We've been using SSSD with our AD domain (please forgive the domain name...) with the following config on Ubuntu 16.04 for a year or so, with no problems at all. Joined to the domain with realmd.
[sssd] config_file_version = 2 reconnection_retries = 3 services = nss,pam domains = SMALLBUSINESS.LAN [nss] [pam] [domain/SMALLBUSINESS.LAN] access_provider = ad ad_domain = SMALLBUSINESS.LAN ad_gpo_access_control = permissive cache_credentials = True default_shell = /bin/bash fallback_homedir = /home/%u id_provider = ad krb5_realm = SMALLBUSINESS.LAN krb5_store_password_if_offline = True ldap_id_mapping = True realmd_tags = manages-system joined-with-samba
However recently we've had a lot of problems with people being unable to login when not connected to the network. This is with the handful of Ubuntu 17.04 machines I've started to roll out (SSSD 1.15.2 rather than 1.13.4 on 16.04).
After spending about a day reading up and trying every configuration under the sun, I've found that the password doesn't appear to be cached on the 17.04 machine. If I run "ldbsearch -H /var/lib/sss/db/cache_SMALLBUSINESS.LAN.ldb "(&(objectClass=user)(cachedPassword=*))" name gidNumber cachedPassword" on my machine I get no results, but I get results on the working 16.04 machine.
I'm at my wits' end with this, so any suggestions you've got will be much appreciated!
Many Thanks Sam
On (05/09/17 14:32), Sam Weston wrote:
We've been using SSSD with our AD domain (please forgive the domain name...) with the following config on Ubuntu 16.04 for a year or so, with no problems at all. Joined to the domain with realmd.
[sssd] config_file_version = 2 reconnection_retries = 3 services = nss,pam domains = SMALLBUSINESS.LAN [nss] [pam] [domain/SMALLBUSINESS.LAN] access_provider = ad ad_domain = SMALLBUSINESS.LAN ad_gpo_access_control = permissive cache_credentials = True default_shell = /bin/bash fallback_homedir = /home/%u id_provider = ad krb5_realm = SMALLBUSINESS.LAN krb5_store_password_if_offline = True ldap_id_mapping = True realmd_tags = manages-system joined-with-samba
However recently we've had a lot of problems with people being unable to login when not connected to the network. This is with the handful of Ubuntu 17.04 machines I've started to roll out (SSSD 1.15.2 rather than 1.13.4 on 16.04).
After spending about a day reading up and trying every configuration under the sun, I've found that the password doesn't appear to be cached on the 17.04 machine. If I run "ldbsearch -H /var/lib/sss/db/cache_SMALLBUSINESS.LAN.ldb "(&(objectClass=user)(cachedPassword=*))" name gidNumber cachedPassword" on my machine I get no results, but I get results on the working 16.04 machine.
I'm at my wits' end with this, so any suggestions you've got will be much appreciated!
Cached password works for me with 1.15.x.
It would be good if you could provide minimal reproducer or at least related sssd log files with hight debug level when bug occurs.
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
LS
Hi Lukas,
Sorry for the lack of detail. I was hoping I'd just done something stupid in the config. I've put it on debug level 6.
For a successful login (with the network cable connected): sssd_pam.log: (Fri Sep 8 08:12:15 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'sweston' matched without domain, user is sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): user: sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty1 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6687 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_send] (0x0400): CR #1: New request 'Initgroups by name' (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_process_input] (0x0400): CR #1: Parsing input name [sweston] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'sweston' matched without domain, user is sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_set_name] (0x0400): CR #1: Setting name [sweston] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_select_domains] (0x0400): CR #1: Performing a multi-domain search (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_search_domains] (0x0400): CR #1: Search will bypass the cache and check the data provider (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_set_domain] (0x0400): CR #1: Using domain [SMALLBUSINESS.LAN] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_prepare_domain_data] (0x0400): CR #1: Preparing input data for domain [SMALLBUSINESS.LAN] rules (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_search_send] (0x0400): CR #1: Looking up sweston@smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_search_ncache] (0x0400): CR #1: Checking negative cache for [sweston@smallbusiness.lan] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_search_ncache] (0x0400): CR #1: [sweston@smallbusiness.lan] is not present in negative cache (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_search_dp] (0x0400): CR #1: Looking up [sweston@smallbusiness.lan] in data provider (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x5594d2560ea0:3:sweston@smallbusiness.lan@SMALLBUSINESS.LAN] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [SMALLBUSINESS.LAN][0x3][BE_REQ_INITGROUPS][name=sweston@smallbusiness.lan:-] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x5594d2560ea0:3:sweston@smallbusiness.lan@SMALLBUSINESS.LAN] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_search_cache] (0x0400): CR #1: Looking up [sweston@smallbusiness.lan] in cache (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_search_done] (0x0400): CR #1: Returning updated object [sweston@smallbusiness.lan] (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_create_and_add_result] (0x0400): CR #1: Found 36 entries in domain SMALLBUSINESS.LAN (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_done] (0x0400): CR #1: Finished: Success (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is sweston@smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): user: sweston@smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty1 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6687 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x5594d2560ea0:3:sweston@smallbusiness.lan@SMALLBUSINESS.LAN] (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][SMALLBUSINESS.LAN] (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Fri Sep 8 08:12:16 2017) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 34 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Fri Sep 8 08:12:16 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'sweston' matched