Wondering if somebody can help me decipher why I don't get a anything back
when I run a getent group command, but in the SSSD logs I see that SSSD
finds a group in Active Directory. I'm running this command, which returns
nothing.
root@ultralisk:~# getent group 'WINNT\Domain Admins'
When I run that command, two SSSD logs get updated; my domain's log
(sssd_WINNT.log) and the nss service log (sssd_nss.log). In the domain log
I get the following
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [be_get_account_info]
(0x0100): Got request for [4098][1][name=domain admins]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [be_req_set_domain]
(0x0400): Changing request domain from [WINNT] to [WINNT]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_groups_next_base] (0x0400): Searching for groups with base
[DC=winnt,DC=harmonywave,DC=com]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(name=domain\20admins)(objectClass=group)(name=*))][DC=winnt,DC=harmonywave,DC=com].
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [groupType]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1de3360], connected[1], ops[0x1df69b0],
ldap[0x1de9a20]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [member]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [whenChanged]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [uSNChanged]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [name]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectSid]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [groupType]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1de3360], connected[1], ops[0x1df69b0],
ldap[0x1de9a20]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1de3360], connected[1], ops[0x1df69b0],
ldap[0x1de9a20]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1de3360], connected[1], ops[0x1df69b0],
ldap[0x1de9a20]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1de3360], connected[1], ops[0x1df69b0],
ldap[0x1de9a20]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg
set
* (Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_groups_process]
(0x0400): Search for groups, returned 1 results.*
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_has_deref_support]
(0x0400): The server supports deref method ASQ
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_nested_group_hash_group] (0x2000): Marking group as non-posix and
setting GID=0!
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_nested_group_process_send] (0x2000): About to process group
[CN=Domain Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users]
(0x2000): Search users with filter:
(&(objectclass=user)(originalDN=CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com))
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users]
(0x2000): No such entry
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_groups]
(0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com))
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_groups]
(0x2000): No such entry
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_nested_group_process_send] (0x2000): Looking up 1/1 members of group
[CN=Domain Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_nested_group_process_send] (0x2000): Members of group [CN=Domain
Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com] will be processed
individually
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(objectclass=user)][CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com].
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1de3360], connected[1], ops[(nil)], ldap[0x1de9a20]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1ddff30], connected[1], ops[0x1df7fe0],
ldap[0x1de7fd0]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_parse_range]
(0x2000): No sub-attributes for [sAMAccountName]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1ddff30], connected[1], ops[0x1df7fe0],
ldap[0x1de7fd0]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg
set
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_recv]
(0x0400): 1 users found in the hash table
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_nested_group_recv]
(0x0400): 1 groups found in the hash table
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_primary_name]
(0x0400): Processing object Administrator
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users]
(0x2000): Search users with filter:
(&(objectclass=user)(originalDN=CN=Administrator,CN=Users,DC=winnt,DC=harmonywave,DC=com))
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users]
(0x2000): No such entry
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_primary_name]
(0x0400): Processing object Domain Admins
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_group]
(0x0400): Processing group Domain Admins
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_group]
(0x1000): Mapping group [Domain Admins] objectSID
[S-1-5-21-2962426039-599259981-477356674-512] to unix ID
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_attrs_add_ldap_attr]
(0x2000): Adding original DN [CN=Domain
Admins,CN=Users,DC=winnt,DC=harmonywave,DC=com] to attributes of [Domain
Admins].
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_attrs_add_ldap_attr]
(0x2000): Adding original mod-Timestamp [20170410191631.0Z] to attributes
of [Domain Admins].
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_process_ghost_members] (0x0400): The group has 1 members
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_process_ghost_members] (0x0400): Group has 1 members
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[Administrator]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_group]
(0x0400): Storing info for group Domain Admins
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_get_primary_name]
(0x0400): Processing object Domain Admins
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_grpmem]
(0x0400): Processing group Domain Admins
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users]
(0x2000): Search users with filter:
(&(objectclass=user)(gidNumber=526800512))
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sysdb_search_users]
(0x2000): No such entry
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_save_grpmem]
(0x0400): Adding member users to group [Domain Admins]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: sh[0x1ddff30], connected[1], ops[(nil)], ldap[0x1de7fd0]
(Tue Apr 11 16:13:42 2017) [sssd[be[WINNT]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
You can see a result is returned and I can perform the an ldapsearch with
the same filter and get results myself. The sssd_nss.log file shows the
following.
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
Client connected!
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
Running command [33] with input [WINNT\Domain Admins].
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'WINNT\Domain Admins' matched expression for domain 'WINNT',
user is Domain Admins
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [Domain Admins] from [WINNT]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/GROUP/WINNT/domain admins]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getgrnam_search]
(0x0100): Requesting info for [domain admins@WINNT]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x4189f0:2:domain admins@WINNT]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_get_account_msg]
(0x0400): Creating request for [WINNT][4098][1][name=domain admins]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sbus_add_timeout] (0x2000):
0x225c8e0
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x4189f0:2:domain admins@WINNT]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000):
0x225c8e0
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/GROUP/WINNT/domain admins]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getgrnam_search]
(0x0100): Requesting info for [domain admins@WINNT]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400):
Adding [NCE/GROUP/WINNT/domain admins] to negative cache
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [nss_cmd_getgrnam_search]
(0x0040): No results for getgrnam call
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [sss_dp_req_destructor]
(0x0400): Deleting request: [0x4189f0:2:domain admins@WINNT]
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [client_recv] (0x0200): Client
disconnected!
(Tue Apr 11 16:19:12 2017) [sssd[nss]] [client_destructor] (0x2000):
Terminated client [0x226bc00][24]
I see a few odd items in the logs, but not really sure I understand what
they're saying. Does anyone see why I wouldn't get anything back from
getent? By the way I can do a getent on users and I get results back.
Thanks,
Joshua Schaeffer