], ldap[0x16a9f40]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_tgt_recv]
(0x0400): Child responded: 0
[FILE:/var/lib/sss/db/ccache_DEVDOM.ORANGE.LOCAL], expired on [1375336895]
(Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: GSSAPI, user: (null)


(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [child_sig_handler]
(0x1000): Waiting for child [12990].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [child_sig_handler]
(0x0100): child [12990] finished successfully.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sss_child_handler]
(0x2000): waitpid failed [10]: No child processes
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [fo_set_port_status]
(0x0100): Marking port 389 of server 'hirst.devdom.orange.local' as
'working'
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[set_server_common_status] (0x0100): Marking server
'hirst.devdom.orange.local' as 'working'
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_id_op_connect_done] (0x4000): notify connected to op #1
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_users_next_base] (0x0400): Searching for users with base
[DC=devdom,DC=orange,DC=local]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(sAMAccountName=DEVDOM\5cMURHPY)(objectclass=user))][DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[unixHomeDirectory]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userPrincipalName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[krbPasswordExpiration]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[authorizedService]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userAccountControl]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginExpirationTime]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_id_op_connect_done] (0x4000): caching successful connection
after 1 notifies
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_users_next_base] (0x0400): Searching for users with base
[DC=devdom,DC=orange,DC=local]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectclass=user)(sAMAccountName=*)(uidNumber=*)(gidNumber=*))][DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[unixHomeDirectory]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userPrincipalName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[krbPasswordExpiration]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[authorizedService]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userAccountControl]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginExpirationTime]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 6
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): dbus conn: 16ABD10
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler]
(0x4000): Received SBUS method [ping]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): dbus conn: 16ABD10
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler]
(0x4000): Received SBUS method [ping]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): dbus conn: 16ABD10
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process]
(0x0400): Search for users, returned 0 results.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_callback": 0x16e6310

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_timeout": 0x16e5600

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Destroying timer event 0x16e5600 "ltdb_timeout"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Ending timer event 0x16e6310 "ltdb_callback"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sysdb_search_user_by_name] (0x0400): No such entry
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): dbus conn: 16CE7F0
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler]
(0x4000): Received SBUS method [getAccountInfo]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [be_get_account_info]
(0x0100): Got request for [4097][1][name=MURPHY]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_users_next_base] (0x0400): Searching for users with base
[DC=devdom,DC=orange,DC=local]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(sAMAccountName=MURPHY)(objectclass=user))][DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[unixHomeDirectory]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userPrincipalName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[krbPasswordExpiration]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[authorizedService]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userAccountControl]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginExpirationTime]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 7
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x1000): Total count [0]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process]
(0x0400): Search for users, returned 0 results.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_groups_next_base] (0x0400): Searching for groups with base
[DC=devdom,DC=orange,DC=local]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectclass=group)(sAMAccountName=*)(&(gidNumber=*)(!(gidNumber=0))))][DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_parse_entry]
(0x4000): OriginalDN: [CN=murphy,CN=Users,DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process]
(0x0400): Search for users, returned 1 results.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): start
ldb transaction (nesting: 0)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_user]
(0x4000): Save user
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_user]
(0x0020): no uid provided for [murphy] in domain [DEVDOM].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_user]
(0x0040): Failed to save user [murphy]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_users]
(0x0040): Failed to store user 0. Ignoring.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_check_aliases]
(0x2000): Could not get UID
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_users]
(0x0040): Failed to check aliases for user 0. Ignoring.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): commit
ldb transaction (nesting: 0)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process]
(0x4000): Saving 1 Users - Done
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): dbus conn: 16CE7F0
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler]
(0x4000): Received SBUS method [getAccountInfo]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [be_get_account_info]
(0x0100): Got request for [4097][1][name=DEVDOM+MURPHY]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_users_next_base] (0x0400): Searching for users with base
[DC=devdom,DC=orange,DC=local]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(sAMAccountName=DEVDOM+MURPHY)(objectclass=user))][DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[unixHomeDirectory]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userPrincipalName]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[krbPasswordExpiration]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[authorizedService]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userAccountControl]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginExpirationTime]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x1000): Total count [0]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_groups_process] (0x0400): Search for groups, returned 0 results.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_services_next_base] (0x0400): Searching for services with
base [DC=devdom,DC=orange,DC=local]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*))][DC=devdom,DC=orange,DC=local].
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServicePort]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipServiceProtocol]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process]
(0x0400): Search for users, returned 0 results.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_callback": 0x16e8180

