Hello, I am trying to use sssd instead of winbind against a samba 4 AD server. After looking around the internet, I have got to the point where I can get a domain users info with 'getent passwd <domainuser>' and 'id <domainuser>'. I can also create a directory and chmod it <domainuser>:users, what I cannot do is login into the computer through ssh or the login GUI on the computer. This is on Linux Mint 14 using sssd 1.9.1.
Does anybody have any idea why sssd seems to work but fails in a very important way.
On Thu, Mar 28, 2013 at 09:22:32PM +0000, Rowland Penny wrote:
Hello, I am trying to use sssd instead of winbind against a samba 4 AD server. After looking around the internet, I have got to the point where I can get a domain users info with 'getent passwd <domainuser>' and 'id <domainuser>'. I can also create a directory and chmod it <domainuser>:users, what I cannot do is login into the computer through ssh or the login GUI on the computer. This is on Linux Mint 14 using sssd 1.9.1.
Does anybody have any idea why sssd seems to work but fails in a very important way.
Can you paste or attach tail of /var/log/secure, your (sanitized) sssd.conf and the relevant portion of /var/log/sssd/sssd_$domain.log after raising debug_level to 6 or higher in the domain section?
On 29/03/13 11:21, Jakub Hrozek wrote:
On Thu, Mar 28, 2013 at 09:22:32PM +0000, Rowland Penny wrote:
Hello, I am trying to use sssd instead of winbind against a samba 4 AD server. After looking around the internet, I have got to the point where I can get a domain users info with 'getent passwd <domainuser>' and 'id <domainuser>'. I can also create a directory and chmod it <domainuser>:users, what I cannot do is login into the computer through ssh or the login GUI on the computer. This is on Linux Mint 14 using sssd 1.9.1.
Does anybody have any idea why sssd seems to work but fails in a very important way.
Can you paste or attach tail of /var/log/secure, your (sanitized) sssd.conf and the relevant portion of /var/log/sssd/sssd_$domain.log after raising debug_level to 6 or higher in the domain section? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, as requested here are the three files. Sorry but the domain logfile is a bit large.
getent passwd testuser testuser:*:3000016:100:testuser:/home/HOME/testuser:/bin/bash
id testuser uid=3000016(testuser) gid=100(users) groups=100(users)
but testuser cannot login via ssh or the login gui
/var/log/auth.log
Mar 29 09:49:03 mint-VirtualBox mdm[1060]: pam_unix(mdm:session): session opened for user mint by (uid=0) Mar 29 09:49:03 mint-VirtualBox mdm[1060]: pam_ck_connector(mdm:session): nox11 mode, ignoring PAM_TTY :0 Mar 29 09:49:13 mint-VirtualBox polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.31 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Mar 29 09:49:59 mint-VirtualBox sshd[2107]: Accepted password for mint from 192.168.0.173 port 53193 ssh2 Mar 29 09:49:59 mint-VirtualBox sshd[2107]: pam_unix(sshd:session): session opened for user mint by (uid=0) Mar 29 09:52:37 mint-VirtualBox polkitd(authority=local): Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.31, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Mar 29 11:27:23 mint-VirtualBox mdm[1061]: pam_unix(mdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=testuser Mar 29 11:27:23 mint-VirtualBox mdm[1061]: pam_sss(mdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=testuser Mar 29 11:27:23 mint-VirtualBox mdm[1061]: pam_sss(mdm:auth): received for user testuser: 9 (Authentication service cannot retrieve authentication info) Mar 29 11:27:35 mint-VirtualBox mdm[1061]: pam_unix(mdm:session): session opened for user mint by (uid=0) Mar 29 11:27:35 mint-VirtualBox mdm[1061]: pam_ck_connector(mdm:session): nox11 mode, ignoring PAM_TTY :0 Mar 29 11:27:45 mint-VirtualBox polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.31 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Mar 29 11:28:26 mint-VirtualBox sshd[2107]: Accepted password for mint from 192.168.0.173 port 53476 ssh2 Mar 29 11:28:26 mint-VirtualBox sshd[2107]: pam_unix(sshd:session): session opened for user mint by (uid=0)
/etc/sssd/sssd.conf
[sssd] #debug_level = 3 config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 domains = DOMAIN services = nss, pam
[nss] # The following prevents SSSD from searching for the root user/group in # all domains (you can add here a comma-separated list of system accounts that # are always going to be /etc/passwd users, or that you want to filter out). filter_groups = root filter_users = root reconnection_retries = 3
[pam]
[domain/DOMAIN] description = LDAP domain with AD server debug_level = 9 cache_credentials = true enumerate = False
id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap
# Uncomment if service discovery is not working ldap_uri = ldap://adserver.domain.lan/
# Define these only if anonymous binds are not allowed and no keytab is available ldap_default_bind_dn = CN=Administrator,CN=Users,DC=domain,DC=lan ldap_default_authtok_type = password ldap_default_authtok = P4$$w0rd*
ldap_schema = rfc2307bis
ldap_search_base = dc=domain,dc=lan
# It looks like the ?sub?search notation is also accepted: http://sgallagh.wordpress.com/2011/12/22/sssd-tips-and-tricks-vol-2-ldap/ #ldap_user_search_base = cn=Users,dc=domain,dc=lan?sub?uid=* ldap_user_search_base = cn=Users,dc=domain,dc=lan ldap_user_object_class = person
ldap_user_domain_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_gecos = displayName ldap_user_uuid = objectGUID ldap_user_modify_timestamp = whenChanged
ldap_group_search_base = dc=domain,dc=lan ldap_group_object_class = group ldap_group_name = sAMAccountName ldap_group_uuid = objectGUID ldap_group_modify_timestamp = whenChanged ldap_group_nesting_level = 2
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = True
ldap_pwd_policy = none
#krb5_server = domain.lan krb5_realm = DOMAIN.LAN dns_discovery_domain = domain.lan
# Probably required with sssd 1.8.x and newer krb5_canonicalize = false
# Uncomment if using SASL/GSSAPI to bind and a valid /etc/krb5.keytab exists #ldap_sasl_mech = GSSAPI # Uncomment and adjust if the default principal host/fqdn@REALM is not available #ldap_sasl_authid=MINT-VIRTUALBOX$@DOMAIN.LAN
/var/log/sssd/sssd_DOMAIN.log
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_context_init] (0x0400): Created new fail over context, retry timeout is 30 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [confdb_get_domain_internal] (0x0400): No enumeration for [DOMAIN]! (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sysdb_domain_init_internal] (0x0200): DB File for DOMAIN: /var/lib/sss/db/cache_DOMAIN.ldb (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99940f0
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x9989f18
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x9989f18 "ltdb_timeout"
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99940f0 "ltdb_callback"
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x998a608
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x998a920
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x998a920 "ltdb_timeout"
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x998a608 "ltdb_callback"
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x9988f18
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x9988fe0
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x9988fe0 "ltdb_timeout"
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x9988f18 "ltdb_callback"
(Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_init_connection] (0x0200): Adding connection 9988A40 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_add_watch] (0x2000): 0x9994490/0x9989120 (16), -/W (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x99890b8 (16), R/- (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_DOMAIN,1) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_add_timeout] (0x2000): 0x9989f28 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x99890b8 (16), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x9989120 (16), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_DOMAIN.579 to a link /var/lib/sss/pipes/private/sbus-dp_DOMAIN (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_new_server] (0x0400): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_DOMAIN.579,guid=a8676ab860a7c2f553cef0d351557a8e (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_add_watch] (0x2000): 0x9995540/0x99948c0 (17), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x1000): Loading backend [ldap] with path [/usr/lib/i386-linux-gnu/sssd/libsss_ldap.so]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_uri has value ldap://adserver.domain.lan/ (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_backup_uri has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_search_base has value dc=domain,dc=lan (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_default_bind_dn has value CN=Administrator,CN=Users,DC=domain,DC=lan (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_default_authtok_type has value password (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_default_authtok has a binary value. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_search_timeout has value 6 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_network_timeout has value 6 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_opt_timeout has value 6 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_tls_reqcert has value hard (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_user_search_base has value cn=Users,dc=domain,dc=lan (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_user_search_scope has value sub (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_user_search_filter has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_group_search_base has value dc=domain,dc=lan (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_group_search_scope has value sub (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_group_search_filter has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_service_search_base has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_search_base has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_full_refresh_interval has value 21600 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has value 900 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_use_host_filter is TRUE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_hostnames has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_ip has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_include_netgroups is TRUE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sudo_include_regexp is TRUE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_autofs_search_base has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_schema has value rfc2307bis (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_offline_timeout has value 60 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_force_upper_case_realm is TRUE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has value 300 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 10800 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_tls_cacert has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_tls_cacertdir has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_tls_cert has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_tls_key has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_tls_cipher_suite has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_id_use_start_tls is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_id_mapping is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sasl_mech has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sasl_authid has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sasl_realm has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sasl_minssf has value -1 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_krb5_keytab has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_krb5_init_creds is TRUE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_server has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_backup_server has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_realm has value DOMAIN.LAN (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_canonicalize is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_pwd_policy has value none (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_referrals is TRUE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option account_cache_expiration has value 0 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_dns_service_name has value ldap (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_krb5_ticket_lifetime has value 86400 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_access_filter has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_netgroup_search_base has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_group_nesting_level has value 2 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_deref has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_account_expire_policy has value ad (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_access_order has value expire (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_chpass_uri has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_chpass_backup_uri has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_chpass_dns_service_name has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_chpass_update_last_change is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_enumeration_search_timeout has value 60 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_auth_disable_tls_never_use_in_production is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_page_size has value 1000 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_deref_threshold has value 10 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_sasl_canonicalize is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_connection_expire_timeout has value 900 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_disable_paging is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_idmap_range_min has value 200000 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_idmap_range_max has value 2000200000 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_idmap_range_size has value 200000 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_idmap_autorid_compat is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_idmap_default_domain has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_idmap_default_domain_sid has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_groups_use_matching_rule_in_chain is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option ldap_initgroups_use_matching_rule_in_chain is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldap_get_options] (0x0400): Option ldap_netgroup_search_base set to dc=domain,dc=lan (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldap_get_options] (0x0400): Option ldap_service_search_base set to dc=domain,dc=lan (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][dc=domain,dc=lan][SUBTREE][] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [common_parse_search_base] (0x0100): Search base added: [USER][cn=Users,dc=domain,dc=lan][SUBTREE][] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][dc=domain,dc=lan][SUBTREE][] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][dc=domain,dc=lan][SUBTREE][] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][dc=domain,dc=lan][SUBTREE][] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_entry_usn has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_rootdse_last_usn has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_object_class has value person (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_name has value sAMAccountName (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_pwd has value userPassword (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_gid_number has value gidNumber (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_gecos has value displayName (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_domain_directory has value unixHomeDirectory (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_principal has value userPrincipalName (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_fullname has value cn (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_member_of has value memberOf (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_uuid has value objectGUID (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_objectsid has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_primary_group has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_modify_timestamp has value whenChanged (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_entry_usn has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_last_change has value shadowLastChange (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_min has value shadowMin (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_max has value shadowMax (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_warning has value shadowWarning (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_inactive has value shadowInactive (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_expire has value shadowExpire (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_shadow_flag has value shadowFlag (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_krb_last_pwd_change has value krbLastPwdChange (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_krb_password_expiration has value krbPasswordExpiration (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_pwd_attribute has value pwdAttribute (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_authorized_service has value authorizedService (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_ad_account_expires has value accountExpires (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_ad_user_account_control has value userAccountControl (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_ns_account_lock has value nsAccountLock (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_authorized_host has value host (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_disabled has value loginDisabled (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_expiration_time has value loginExpirationTime (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_nds_login_allowed_time_map has value loginAllowedTimeMap (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_user_ssh_public_key has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_object_class has value group (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_name has value sAMAccountName (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_pwd has value userPassword (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_member has value member (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_uuid has value objectGUID (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_objectsid has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_modify_timestamp has value whenChanged (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_group_entry_usn has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_netgroup_object_class has value nisNetgroup (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_netgroup_name has value cn (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_netgroup_member has value memberNisNetgroup (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_netgroup_triple has value nisNetgroupTriple (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_netgroup_uuid has value nsUniqueId (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_netgroup_modify_timestamp has value modifyTimestamp (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_service_object_class has value ipService (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_service_name has value cn (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_service_port has value ipServicePort (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_service_proto has value ipServiceProtocol (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_service_entry_usn has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy option (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sssm_ldap_id_init] (0x1000): Service name for discovery set to ldap (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_new_service] (0x0400): Creating new service 'LDAP' (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_urls_init] (0x0400): Added URI ldap://adserver.domain.lan/ (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_add_server] (0x0080): Adding new server 'adserver.domain.lan', to service 'LDAP' (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldap_id_cleanup_set_timer] (0x0400): Scheduling next cleanup at 1364556440.855609 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x2000): ID backend target successfully loaded from provider [ldap]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x1000): Loading backend [krb5] with path [/usr/lib/i386-linux-gnu/sssd/libsss_krb5.so]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_server has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_backup_server has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_realm has value DOMAIN.LAN (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_ccachedir has value /tmp (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_ccname_template has value FILE:%d/krb5cc_%U_XXXXXX (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_auth_timeout has value 15 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_keytab has value /etc/krb5.keytab (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_validate is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_kpasswd has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_backup_kpasswd has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_store_password_if_offline is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_renewable_lifetime has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_lifetime has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_renew_interval has value 0 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_use_fast has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_fast_principal has no value (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [dp_get_options] (0x0400): Option krb5_canonicalize is FALSE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy option (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_new_service] (0x0400): Creating new service 'KERBEROS' (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [krb5_service_init] (0x0100): No primary servers defined, using service discovery (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_add_srv_server] (0x0400): Adding new SRV server to service 'KERBEROS' using 'udp'. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_add_srv_server] (0x0400): Adding new SRV server to service 'KERBEROS' using 'tcp'. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [krb5_servers_init] (0x0400): Added service lookup (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_new_service] (0x0400): Creating new service 'KPASSWD' (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [krb5_service_init] (0x0100): No primary servers defined, using service discovery (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_add_srv_server] (0x0400): Adding new SRV server to service 'KPASSWD' using 'udp'. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [fo_add_srv_server] (0x0400): Adding new SRV server to service 'KPASSWD' using 'tcp'. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [krb5_servers_init] (0x0400): Added service lookup (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [check_and_export_lifetime] (0x0200): No lifetime configured. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [check_and_export_lifetime] (0x0200): No lifetime configured. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [check_and_export_options] (0x0100): No KDC explicitly configured, using defaults. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [check_and_export_options] (0x0100): No kpasswd server explicitly configured, using the KDC or defaults. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [check_and_export_options] (0x0100): ccache is of type FILE (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x2000): AUTH backend target successfully loaded from provider [krb5]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x1000): Backend [ldap] already loaded. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sssm_ldap_id_init] (0x2000): Re-using sdap_id_ctx for this provider (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x2000): ACCESS backend target successfully loaded from provider [ldap]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x1000): Backend [krb5] already loaded. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x2000): CHPASS backend target successfully loaded from provider [krb5]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init_sudo] (0x0400): SUDO is not listed in services, disabling SUDO module. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x0080): No SUDO module provided for [DOMAIN] !! (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x0200): no module name found in confdb, using [ldap]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x1000): Backend [ldap] already loaded. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sssm_ldap_id_init] (0x2000): Re-using sdap_id_ctx for this provider (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_autofs_init] (0x2000): Initializing autofs LDAP back end (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [ldap_get_autofs_options] (0x0200): Option ldap_autofs_search_base set to dc=domain,dc=lan (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][dc=domain,dc=lan][SUBTREE][] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_autofs_map_object_class has value automountMap (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_autofs_map_name has value automountMapName (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_object_class has value automount (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_key has value automountKey (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_value has value automountInformation (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x2000): autofs backend target successfully loaded from provider [ldap]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x0200): no module name found in confdb, using [ldap]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x1000): Backend [ldap] already loaded. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x0020): No selinux module provided for [DOMAIN] !! (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x0200): no module name found in confdb, using [ldap]. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [load_backend_module] (0x1000): Backend [ldap] already loaded. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x0020): No host info module provided for [DOMAIN] !! (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_process_init] (0x0020): Subdomains are not supported for [DOMAIN] !! (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [main] (0x0400): Backend provider (DOMAIN) started! (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x99890b8 (16), R/- (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x9989120 (16), -/W (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x99890b8 (16), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x9989120 (16), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x99890b8 (16), R/- (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x9989120 (16), -/W (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x99890b8 (16), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x9994490/0x9989120 (16), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_remove_timeout] (0x2000): 0x9989f28 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_server_init_new_connection] (0x0200): Entering. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x999abf0. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_init_connection] (0x0200): Adding connection 999ABF0 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_add_watch] (0x2000): 0x99895a8/0x9989f28 (20), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x999d368 (20), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_server_init_new_connection] (0x0200): Got a connection (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x999edd8] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999ABF0 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_server_init_new_connection] (0x0200): Entering. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x999d578. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_init_connection] (0x0200): Adding connection 999D578 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_add_watch] (0x2000): 0x99998f0/0x9995238 (21), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x999d6f8 (21), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_server_init_new_connection] (0x0200): Got a connection (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x999dc88] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x999d368 (20), R/- (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x9989f28 (20), -/W (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x999d368 (20), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x9989f28 (20), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x999d6f8 (21), R/- (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x9995238 (21), -/W (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x999d6f8 (21), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x9995238 (21), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x999d368 (20), R/- (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x9989f28 (20), -/W (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x999d368 (20), R/- (enabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99895a8/0x9989f28 (20), -/W (disabled) (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999ABF0 (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [RegisterService] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [client_registration] (0x0100): Cancel DP ID timeout [0x999edd8] (Fri Mar 29 11:27:10 2013) [sssd[be[DOMAIN]]] [client_registration] (0x0100): Added Frontend client [PAM] (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x999d6f8 (21), R/- (disabled) (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x9995238 (21), -/W (enabled) (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x999d6f8 (21), R/- (enabled) (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [sbus_toggle_watch] (0x4000): 0x99998f0/0x9995238 (21), -/W (disabled) (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [RegisterService] (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [client_registration] (0x0100): Cancel DP ID timeout [0x999dc88] (Fri Mar 29 11:27:11 2013) [sssd[be[DOMAIN]]] [client_registration] (0x0100): Added Frontend client [NSS] (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=mdm] (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): beginning to connect (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_mark_offline] (0x2000): Going offline! (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_done] (0x4000): notify offline to op #1 (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 1,11,Offline (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.DOMAIN.LAN], [2][No such file or directory] (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.DOMAIN.LAN], [2][No such file or directory] (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:17 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=testuser] (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Request processed. Returned 1,11,Fast reply - offline (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): There is an online check already running. (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:19 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=*] (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Request processed. Returned 1,11,Fast reply - offline (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [ldap_id_cleanup_timer] (0x0100): Backend is marked offline, retry later! (Fri Mar 29 11:27:20 2013) [sssd[be[DOMAIN]]] [ldap_id_cleanup_set_timer] (0x0400): Scheduling next cleanup at 1364567240.856906 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): There is an online check already running. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): There is an online check already running. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): There is an online check already running. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): There is an online check already running. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): There is an online check already running. (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:22 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999ABF0 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [3][1][name=testuser] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 1,11,Offline (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999ABF0 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [pamHandler] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_pam_handler] (0x0100): Got request with the following data (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): domain: DOMAIN (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): user: testuser (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): service: mdm (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): tty: :0 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): ruser: (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): rhost: (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): authtok type: 1 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): authtok size: 9 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): newauthtok size: 0 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): priv: 1 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [pam_print_data] (0x0100): cli_pid: 1061 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_pam_handler] (0x1000): Wait queue of user [testuser] is empty, running request immediately. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99a7ae0
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99a7ba8
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99a7ba8 "ltdb_timeout"
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99a7ae0 "ltdb_callback"
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_auth_send] (0x0100): No ccache file for user [testuser] found. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_auth_send] (0x4000): Ccache_file is [not set] and is not active and TGT is not valid. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'KERBEROS'. Will use DNS discovery domain 'domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_KERBEROS._udp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_KERBEROS._udp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Could not contact DNS servers] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned (5) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'KERBEROS'. Will use DNS discovery domain 'domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_KERBEROS._tcp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_KERBEROS._tcp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Could not contact DNS servers] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned (5) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_mark_offline] (0x2000): Going offline! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_find_ccache_step] (0x4000): Recreating ccache file. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [check_ccache_re] (0x1000): Ccache directory name [/tmp] does not contain illegal patterns. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_find_ccache_step] (0x4000): Preparing for offline operation. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [1365] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [child_handler_setup] (0x2000): Signal handler set up for pid [1365] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [write_pipe_handler] (0x0400): All data has been sent! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [become_user] (0x0200): Trying to become user [3000016][100]. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.DOMAIN.LAN], [2][No such file or directory] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.DOMAIN.LAN], [2][No such file or directory] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [parse_krb5_child_response] (0x1000): child response [0][3][43]. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [safe_remove_old_ccache_file] (0x0200): No old ccache, nothing to do (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_mod_ccname] (0x4000): Save ccname [FILE:/tmp/krb5cc_3000016_iPucdO] for user [testuser]. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99a8960
