=== SSSD 1.11.6 ===
The SSSD team is proud to announce the release of version 1.11.6 of the System Security Services Daemon.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora 19 and 20 shortly.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights ==
* This release focuses on delivering bug fixes and a subset of the DBus interface from 1.12. * A new responder, called InfoPipe was added. This responder provides a public D-Bus interface accessible over the system bus. In this release, only methods for retrieving user attributes and list of groups were added. The full interface is being developed in the 1.12 series. The primary consumer if this interface subset are Apache modules such as mod_lookup_identity or mod_intercept_form_submit * Fixed bug in the AD responder that caused crashes when authenticating as a user from a trusted domain to a system enrolled to a trusted domain other than the forest root * A potential crash on timeout in the autofs client library was fixed. * Several patches that improve portability of SSSD, especially with consideration of BSD systems have been included
== Packaging Changes ==
* The InfoPipe responder is packaged in its own subpackage
== Documentation Changes ==
* The new InfoPipe responder has several configuration options. Refer to the sssd-ifp manual page for details. * The LDAP provider has a new option ldap_user_extra_attrs that enables the administrator to extend the map of attributes downloaded when looking up a user. These custom attributes can then be retrieved with the new DBus API. * A new pam_sss option ignore_authinfo_unavail was added. Setting this option makes pam_sss return PAM_IGNORE when SSSD is not running instead of PAM_AUTHINFO_UNAVAIL. This option is mostly useful for BSD systems.
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1853 [RFE] Allow sssd to replace macro (ie. %H) with value specified in config file https://fedorahosted.org/sssd/ticket/2114 refresh_expired_interval man page doc is not clear https://fedorahosted.org/sssd/ticket/2294 In sssd.conf, setting "ldap_group_nesting_level = 0" does not appear to work https://fedorahosted.org/sssd/ticket/2305 SSSD Crashes when storage experiences high latency https://fedorahosted.org/sssd/ticket/2312 Fails to start in interactive mode when stdin isn't a pts device https://fedorahosted.org/sssd/ticket/2322 segfault in sssd_be when cross forest users are queried https://fedorahosted.org/sssd/ticket/2333 Expanding home directory fails when the request comes from the PAC responder https://fedorahosted.org/sssd/ticket/2334 Simple access fails to look up primary group when using sssd-ad until running the id command.
== Detailed Changelog ==
Alexander Bokovoy (1): * ipa subdomains provider: make sure search by SID works for homedir
Benjamin Franzke (1): * BUILD: Link libsss_krb5_common.so to libkeyutils.so
Jakub Hrozek (36): * Updating the version for the 1.11.6 development * LDAP: Check the LDAP handle before using it * AD: Do not remove non-root domains when looking up root domain * Remove duplicate declaration * UTIL: Move sss_parse_name_for_domains declaration to util.h * IFP: Fix a typo in the Makefile * IFP: Re-add the InfoPipe? server * IFP: Connect to the system bus * TESTS: Create a default sss_names_ctx in create_dom_test_ctx * TESTS: Split a separate common_mock_resp_dp module * RESPONDERS: Add a new request sss_parse_inp_send * LDAP: Fix off-by-one bug in sdap_copy_opts * LDAP: Make it possible to extend an attribute map * AD: Initialize user_map_cnt in server mode * Add a unit test for sss_parse_name_for_domains * SBUS: Generate introspection from the interface meta structure * SBUS: Create an sbus_method_meta instance for Introspection * IFP: Close memstream handle in introspect destructor * SBUS: several trivial style fixes * SBUS: Fix error handling condition * SBUS: Add a convenience function sbus_error_new * SBUS: Split out dbus_conn_send * SBUS: Add SBUS_CONN_TYPE_SYSBUS * SBUS: Add an async request to retrieve the caller ID * SBUS: Refactor sbus_message_handler to retrieve caller ID * IFP: Add utility functions * IFP: use a list of allowed_uids for authentication * IFP: Initialize negative cache timeout * IFP: Add GetUserAttrs? call * IFP: Per-attribute ACL for users * SYSDB: return SYSDB_NAME from sysdb_initgroups * IFP: Add a GetGroupsList? method * MAN: Add sssd-ifp to the list of translatable manual pages * BUILD: Disable dbus tests when running distcheck * Updating the translations for the 1.11.6 release * Updating the translations again for the 1.11.6 release