without domain, user is sweston (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): user: sweston (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6687 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: sweston (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_send] (0x0400): CR #2: New request 'Initgroups by name' (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_process_input] (0x0400): CR #2: Parsing input name [sweston] (Fri Sep 8 08:12:16 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'sweston' matched without domain, user is sweston (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_set_name] (0x0400): CR #2: Setting name [sweston] (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_select_domains] (0x0400): CR #2: Performing a multi-domain search (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_search_domains] (0x0400): CR #2: Search will check the cache and check the data provider (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_set_domain] (0x0400): CR #2: Using domain [SMALLBUSINESS.LAN] (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_prepare_domain_data] (0x0400): CR #2: Preparing input data for domain [SMALLBUSINESS.LAN] rules (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_search_send] (0x0400): CR #2: Looking up sweston@smallbusiness.lan (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_search_ncache] (0x0400): CR #2: Checking negative cache for [sweston@smallbusiness.lan] (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_search_ncache] (0x0400): CR #2: [sweston@smallbusiness.lan] is not present in negative cache (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_search_cache] (0x0400): CR #2: Looking up [sweston@smallbusiness.lan] in cache (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_search_send] (0x0400): CR #2: Returning [sweston@smallbusiness.lan] from cache (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_create_and_add_result] (0x0400): CR #2: Found 36 entries in domain SMALLBUSINESS.LAN (Fri Sep 8 08:12:16 2017) [sssd[pam]] [cache_req_done] (0x0400): CR #2: Finished: Success (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is sweston@smallbusiness.lan (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): user: sweston@smallbusiness.lan (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6687 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: sweston (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][SMALLBUSINESS.LAN] (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Fri Sep 8 08:12:16 2017) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal. (Fri Sep 8 08:12:16 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 34
sssd_SMALLBUSINESS.LAN.log: (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=sweston@smallbusiness.lan] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [Initgroups #5]: New request. Flags [0x0001]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [DC=SMALLBUSINESS,DC=LAN] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=sweston)(objectclass=user)(objectSID=*))][DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Save user (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_primary_name] (0x0400): Processing object sweston (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Processing user sweston@smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Adding original memberOf attributes to [sweston@smallbusiness.lan]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Adding user principal [sweston@SMALLBUSINESS.LAN] to attributes of [sweston@smallbusiness.lan]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_save_user] (0x0400): Storing info for user sweston@smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston@smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][CN=Sam Weston,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-550] is a built-in one. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-545] is a built-in one. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-544] is a built-in one. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-549] is a built-in one. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-574] is a built-in one. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): Skipping built-in object. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_done] (0x0400): Primary group already cached, nothing to do. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_set_entry_attr] (0x0200): Entry [name=sweston@smallbusiness.lan,cn=users,cn=SMALLBUSINESS.LAN,cn=sysdb] has set [ts_cache] attrs. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [Initgroups #5]: Request handler finished [0]: Success (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [Initgroups #5]: Receiving request data. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #5]: Finished. Success. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::SMALLBUSINESS.LAN:name=sweston@smallbusiness.lan] from reply table (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [Initgroups #5]: Request removed. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston@smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser: (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost: (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 6687 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [PAM Account #6]: New request. Flags [0000]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_access_send] (0x0400): Performing access check for user [sweston@smallbusiness.lan] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [sweston@smallbusiness.lan] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_send] (0x0400): service gdm-password maps to Interactive (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_connect_done] (0x0400): sam_account_name is SFLT28$ (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=user)(sAMAccountName=SFLT28$))][dc=smallbusiness,dc=lan]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=domain][DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_next_done] (0x0400): Found SID [S-1-5-21-3845744863-2409227386-3211111987]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=SMALLBUSINESS.LAN)(NtVer=\14\00\00\00))][]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found flat name [SMALLBUSINESS]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found site [Default-First-Site-Name]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_master_domain_netlogon_done] (0x0400): Found forest [SMALLBUSINESS.LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[0]->som_dn is OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[1]->som_dn is OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[2]->som_dn is OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[3]->som_dn is DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_site_dn_retrieval_done] (0x0400): som_list[4]->som_dn is cn=Default-First-Site-Name,cn=Sites,CN=Configuration,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=Computers,OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: OU=MyBusiness,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_gplink_list] (0x0400): som_dn: DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn=Default-First-Site-Name,cn=Sites,CN=Configuration,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_get_som_attrs_done] (0x0040): no attrs found for SOM; try next SOM (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[0]->gpo_dn: CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[1]->gpo_dn: CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[2]->gpo_dn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[3]->gpo_dn: cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[4]->gpo_dn: cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[5]->gpo_dn: cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[6]->gpo_dn: cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[7]->gpo_dn: cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[8]->gpo_dn: cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[9]->gpo_dn: cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[10]->gpo_dn: cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[11]->gpo_dn: cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[12]->gpo_dn: cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[13]->gpo_dn: cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_populate_candidate_gpos] (0x0400): candidate_gpos[14]->gpo_dn: cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={7D28B004-B249-49B0-A8CE-BA2A0B9F56EA},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={7F8D8A41-8831-4EF1-990F-3AECF333E735},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={BA4389F2-AD33-4678-BF30-44D81E900008},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={5F743845-71B6-4CDF-965F-20360E51C01A},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={8FC54817-BD35-4D6F-AB72-E799C66667E8},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={CED4E066-9ADF-47A5-8F92-BBDDB522A034},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={6ECD6877-791E-4F38-9945-EFAF733C3475},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={57EF63D0-BF6F-4079-BD9B-9D896BB9A495},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={29274130-3B70-4A97-AB38-25EA9D8D0F67},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={D6B5C6DF-114E-49FC-976E-5B8893FA1E27},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={3452D745-B138-4799-A555-1EBFB3654704},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={B42D8E08-C289-436C-8E31-BD3DD2A415DC},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN] using SD (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because scope is set to base. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={355444B3-99ED-4D77-B9EC-BAF3EAA17AA7},cn=policies,cn=system,DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[1]->gpo_guid is {7F8D8A41-8831-4EF1-990F-3AECF333E735} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[2]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[3]->gpo_guid is {5F743845-71B6-4CDF-965F-20360E51C01A} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[4]->gpo_guid is {8FC54817-BD35-4D6F-AB72-E799C66667E8} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[5]->gpo_guid is {CED4E066-9ADF-47A5-8F92-BBDDB522A034} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[6]->gpo_guid is {6ECD6877-791E-4F38-9945-EFAF733C3475} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[7]->gpo_guid is {CE7CA45B-21CC-4C6C-A9F6-DCED4A0D7C93} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[8]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[9]->gpo_guid is {29274130-3B70-4A97-AB38-25EA9D8D0F67} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[10]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[11]->gpo_guid is {3452D745-B138-4799-A555-1EBFB3654704} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[12]->gpo_guid is {B42D8E08-C289-436C-8E31-BD3DD2A415DC} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): dacl_filtered_gpos[13]->gpo_guid is {355444B3-99ED-4D77-B9EC-BAF3EAA17AA7} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[1]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[2]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): cse_filtered_gpos[3]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_process_gpo_done] (0x0400): num_cse_filtered_gpos: 4 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_delete_gpo_result_object] (0x0400): Deleting GPO Result object (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[0]->gpo_guid is {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfbackup02.smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{7D28B004-B249-49B0-A8CE-BA2A0B9F56EA} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{7D28B004-B249-49B0-A8CE-BA2A0B9F56EA}] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 655593 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 655593 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {7D28B004-B249-49B0-A8CE-BA2A0B9F56EA} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[1]->gpo_guid is {BA4389F2-AD33-4678-BF30-44D81E900008} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfbackup02.smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{BA4389F2-AD33-4678-BF30-44D81E900008} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {BA4389F2-AD33-4678-BF30-44D81E900008} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{BA4389F2-AD33-4678-BF30-44D81E900008}] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 10 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [6691] finished successfully. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 10 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {BA4389F2-AD33-4678-BF30-44D81E900008} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): [/var/lib/sss/gpo_cache/SMALLBUSINESS.LAN/Policies/{BA4389F2-AD33-4678-BF30-44D81E900008}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf]: ini_config_parse failed [5][Input/output error] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): Error (5) on line 7: Equal sign is missing. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_store_policy_settings] (0x0020): Error (5) on line 8: Equal sign is missing. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[2]->gpo_guid is {57EF63D0-BF6F-4079-BD9B-9D896BB9A495} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfbackup02.smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{57EF63D0-BF6F-4079-BD9B-9D896BB9A495} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {57EF63D0-BF6F-4079-BD9B-9D896BB9A495} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{57EF63D0-BF6F-4079-BD9B-9D896BB9A495}] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 8 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [6693] finished successfully. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 8 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {57EF63D0-BF6F-4079-BD9B-9D896BB9A495} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Storing setting: key [SeDenyInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Updating setting: key [SeDenyRemoteInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cse filtered_gpos[3]->gpo_guid is {D6B5C6DF-114E-49FC-976E-5B8893FA1E27} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_server: smb://sfbackup02.smallbusiness.lan (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_share: /SysVol (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): smb_path: /SMALLBUSINESS.LAN/Policies/{D6B5C6DF-114E-49FC-976E-5B8893FA1E27} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): gpo_guid: {D6B5C6DF-114E-49FC-976E-5B8893FA1E27} (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): retrieving GPO from cache [{D6B5C6DF-114E-49FC-976E-5B8893FA1E27}] (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): send_to_child: 1 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_step] (0x0400): cached_gpt_version: 262220 (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [6695] finished successfully. (Fri Sep 8 08:12:15 2017) [sssd[be[SMALLBUSINESS.LAN]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [gpo_cse_done] (0x0400): sysvol_gpt_version: 262220 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {D6B5C6DF-114E-49FC-976E-5B8893FA1E27} (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeInteractiveLogonRight] value [(null)] (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [parse_policy_setting_value] (0x0400): No value for key [SeInteractiveLogonRight] found in gpo result (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeDenyInteractiveLogonRight] value [*S-1-5-21-3845744863-2409227386-3211111987-3806] (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): RESULTANT POLICY: (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): gpo_map_type: Interactive (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): allowed_size = 0 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): denied_size = 1 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): denied_sids[0] = S-1-5-21-3845744863-2409227386-3211111987-3806 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): CURRENT USER: (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): user_sid = S-1-5-21-3845744863-2409227386-3211111987-5638 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[0] = S-1-5-21-3845744863-2409227386-3211111987-5652 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[1] = S-1-5-21-3845744863-2409227386-3211111987-5656 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[2] = S-1-5-21-3845744863-2409227386-3211111987-3798 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[3] = S-1-5-21-3845744863-2409227386-3211111987-5655 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[4] = S-1-5-21-3845744863-2409227386-3211111987-5659 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[5] = S-1-5-21-3845744863-2409227386-3211111987-5653 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[6] = S-1-5-21-3845744863-2409227386-3211111987-5660 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[7] = S-1-5-21-3845744863-2409227386-3211111987-5663 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[8] = S-1-5-21-3845744863-2409227386-3211111987-5732 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[9] = S-1-5-21-3845744863-2409227386-3211111987-3722 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[10] = S-1-5-21-3845744863-2409227386-3211111987-5709 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[11] = S-1-5-21-3845744863-2409227386-3211111987-512 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[12] = S-1-5-21-3845744863-2409227386-3211111987-3823 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[13] = S-1-5-21-3845744863-2409227386-3211111987-5654 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[14] = S-1-5-21-3845744863-2409227386-3211111987-513 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[15] = S-1-5-21-3845744863-2409227386-3211111987-3665 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[16] = S-1-5-21-3845744863-2409227386-3211111987-3737 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[17] = S-1-5-21-3845744863-2409227386-3211111987-3754 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[18] = S-1-5-21-3845744863-2409227386-3211111987-5665 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[19] = S-1-5-21-3845744863-2409227386-3211111987-3715 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[20] = S-1-5-21-3845744863-2409227386-3211111987-5661 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[21] = S-1-5-21-3845744863-2409227386-3211111987-3812 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[22] = S-1-5-21-3845744863-2409227386-3211111987-572 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[23] = S-1-5-21-3845744863-2409227386-3211111987-3610 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[24] = S-1-5-21-3845744863-2409227386-3211111987-1182 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[25] = S-1-5-21-3845744863-2409227386-3211111987-1627 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[26] = S-1-5-21-3845744863-2409227386-3211111987-1630 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[27] = S-1-5-21-3845744863-2409227386-3211111987-1767 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[28] = S-1-5-21-3845744863-2409227386-3211111987-1628 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[29] = S-1-5-21-3845744863-2409227386-3211111987-2354 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[30] = S-1-5-21-3845744863-2409227386-3211111987-1625 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[31] = S-1-5-21-3845744863-2409227386-3211111987-1766 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[32] = S-1-5-21-3845744863-2409227386-3211111987-1768 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[33] = S-1-5-21-3845744863-2409227386-3211111987-3667 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[34] = S-1-5-21-3845744863-2409227386-3211111987-3759 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): group_sids[35] = S-1-5-11 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): POLICY DECISION: (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): access_granted = 1 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_check] (0x0400): access_denied = 0 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [PAM Account #6]: Request handler finished [0]: Success (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [PAM Account #6]: Receiving request data. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [PAM Account #6]: Request removed. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_method_enabled] (0x0400): Target selinux is not configured (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [child_sig_handler] (0x0100): child [6697] finished successfully. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_pam_handler] (0x0100): Got request with the following data (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): domain: SMALLBUSINESS.LAN (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): user: sweston@smallbusiness.lan (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): service: gdm-password (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): tty: /dev/tty2 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): ruser: (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): rhost: (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): authtok type: 0 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): priv: 1 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): cli_pid: 6687 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [pam_print_data] (0x0100): logon name: not set (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=gdm@smallbusiness.lan] (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): DP Request [Account #7]: New request. Flags [0x0001]. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_by_name] (0x0400): No such entry (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [check_if_pac_is_available] (0x0040): find_user_entry failed. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [DC=SMALLBUSINESS,DC=LAN] (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=gdm)(objectclass=user)(objectSID=*))][DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [gdm@smallbusiness.lan] found. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_entry_by_sid_str] (0x0400): No such entry (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_object_attr] (0x0400): No such entry. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_get_real_name] (0x0040): Cannot find user [gdm@smallbusiness.lan] in cache (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_by_name] (0x0400): No such entry (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [check_if_pac_is_available] (0x0040): find_user_entry failed. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [DC=SMALLBUSINESS,DC=LAN] (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=gdm)(objectclass=user)(objectSID=*))][DC=SMALLBUSINESS,DC=LAN]. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [gdm@smallbusiness.lan] found. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_entry_by_sid_str] (0x0400): No such entry (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_object_attr] (0x0400): No such entry. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_get_real_name] (0x0040): Cannot find user [gdm@smallbusiness.lan] in cache (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_search_by_name] (0x0400): No such entry (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_done] (0x0400): DP Request [Account #7]: Request handler finished [0]: Success (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [_dp_req_recv] (0x0400): DP Request [Account #7]: Receiving request data. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #7]: Finished. Success. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:3::SMALLBUSINESS.LAN:name=gdm@smallbusiness.lan] from reply table (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): DP Request [Account #7]: Request removed. (Fri Sep 8 08:12:16 2017) [sssd[be[SMALLBUSINESS.LAN]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
ldbsearch -H /var/lib/sss/db/cache_SMALLBUSINESS.LAN.ldb "(&(objectClass=user)(cachedPassword=*))" name gidNumber cachedPassword asq: Unable to register control with rootdse! # returned 0 records # 0 entries # 0 referrals
Let me know if a higher debug level or other info would help you. Thanks so much!
Sam
On Fri, Sep 08, 2017 at 07:26:03AM -0000, Sam Weston wrote:
Hi Lukas,
Sorry for the lack of detail. I was hoping I'd just done something stupid in the config. I've put it on debug level 6.
For a successful login (with the network cable connected): sssd_pam.log: (Fri Sep 8 08:12:15 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'sweston' matched without domain, user is sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
Is this really the first message in the logs you see for the login attempt?
SSS_PAM_ACCT_MGMT is the access control step after a successful authentication. There should be a SSS_PAM_AUTHENTICATE step before because during this step the password is validated and cached.
If there is no SSS_PAM_AUTHENTICATE the password is validate by a different pam module. Please check the system logs which pam module might be used here. Are there by chance pam_winbind or pam_krb5 in the pam configuration for gdm-password?
bye, Sumit
(Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): user: sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): service: gdm-password (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty1 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6687 (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: sweston (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_send] (0x0400): CR #1: New request 'Initgroups by name' (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_process_input] (0x0400): CR #1: Parsing input name [sweston]
Yep! It was the krb5 module getting in the way. I just removed the module from my machine and pam config, and everything works properly now. :D
Thanks Sam
sssd-users@lists.fedorahosted.org