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99a8a90
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99a8a90 "ltdb_timeout"
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99a8960 "ltdb_callback"
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_save_ccname_done] (0x0100): Backend is marked offline, retry later! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [check_wait_queue] (0x1000): Wait queue for user [testuser] is empty. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_pam_handler_callback] (0x0100): Backend returned: (1, 9, <NULL>) [Provider is Offline (Authentication service cannot retrieve authentication info)] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_pam_handler_callback] (0x0100): Sending result [9][DOMAIN] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_pam_handler_callback] (0x0100): Sent result [9][DOMAIN] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [child_sig_handler] (0x1000): Waiting for child [1365]. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [child_sig_handler] (0x0100): child [1365] finished successfully. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sss_child_handler] (0x2000): waitpid failed [10]: No child processes (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): There is an online check already running. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resetOffline] (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:26 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=colord] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Request processed. Returned 1,11,Fast reply - offline (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=mint] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Request processed. Returned 1,11,Fast reply - offline (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=ntp] (Fri Mar 29 11:27:27 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Request processed. Returned 1,11,Fast reply - offline (Fri Mar 29 11:27:30 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:30 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:30 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [resInit] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_reread_configuration] (0x0100): Recreating all c-ares channels (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [recreate_ares_channel] (0x0100): Destroying the old c-ares channel (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [check_if_online] (0x2000): Trying to go back online! (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KPASSWD' as 'neutral' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'neutral' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name not resolved' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'neutral' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'name resolved' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0200): Found address for server adserver.domain.lan: [192.168.0.10] TTL 900 (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_uri_callback] (0x0400): Constructed uri 'ldap://adserver.domain.lan/' (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sss_ldap_init_send] (0x4000): Using file descriptor [23] for LDAP connection. (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://adserver.domain.lan:389/??base] with fd [23]. (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1 (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x998af50], connected[1], ops[0x9993550], ldap[0x9997a00] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_entry] (0x4000): OriginalDN: []. (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [configurationNamingContext] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [defaultNamingContext] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [rootDomainNamingContext] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [schemaNamingContext] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [subschemaSubentry] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedCapabilities] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [vendorName] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [isSynchronized] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [dsServiceName] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [serverName] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [dNSHostName] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [ldapServiceName] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [currentTime] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [namingContexts] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedSASLMechanisms] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [highestCommittedUSN] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainFunctionality] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [forestFunctionality] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainControllerFunctionality] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [isGlobalCatalogReady] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x998af50], connected[1], ops[0x9993550], ldap[0x9997a00] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_rootdse_done] (0x2000): Got rootdse (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [get_naming_context] (0x0200): Using value from [defaultNamingContext] as naming context. (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_set_search_base] (0x0100): Setting option [ldap_sudo_search_base] to [DC=domain,DC=lan]. (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][DC=domain,DC=lan][SUBTREE][] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 3888 (int: 3888) (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [simple_bind_send] (0x0100): Executing simple bind as: CN=Administrator,CN=Users,DC=domain,DC=lan (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x998af50], connected[1], ops[0x99b03c8], ldap[0x9997a00] (Fri Mar 29 11:27:32 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x998af50], connected[1], ops[0x99b03c8], ldap[0x9997a00] (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_BIND] (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [simple_bind_done] (0x1000): Server returned no controls. (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'working' (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'working' (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [sdap_handle_release] (0x2000): Trace: sh[0x998af50], connected[1], ops[(nil)], ldap[0x9997a00], destructor_lock[0], release_memory[0] (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [remove_connection_callback] (0x4000): Successfully removed connection callback. (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [check_online_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success] (Fri Mar 29 11:27:33 2013) [sssd[be[DOMAIN]]] [be_run_online_cb] (0x4000): Online call back list is empty, nothing to do. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999ABF0 (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [3][1][name=mint] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): beginning to connect (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'working' (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'working' (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'working' (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0200): Found address for server adserver.domain.lan: [192.168.0.10] TTL 900 (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_uri_callback] (0x0400): Constructed uri 'ldap://adserver.domain.lan/' (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sss_ldap_init_send] (0x4000): Using file descriptor [22] for LDAP connection. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://adserver.domain.lan:389/??base] with fd [22]. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1 (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x99932a8], ldap[0x9997a00] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_entry] (0x4000): OriginalDN: []. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [configurationNamingContext] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [defaultNamingContext] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [rootDomainNamingContext] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [schemaNamingContext] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [subschemaSubentry] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedCapabilities] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [vendorName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [isSynchronized] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [dsServiceName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [serverName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [dNSHostName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [ldapServiceName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [currentTime] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [namingContexts] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedSASLMechanisms] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [highestCommittedUSN] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainFunctionality] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [forestFunctionality] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainControllerFunctionality] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [isGlobalCatalogReady] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x99932a8], ldap[0x9997a00] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_rootdse_done] (0x2000): Got rootdse (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 3888 (int: 3888) (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [simple_bind_send] (0x0100): Executing simple bind as: CN=Administrator,CN=Users,DC=domain,DC=lan (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x9993800], ldap[0x9997a00] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x9993800], ldap[0x9997a00] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_BIND] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [simple_bind_done] (0x1000): Server returned no controls. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'adserver.domain.lan' as 'working' (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'working' (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_done] (0x2000): Old USN: 3888, New USN: 3888 (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_done] (0x4000): notify connected to op #1 (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=Users,dc=domain,dc=lan] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=mint)(objectclass=person))][cn=Users,dc=domain,dc=lan]. (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 3 (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_done] (0x4000): caching successful connection after 1 notifies (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x99b4260], ldap[0x9997a00] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x99b4260], ldap[0x9997a00] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b3bc8
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b3cc8
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b3cc8 "ltdb_timeout"
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b3bc8 "ltdb_callback"
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=mint)) (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x998af10
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b37c8
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b37c8 "ltdb_timeout"
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x998af10 "ltdb_callback"
(Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): No such entry (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[(nil)], ldap[0x9997a00] (Fri Mar 29 11:27:35 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=mint] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=Users,dc=domain,dc=lan] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=mint)(objectclass=person))][cn=Users,dc=domain,dc=lan]. (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 4 (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x99b3ac8], ldap[0x9997a00] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b3d28
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x998aed0
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x998aed0 "ltdb_timeout"
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b3d28 "ltdb_callback"
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=mint)) (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x9993388
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b3758
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b3758 "ltdb_timeout"
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x9993388 "ltdb_callback"
(Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): No such entry (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[(nil)], ldap[0x9997a00] (Fri Mar 29 11:27:37 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4098][1][name=admin] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [dc=domain,dc=lan] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=admin)(objectclass=group)(sAMAccountName=*)(&(gidNumber=*)(!(gidNumber=0))))][dc=domain,dc=lan]. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://domain.lan/CN=Configuration,DC=domain,DC=lan] with fd [23]. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_rebind_proc] (0x1000): Successfully bind to [ldap://domain.lan/CN=Configuration,DC=domain,DC=lan]. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_ldap_connect_callback_del] (0x4000): Closing LDAP connection with fd [23]. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 0 results. (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x998abf0
(Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b3690
(Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b3690 "ltdb_timeout"
(Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x998abf0 "ltdb_callback"
(Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sysdb_search_group_by_name] (0x0400): No such entry (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sysdb_delete_group] (0x0400): Error: 2 (No such file or directory) (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[(nil)], ldap[0x9997a00] (Fri Mar 29 11:27:43 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:27:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:27:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:27:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:28:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:28:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:28:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:28:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:28:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:28:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:28:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:28:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:28:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999ABF0 (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [3][1][name=mint] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=Users,dc=domain,dc=lan] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=mint)(objectclass=person))][cn=Users,dc=domain,dc=lan]. (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 12 (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x998ae98
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b35f8
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b35f8 "ltdb_timeout"
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x998ae98 "ltdb_callback"
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=mint)) (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b2c88
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b2d50
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b2d50 "ltdb_timeout"
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b2c88 "ltdb_callback"
(Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): No such entry (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[(nil)], ldap[0x9997a00] (Fri Mar 29 11:28:26 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:28:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:28:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:28:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:28:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:28:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:28:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:28:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:28:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:28:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:29:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:29:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:29:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:29:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:29:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:29:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:29:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:29:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:29:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:29:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:29:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:29:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:29:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:29:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:29:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:29:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:29:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:29:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:30:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:30:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:30:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:30:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:30:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:30:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:30:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:30:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:30:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:30:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:30:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