Lukas Slebodnik (38): * AUTOMAKE: Do not include generated files into tarball * UTIL: Use constant instead of value for stdin. * MONITOR: Fix start up with empty standard input * BUILD: Make samba4 libraries optional * BUILD: Explicitly link libsss_ad.so with sasl libs * sss_autofs: Check return value of autofs make request * sss_autofs: Do not try to free empty autofs context * man: Substitute entity values for entity references * TEST: Some macros aren't defined in older version of check. * TEST: Link ipa_ldap_opt test with openldap libs * UTIL: Add function sss_parse_name_const * NSS: Refactor expand_homedir_template * NSS: Add option to expand homedir template format * TEST: Add test for expand homedir * SPEC: Remove duplicate sssd_ifp. * SBUS: Fix warning declaration shadows a global declaration * Remove unused parameter from ifp_user_get_attr_handle_reply * Remove unused parameter from ifp_user_get_groups_reply * resolv: Do not try to free addrinfo in case of error * CONFIGURE: Remove duplicate detection of pam * CRYPTO: Use unprefixed version of function stpncpy * PAM: macro PAM_DATA_REPLACE isn't available in openpam. * PAM: Fix problem with missing declaration. * UTIL: Fix order of header files. * LDAP: Don't use macro _XOPEN_SOURCE for extra features * PAM: add ignore_authinfo_unavail option * SDAP: Use portable constant as level in setsockopt * PAM: Include header file security/pam_appl.h * MAKE: Remove PAM libraries from libsss_simple * CONFIGURE: Enhance detection of pam * PAM: Fix compilation of pam_test_client with openpam * PAM: Use fallback version of some pam macros * PAM: Define compatible macros for some functions. * SBUS: Define DBUS_ERROR_INIT for old version of dbus * SBUS: Include config.h for enabling function in stdio.h * Unify usage of function gethostname * MAN: Add reference to manual page sssd-sudo * KRB: Prevent dereference of a null pointer
Nikolai Kondrashov (12): * Add cscope inverted index files to .gitignore * Move DEBUG macro body to debug_fn * Remove extra flushing from debug message output * Cleanup debug_fn * Make DEBUG macro definition variadic * Make DEBUG macro invocations variadic * Fixup DEBUG macro invocations update * Update DEBUG* invocations to use new levels * Update debug levels in sss_semanage_error_callback * Update debug level in sysdb_check_upgrade_02 * Remove DEBUG macro support for old debug levels * build: Switch to AM_DISTCHECK_CONFIGURE_FLAGS
Pavel Březina (6): * man: clarify refresh_expired_interval * IFP: do not create client socket * tests: add confdb_path to sss_test_ctx * sbus_tests: fix missing invoker in initializer * sbus request: fix error initialization * SBUS: remove unused variables
Pavel Reichl (10): * SDAP: augmented logging for group saving * AD Provider: bug-fix uninitialized variable * AD Provider: bugfix use-after-free * SYSDB: augmented logging when adding new group * LDAP: fix - find primary group by gid * MAN: Detailed ldap_group_nesting_level option * SDAP: Make nesting_level = 0 to ignore nested groups * SDAP: Add option to disable use of Token-Groups * refactor calls of sss_parse_name * TEST: Remove unused variable
Stef Walter (13): * sbus: Add meta data structures and code generator * sbus: Add sbus_vtable and update codegen to support it * nss: Stop using one DBus interface with totally different methods * sbus: Rework sbus to use interface metadata and vtables * sbus: Generate constants from interface definitions * sbus: Use constants to make dbus calls * sbus: Add struct sbus_request to represent a DBus invocation * sbus: Refactor how we export DBus interfaces * sbus: Make sbus_new_server() work for non-priveleged processes * sbus_tests: Add some testing of dispatch and handler code * sbus: Add the sbus_request_parse_or_finish() method * sbus: Add type-safe DBus method handlers and finish functions * sbus_codegen_tests: Add test case type-safe handler args
Sumit Bose (1): * Make LDAP extra attributes available to IPA and AD
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===
Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545 (Wed Jun 4 13:25:48 2014) [[sssd[krb5_child[28727]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. (Wed Jun 4 13:25:48 2014) [[sssd[krb5_child[28727]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [steve2@HH3.SITE@HH3.SITE] might not be correct.