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_timeout": 0x16eee70

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Destroying timer event 0x16eee70 "ltdb_timeout"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Ending timer event 0x16e8180 "ltdb_callback"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sysdb_search_user_by_name] (0x0400): No such entry
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
root at blipp:~#
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
root at blipp:~#
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): root at blipp:~# Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470],
ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message]
(0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_generic_ext_done] (0x1000): Total count [0]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[sdap_get_services_process] (0x0400): Search for services, returned 0
results.
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): start
ldb transaction (nesting: 0)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [cleanup_users]
(0x4000): Cache expiration is set to 0 days
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(0x0400): Search users with filter:
(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375300913)(!(lastLogin=*))))
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_callback": 0x16f1d80

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_timeout": 0x16e81f0

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Destroying timer event 0x16e81f0 "ltdb_timeout"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Ending timer event 0x16f1d80 "ltdb_callback"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(0x0400): No such entry
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_groups]
(0x0400): Search groups with filter:
(&(objectclass=group)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375300913)))
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_callback": 0x16eef10

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_timeout": 0x16e3850

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Destroying timer event 0x16e3850 "ltdb_timeout"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Ending timer event 0x16eef10 "ltdb_callback"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_groups]
(0x0400): No such entry
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): commit
ldb transaction (nesting: 0)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_callback": 0x16d9a10

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_timeout": 0x16e73e0

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Destroying timer event 0x16e73e0 "ltdb_timeout"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Ending timer event 0x16d9a10 "ltdb_callback"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): start
ldb transaction (nesting: 0)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_callback": 0x16e8580

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Added timed event "ltdb_timeout": 0x16e8630

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Destroying timer event 0x16e8630 "ltdb_timeout"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent:
Ending timer event 0x16e8580 "ltdb_callback"

(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): commit
ldb transaction (nesting: 0)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]]
[ldap_id_enumerate_set_timer] (0x0400): Scheduling next enumeration at
1375301213.820256
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: sh[0x16da620], connected[1], ops[(nil)], ldap[0x16a9f40]
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Wed Jul 31 21:01:59 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): dbus conn: 16ABD10
(Wed Jul 31 21:01:59 2013) [sssd[be[DEVDOM]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Jul 31 21:01:59 2013) [sssd[be[DEVDOM]]] [sbus_message_handler]
(0x4000): Received SBUS method [ping]