Thanks, Steve
On Wed, Jun 04, 2014 at 01:32:44PM +0200, steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545
an unresolved SID does not trigger an error. Can you send the full logs?
bye, Sumit
(Wed Jun 4 13:25:48 2014) [[sssd[krb5_child[28727]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. (Wed Jun 4 13:25:48 2014) [[sssd[krb5_child[28727]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [steve2@HH3.SITE@HH3.SITE] might not be correct.
Thanks, Steve
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, 2014-06-04 at 13:43 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 01:32:44PM +0200, steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545
an unresolved SID does not trigger an error. Can you send the full logs?
(Wed Jun 4 14:01:18 2014) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Wed Jun 4 14:01:18 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Wed Jun 4 14:01:18 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:18 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:18 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:18 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:18 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:18 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:18 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:18 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:18 2014) [sssd[be[hh3.site]]] [child_sig_handler] (0x1000): Waiting for child [1670]. (Wed Jun 4 14:01:18 2014) [sssd[be[hh3.site]]] [child_sig_handler] (0x0100): child [1670] finished successfully. (Wed Jun 4 14:01:18 2014) [sssd[be[hh3.site]]] [be_nsupdate_done] (0x0200): nsupdate child status: 0 (Wed Jun 4 14:01:18 2014) [sssd[be[hh3.site]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Wed Jun 4 14:01:20 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:20 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:20 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:20 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:20 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:20 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:20 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:20 2014) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Wed Jun 4 14:01:20 2014) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Wed Jun 4 14:01:20 2014) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Wed Jun 4 14:01:20 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:20 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:20 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:20 2014) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x80532f0:3:steve2@hh3.site] (Wed Jun 4 14:01:20 2014) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [hh3.site][3][1][name=steve2] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [be_get_account_info] (0x0100): Got request for [3][1][name=steve2] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [be_req_set_domain] (0x0400): Changing request domain from [hh3.site] to [hh3.site] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [fo_resolve_service_send] (0x0100): (Wed Jun 4 14:01:20 2014) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x80532f0:3:steve2@hh3.site] Trying to resolve service 'AD_GC' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [get_server_status] (0x1000): Status of server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [get_port_status] (0x1000): Port status of port 0 for server 'hh16.hh3.site' is 'neutral' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [get_server_status] (0x1000): Status of server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [be_resolve_server_process] (0x0200): Found address for server hh16.hh3.site: [192.168.1.16] TTL 7200 (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://hh16.hh3.site' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://hh16.hh3.site:3268' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://hh16.hh3.site:3268/??base] with fd [18]. (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_kinit_send] (0x0400): Attempting kinit (/etc/krb5.keytab, CATRAL$, HH3.SITE, 86400) (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service AD (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [get_server_status] (0x1000): Status of server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [get_port_status] (0x1000): Port status of port 0 for server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [get_server_status] (0x1000): Status of server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [be_resolve_server_process] (0x0200): Found address for server hh16.hh3.site: [192.168.1.16] TTL 7200 (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://hh16.hh3.site' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://hh16.hh3.site' (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT... (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [create_tgt_req_send_buffer] (0x0400): buffer size: 47 (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [write_pipe_handler] (0x0400): All data has been sent! (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [main] (0x0400): ldap_child started. (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): total buffer size: 47 (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): realm_str size: 8 (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): got realm_str: HH3.SITE (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): princ_str size: 7 (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): got princ_str: CATRAL$ (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): keytab_name size: 16 (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [unpack_buffer] (0x1000): lifetime: 86400 (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [CATRAL $@HH3.SITE] (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [/etc/krb5.keytab] (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [prepare_response] (0x0400): Building response for result [0] (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [46] msg [FILE:/usr/local/var/lib/sss/db/ccache_HH3.SITE] (Wed Jun 4 14:01:20 2014) [[sssd[ldap_child[1675]]]] [main] (0x0400): ldap_child completed successfully (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [read_pipe_handler] (0x0400): EOF received, client finished (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/usr/local/var/lib/sss/db/ccache_HH3.SITE], expired on [1401919280] (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sdap_cli_auth_step] (0x1000): the connection will expire at 1401884180 (Wed Jun 4 14:01:20 2014) [sssd[be[hh3.site]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: CATRAL$ (Wed Jun 4 14:01:21 2014) [sssd] [service_send_ping] (0x0100): Pinging hh3.site (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [child_sig_handler] (0x1000): Waiting for child [1675]. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [child_sig_handler] (0x0100): child [1675] finished successfully. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'hh16.hh3.site' as 'working' (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'working' (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [ad_user_data_cmp] (0x1000): Comparing GC with GC (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'hh16.hh3.site' as 'working' (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [DC=hh3,DC=site] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=steve2)(objectclass=user)(&(uidNumber=*)(!(uidNumber=0))))][DC=hh3,DC=site]. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Wed Jun 4 14:01:21 2014) [sssd] [ping_check] (0x0100): Service hh3.site replied to ping (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_user] (0x0400): Save user (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_primary_name] (0x0400): Processing object steve2 (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_user] (0x0400): Processing user steve2 (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_user] (0x0400): Adding original memberOf attributes to [steve2]. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_user] (0x0400): Adding user principal [steve2@HH3.SITE] to attributes of [steve2]. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_user] (0x0400): Storing info for user steve2 (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][CN=steve2,CN=Users,DC=hh3,DC=site]. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [tokenGroups] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x1000): Processing membership SID [S-1-5-21-451355595-2219208293-2714859210-1111] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x1000): Processing membership SID [S-1-5-21-451355595-2219208293-2714859210-513] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x1000): Processing membership SID [S-1-5-32-545] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545 (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_update_members] (0x1000): Updating memberships for [steve2] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_next] (0x0400): Searching for POSIX attributes with base [DC=hh3,DC=site] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(|(uidNumber=*)(gidNumber=*))][DC=hh3,DC=site]. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=staff2,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=julie2,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=lynn2,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=cifsuser,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=Administrator,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=julie,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=Domain Users,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=br2,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=steve2,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=steve3,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=steveu,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=Administrators,CN=Builtin,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_parse] (0x1000): Found [CN=Domain Admins,CN=Users,DC=hh3,DC=site] with POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_posix_check_done] (0x0200): Server has POSIX attributes (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [DC=hh3,DC=site] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(gidNumber=20513)(objectclass=group)(name=*)(&(gidNumber=*)(!(gidNumber=0))))][DC=hh3,DC=site]. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [groupType] (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results. (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_has_deref_support] (0x0400): The server supports deref method ASQ (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_nested_group_recv] (0x0400): 0 users found in the hash table (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_primary_name] (0x0400): Processing object Domain Users (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_group] (0x0400): Processing group Domain Users (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_process_ghost_members] (0x0400): The group has 0 members (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_process_ghost_members] (0x0400): Group has 0 members (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_group] (0x0400): Storing info for group Domain Users (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_get_primary_name] (0x0400): Processing object Domain Users (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_grpmem] (0x0400): Processing group Domain Users (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [sdap_save_grpmem] (0x0400): Adding member users to group [Domain Users] (Wed Jun 4 14:01:21 2014) [sssd[nss]] [nss_memcache_initgr_check] (0x1000): Got request for [steve2@hh3.site] (Wed Jun 4 14:01:21 2014) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_check_user_search] (0x0400): (Wed Jun 4 14:01:21 2014) [sssd[be[hh3.site]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:21 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_req_set_domain] (0x0400): Changing request domain from [hh3.site] to [hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler] (0x0100): Got request with the following data (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): rhost: (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): authtok type: 1 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [krb5_pam_handler] (0x1000): Wait queue of user [steve2] is empty, running request immediately. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [switch_creds] (0x0200): Switch user to [3000021][20513]. (Wed Jun 4 14:01:22 2014) [sssd] [service_send_ping] (0x0100): Pinging nss (Wed Jun 4 14:01:22 2014) [sssd] [service_send_ping] (0x0100): Pinging pam (Wed Jun 4 14:01:22 2014) [sssd] [service_send_ping] (0x0100): Pinging autofs (Wed Jun 4 14:01:22 2014) [sssd] [ping_check] (0x0100): (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 Service autofs replied to ping (Wed Jun 4 14:01:22 2014) [sssd[pam]] [sss_dp_req_destructor] (0x0400): (Wed Jun 4 14:01:22 2014) [sssd] [ping_check] (0x0100): Deleting request: [0x80532f0:3:steve2@hh3.site] Service nss replied to ping (Wed Jun 4 14:01:22 2014) [sssd] [ping_check] (0x0100): Service pam replied to ping (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [switch_creds] (0x0200): Switch user to [0][0]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [get_server_status] (0x1000): Status of server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [get_port_status] (0x1000): Port status of port 0 for server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [get_server_status] (0x1000): Status of server 'hh16.hh3.site' is 'working' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_resolve_server_process] (0x0200): Found address for server hh16.hh3.site: [192.168.1.16] TTL 7200 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://hh16.hh3.site' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://hh16.hh3.site' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [write_pipe_handler] (0x0400): All data has been sent! (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [main] (0x0400): krb5_child started. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [unpack_buffer] (0x1000): total buffer size: [106] (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [unpack_buffer] (0x0100): cmd [241] uid [3000021] gid [20513] validate [true] enterprise principal [true] offline [false] UPN [steve2@HH3.SITE] (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_3000021] keytab: [/etc/krb5.keytab] (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [k5c_setup] (0x0100): Not using FAST. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [main] (0x0400): Will perform online auth (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [HH3.SITE] (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [validate_tgt] (0x0400): TGT verified using key for [host/catral.hh3.site@HH3.SITE]. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [steve2@HH3.SITE@HH3.SITE] might not be correct. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [become_user] (0x0200): Trying to become user [3000021][20513]. (Wed Jun 4 14:01:22 2014) [[sssd[krb5_child[1676]]]] [k5c_send_data] (0x0200): Received error code 0 (Wed Jun 4 14:01:22 2014) [EEEEEEEEEEEEEEEEEEEEEEEE�] [main] (0x0400): krb5_child completed successfully (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [read_pipe_handler] (0x0400): EOF received, client finished (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [parse_krb5_child_response] (0x1000): child response [0][3][36]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741822][16]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [parse_krb5_child_response] (0x1000): child response [0][-1073741823][32]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [parse_krb5_child_response] (0x1000): TGT times are [1401883283][1401883283][1401919283][1401969682]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'hh16.hh3.site' as 'working' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'working' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [fo_set_port_status] (0x0400): Marking port 0 of duplicate server 'hh16.hh3.site' as 'working' (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [switch_creds] (0x0200): Switch user to [3000021][20513]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [switch_creds] (0x0200): Switch user to [0][0]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [check_wait_queue] (0x1000): Wait queue for user [steve2] is empty. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler_callback] (0x0100): Sending result [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler_callback] (0x0100): Sent result [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [child_sig_handler] (0x1000): Waiting for child [1676]. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [child_sig_handler] (0x0100): child [1676] finished successfully. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_ptask_execute] (0x0400): (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): Task [Cleanup of hh3.site]: executing task, timeout 10800 seconds blen: 69 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt (Wed Jun 4 14:01:22 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_ptask_done] (0x0400): (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT Task [Cleanup of hh3.site]: finished successfully (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_ptask_schedule] (0x0400): domain: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): Task [Cleanup of hh3.site]: scheduling task 10800 seconds from last execution time [1401894082] user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_req_set_domain] (0x0400): Changing request domain from [hh3.site] to [hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler] (0x0100): Got request with the following data (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): rhost: (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [sdap_access_send] (0x0400): Performing access check for user [steve2] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [steve2] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler_callback] (0x0400): SELinux provider doesn't exist, not sending the request to it. (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler_callback] (0x0100): Sending result [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler_callback] (0x0100): Sent result [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): blen: 25 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [38] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_initgroups_search] (0x0400): Initgroups for [steve2@hh3.site] completed (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred (Wed Jun 4 14:01:22 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_req_set_domain] (0x0400): Changing request domain from [hh3.site] to [hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler] (0x0100): Got request with the following data (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): rhost: (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler] (0x0100): Sending result [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): blen: 25 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Wed Jun 4 14:01:22 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_req_set_domain] (0x0400): Changing request domain from [hh3.site] to [hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler] (0x0100): Got request with the following data (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): domain: hh3.site (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): user: steve2 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): service: su (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): tty: pts/1 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): ruser: steve (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): rhost: (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): authtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): priv: 0 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [pam_print_data] (0x0100): cli_pid: 1674 (Wed Jun 4 14:01:22 2014) [sssd[be[hh3.site]]] [be_pam_handler] (0x0100): Sending result [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Wed Jun 4 14:01:22 2014) [sssd[pam]] [pam_reply] (0x0200): blen: 25 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [steve2]. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'steve2' matched without domain, user is steve2 (Wed Jun 4 14:01:22 2014) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@hh3.site] (Wed Jun 4 14:01:22 2014) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Wed Jun 4 14:01:22 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [steve2@hh3.site] ^C(Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit_signal] (0x0040): Monitor received Interrupción: terminating children (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0040): Returned with: 0 (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Terminating [autofs][1663] (Wed Jun 4 14:01:28 2014) [sssd[autofs]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [be_client_destructor] (0x0400): Removed autofs client (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Child [autofs] terminated with a signal (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Terminating [pam][1662] (Wed Jun 4 14:01:28 2014) [sssd[pam]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [be_client_destructor] (0x0400): Removed PAM client (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Child [pam] exited gracefully (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Terminating [nss][1661] (Wed Jun 4 14:01:28 2014) [sssd[nss]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [be_client_destructor] (0x0400): Removed NSS client (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Child [nss] terminated with a signal (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Terminating [hh3.site][1660] (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [remove_krb5_info_files] (0x0200): Could not remove [/usr/local/var/lib/sss/pubconf/kpasswdinfo.HH3.SITE], [2][No existe el fichero o el directorio] (Wed Jun 4 14:01:28 2014) [sssd[be[hh3.site]]] [be_ptask_destructor] (0x0400): (Wed Jun 4 14:01:28 2014) [sssd] [monitor_quit] (0x0020): Child [hh3.site] terminated with a signal catral:/usr/lib/systemd/system #
On Wed, 2014-06-04 at 13:43 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 01:32:44PM +0200, steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545
an unresolved SID does not trigger an error. Can you send the full logs?
On Wed, Jun 04, 2014 at 02:22:38PM +0200, steve wrote:
On Wed, 2014-06-04 at 13:43 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 01:32:44PM +0200, steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545
an unresolved SID does not trigger an error. Can you send the full logs?
I see no log messages from the PAC responder. If it is not running the error is expected.
HTH
bye, Sumit
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, 2014-06-04 at 15:05 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 02:22:38PM +0200, steve wrote:
On Wed, 2014-06-04 at 13:43 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 01:32:44PM +0200, steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545
an unresolved SID does not trigger an error. Can you send the full logs?
I see no log messages from the PAC responder. If it is not running the error is expected.
'PAC responder', no idea what that is. This is a default everything 1.11.6 client connected to a default everything test Samba4 domain. ?
On Wed, Jun 04, 2014 at 05:31:07PM +0200, steve wrote:
On Wed, 2014-06-04 at 15:05 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 02:22:38PM +0200, steve wrote:
On Wed, 2014-06-04 at 13:43 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 01:32:44PM +0200, steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545
an unresolved SID does not trigger an error. Can you send the full logs?
I see no log messages from the PAC responder. If it is not running the error is expected.
'PAC responder', no idea what that is. This is a default everything 1.11.6 client connected to a default everything test Samba4 domain. ?
Then you can ignore the error and I would expect that it was present in previous 1.11 versions as well.
bye, Sumit
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, 2014-06-04 at 17:47 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 05:31:07PM +0200, steve wrote:
On Wed, 2014-06-04 at 15:05 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 02:22:38PM +0200, steve wrote:
On Wed, 2014-06-04 at 13:43 +0200, Sumit Bose wrote:
On Wed, Jun 04, 2014 at 01:32:44PM +0200, steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote: > === SSSD 1.11.6 ===
Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545
an unresolved SID does not trigger an error. Can you send the full logs?
I see no log messages from the PAC responder. If it is not running the error is expected.
'PAC responder', no idea what that is. This is a default everything 1.11.6 client connected to a default everything test Samba4 domain. ?
Then you can ignore the error and I would expect that it was present in previous 1.11 versions as well.
Yes, it was present in 1.11 4 and is present also in 1.12-beta 1 & 2. Still, if it's not an error it would be nice not to have it. Thanks, Steve
bye, Sumit
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On (04/06/14 13:32), steve wrote:
On Tue, 2014-06-03 at 19:50 +0200, Jakub Hrozek wrote:
=== SSSD 1.11.6 ===Hi Builds OK on openSUSE 13.1. Just a bit worried by:
(Wed Jun 4 13:25:47 2014) [sssd[be[hh3.site]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545 (Wed Jun 4 13:25:48 2014) [[sssd[krb5_child[28727]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2].
the first number [-1] is NSS_STATUS_UNAVAIL the second neumber is errno ENOENT
I would say that krb5_child try to find pac unix socket (SSS_PAC_SOCKET_NAME) in different directory.
sh-4.2$ grep pipepath Makefile pipepath = ${prefix}/var/lib/sss/pipes -DSSS_NSS_SOCKET_NAME="$(pipepath)/nss" \ -DSSS_PAM_SOCKET_NAME="$(pipepath)/pam" \ -DSSS_PAC_SOCKET_NAME="$(pipepath)/pac" \ -DSSS_PAM_PRIV_SOCKET_NAME="$(pipepath)/private/pam" \ -DSSS_SUDO_SOCKET_NAME="$(pipepath)/sudo" \ -DSSS_AUTOFS_SOCKET_NAME="$(pipepath)/autofs" \ -DSSS_SSH_SOCKET_NAME="$(pipepath)/ssh" \ $(DESTDIR)$(pipepath)/private \
(Wed Jun 4 13:25:48 2014) [[sssd[krb5_child[28727]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [steve2@HH3.SITE@HH3.SITE] might not be correct.
Thanks, Steve
LS
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Lukas Slebodnik -
steve -
Sumit Bose