root at blipp:~#
Post by Chris Hayes
[sssd] domains = DEVDOM services = nss, pam config_file_version =
2
[nss]
[pam]
[domain/DEVDOM] debug_level = 9 description = LDAP domain with AD
server cache_credentials = True enumerate = TRUE id_provider =
ldap auth_provider = krb5 chpass_provider = krb5 access_provider =
ldap
krb5_server = hirst.devdom.orange.local krb5_kpasswd =
hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema =
rfc2307bis ldap_access_order = expire ldap_account_expire_policy =
ad ldap_force_upper_case_realm = true
ldap_user_object_class = user ldap_user_name = sAMAccountName
ldap_user_home_directory = unixHomeDirectory ldap_user_principal =
userPrincipalName
ldap_group_object_class = group ldap_group_name = sAMAccountName
This is based on my working conf file, but you need to have in the
[global] workgroup = DEVDOM client signing = yes client use spnego
= yes kerberos method = secrets and keytab log file =
/var/log/samba/%m.log password server = HIRST.DEVDOM.ORANGE.LOCAL
realm = DEVDOM.ORANGE.LOCAL security = ads
Also the computer needs to be joined to the domain.
Rowland
On 31 July 2013 00:58, Chris Hayes <chris.hayes at proporta.com
Hi everyone,
My aim is to have consistent Active Directory Users/Groups to Unix
UID/GID designations across several Linux machines joined to that
domain. Ideally without explicitly setting these in the directory.
After failing to get Winbind with a RID backend to work as desired,
a Samba user suggested that I try using SSSD instead.
For the last few hours I've been trying to get this to work; but
without much luck.
Right now I'm hitting a problem whereby SSSD's unable to find
valid users because none of my directory users have the attribute
"dataExpireTimestamp" and this is part of the search filter.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users]
(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE
xpireTimestamp<=1375226518)(!(lastLogin=*)))) (Wed Jul 31 00:21:58
2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event
"ltdb_callback": 0x186bbc0 (Wed Jul 31 00:21:58 2013)
[sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event
"ltdb_timeout": 0x186bce0 (Wed Jul 31 00:21:58 2013)
[sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event
0x186bce0 "ltdb_timeout" (Wed Jul 31 00:21:58 2013)
[sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event
0x186bbc0 "ltdb_callback" (Wed Jul 31 00:21:58 2013)
[sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): No such entry
I've tried explicitly setting this without any luck. IT seems to
be ignoring the following line.
ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
And here's what I mean about that attribute affecting the search.
First using the filter that SSSD is using, second time using one
that doesn't reference the "dataExpireTimestamp" attribute.
/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33
<http://192.168.1.33>
'(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))'
-UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local
Post by Chris Hayes
# returned 0 records # 0 entries # 0 referrals
/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33
<http://192.168.1.33> '(&(objectclass=user)(!(lastLogin=*)))'
-UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local [...]
# returned 5 records # 5 entries # 0 referrals
I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my
Domain Controller.
[sssd] domains = DEVDOM services = nss, pam config_file_version =
2 reconnection_retries = 3 sbus_timeout = 30
[nss] filter_groups = root filter_users = root reconnection_retries
= 3
[pam] offline_credentials_expiration = 0 reconnection_retries = 3
[domain/DEVDOM] debug_level = 9
description = LDAP domain with AD server id_provider = ldap
auth_provider = krb5 ;auth_provider = ldap ldap_default_bind_dn =
cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local
ldap_default_authtok_type = password ldap_default_authtok = XXX
;ldap_user_object_class = person ;ldap_user_name = msSFU30Name
;ldap_user_uid_number = msSFU30UidNumber ;ldap_user_gid_number =
msSFU30GidNumber ;ldap_user_home_directory = msSFU30HomeDirectory
;ldap_user_shell = msSFU30LoginShell ;ldap_user_principal =
userPrincipalName ;ldap_group_object_class = group ;ldap_group_name
= msSFU30Name ;ldap_group_gid_number = msSFU30GidNumber
enumerate = TRUE ;cache_credentials = TRUE
chpass_provider = krb5
;tls_reqcert = demand ;ldap_tls_cacert =
/etc/pki/tls/certs/ca-bundle.crt
ldap_id_mapping = True ldap_idmap_default_domain_sid =
S-1-5-21-2003857637-2616505931-2053645484 ldap_idmap_range_min =
70000 ldap_idmap_range_max = 7000000 ldap_schema = ad
;; kerberos config ;; auth_provider = krb5 krb5_server =
hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL
krb5_changepw_principle = kadmin/changepw krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout =
15 ;cache_credentials = True
;;
https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html
;;
Post by Chris Hayes
ldap_referrals = False ;ldap_search_base =
CN=users,DC=devdom,DC=orange,DC=local ldap_user_search_base =
CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
;ldap_group_search_base =
Post by Chris Hayes
CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)
Any ideas as to what could help would be really appreciated.
Thanks for your time,
_______________________________________________ sssd-users mailing
list sssd-users at lists.fedorahosted.org
<mailto:sssd-users at lists.fedorahosted.org>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________ sssd-users mailing
list sssd-users at lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Chris Hayes, Systems Administrator

Tel: +44 (0) 845 123 2848

Fax: +44 (0)1273 808483

www.proporta.com <http://www.proporta.com/>

Everything covered


Proporta.com Ltd. Unit 3, Woodingdean Business Park, Brighton, East
Sussex BN2 6NX.
Registered Company: 3309803
VAT: GB679 9308 67
Jakub Hrozek
2013-08-01 09:00:34 UTC
Permalink
Post by Chris Hayes
Hi Rowland,
Thanks for your advice. I've implemented the configuration that you
suggested, changing it to match my domain.
Still not having any luck though; here's the log (tailing it in the
background) for when I run the following getent command.
Hi Chris,

The AD provider (that is capable of mapping SIDs onto POSIX IDs) was
only introduced in 1.9. The versions before 1.9 rely on the presence of
POSIX attributes (UID, GID, shell etc). Based on your first e-mail I
assume you were interested in ID-mapping, right?

Are the POSIX attributes currently populated on the AD side? The logs
indicate that the searches are being issued, just nothing comes back..
Rowland Penny
2013-08-01 09:29:09 UTC
Permalink
Post by Chris Hayes
Hi Rowland,
Thanks for your advice. I've implemented the configuration that you
suggested, changing it to match my domain.
Still not having any luck though; here's the log (tailing it in the
background) for when I run the following getent command.
Any thoughts would be really appreciated. I'm still on version 1.8.4
and ideally I'd like stick with that as it's what Debian provides.
Are you set on using Debian? if so, then you could use the sssd package
from sid, but I cannot help you there, because I do not use Debian, I use
Ubuntu 12.04 LTS server and a ppa and if you are prepared to try it out, I
will help you all that I can.

Rowland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fedorahosted.org/pipermail/sssd-users/attachments/20130801/f892c752/attachment.html>
Continue reading on narkive:
Loading...