:30:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:30:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:30:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:30:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:30:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:30:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:30:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:31:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:31:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:31:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:31:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:31:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:31:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:31:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:31:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:31:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:31:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:31:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:31:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:31:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:31:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:31:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:31:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:31:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:31:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:32:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:32:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:32:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:32:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:32:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:32:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=man] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_send] (0x4000): Retrieving info for initgroups call (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=Users,dc=domain,dc=lan] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=man)(objectclass=person))][cn=Users,dc=domain,dc=lan]. (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 13 (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x999e820], ldap[0x9997a00] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_get_initgr_user] (0x4000): Receiving info for the user (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x998b158
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x998ac18
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x998ac18 "ltdb_timeout"
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x998b158 "ltdb_callback"
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sysdb_search_user_by_name] (0x0400): No such entry (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): Search groups with filter: (&(objectclass=group)(ghost=man)) (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x998af00
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b3c68
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b3c68 "ltdb_timeout"
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x998af00 "ltdb_callback"
(Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sysdb_search_groups] (0x2000): No such entry (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[(nil)], ldap[0x9997a00] (Fri Mar 29 11:32:26 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:32:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:32:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:32:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:32:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:32:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:32:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:32:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:33:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:33:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:33:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:33:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:33:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:33:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:33:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:33:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:33:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:33:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:33:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:33:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:33:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:33:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:33:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:33:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:33:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:33:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:34:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:34:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:34:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:34:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:34:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:34:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:34:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:34:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:34:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:34:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:34:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:34:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:34:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:34:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:34:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:34:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:34:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:34:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:35:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:35:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:35:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:35:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:35:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:35:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:35:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:35:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:35:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:35:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:35:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:35:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:35:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:35:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:35:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:35:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:35:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:35:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:36:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:36:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:36:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:36:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:36:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:36:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:36:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:36:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:36:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:36:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:36:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:36:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:36:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:36:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:36:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:36:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:36:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:36:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:37:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:37:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:37:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:37:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:37:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:37:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:37:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:37:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getDomains] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [be_get_subdomains] (0x2000): Undefined backend target. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 999D578 (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [cn=Users,dc=domain,dc=lan] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=testuser)(objectclass=person))][cn=Users,dc=domain,dc=lan]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14 (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x99b3ac8], ldap[0x9997a00] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_entry] (0x4000): OriginalDN: [CN=testuser,CN=Users,DC=domain,DC=lan]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectGUID] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [accountExpires] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [sAMAccountName] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [userPrincipalName] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [userAccountControl] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [uidNumber] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [unixHomeDirectory] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [loginShell] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [whenChanged] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_parse_range] (0x2000): No sub-attributes for [uSNChanged] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[0x99b3ac8], ldap[0x9997a00] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_users_process] (0x0400): Search for users, returned 1 results. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_save_user] (0x4000): Save user (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN [CN=testuser,CN=Users,DC=domain,DC=lan] to attributes of [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_save_user] (0x1000): Original memberOf is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp [20130327151225.0Z] to attributes of [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_save_user] (0x1000): Adding user principal [testuser@DOMAIN.LAN] to attributes of [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowMin is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowWarning is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowExpire is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): krbLastPwdChange is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): krbPasswordExpiration is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): pwdAttribute is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding adAccountExpires [9223372036854775807] to attributes of [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding adUserAccountControl [512] to attributes of [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): nsAccountLock is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): authorizedHost is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginExpirationTime is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginAllowedTimeMap is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available for [testuser]. (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_save_user] (0x0400): Storing info for user testuser (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 1) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0788
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0788 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b06f0
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99be938
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99be938 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b06f0 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 2) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [userPassword] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99be938
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99be938 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowLastChange] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99beab8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99beab8 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMin] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMax] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99be5c8 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowWarning] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowInactive] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99be5c8 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowExpire] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0308 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99be5c8 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [shadowFlag] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99be5c8 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [krbLastPwdChange] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [krbPasswordExpiration] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99be5c8 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [pwdAttribute] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99be5c8 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedService] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [nsAccountLock] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0308 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0888 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedHost] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0888 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0308 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginDisabled] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99b0888
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0308 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99b0888 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginExpirationTime] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0458
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0458 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99be5c8 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginAllowedTimeMap] from [testuser] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): start ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99be5c8
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99b0308
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99b0308 "ltdb_timeout"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99be5c8 "ltdb_callback"
(Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): commit ldb transaction (nesting: 1) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_save_users] (0x4000): User 0 processed! (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_get_users_process] (0x4000): Saving 1 Users - Done (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: sh[0x99b28e8], connected[1], ops[(nil)], ldap[0x9997a00] (Fri Mar 29 11:37:34 2013) [sssd[be[DOMAIN]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Fri Mar 29 11:37:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:37:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:37:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:37:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:37:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:38:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:38:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:38:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:38:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:38:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:38:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:38:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:38:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:38:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:38:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:38:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:38:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:38:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:38:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:38:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:38:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:38:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:38:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:39:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:39:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:39:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:39:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:39:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:39:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:39:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:39:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:39:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:39:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:39:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:39:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:39:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:39:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:39:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:39:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:39:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:39:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:40:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:40:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:40:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:40:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:40:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:40:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:40:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:40:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:40:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:40:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:40:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:40:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:40:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:40:42 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:40:42 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:40:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:40:52 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:40:52 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:41:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:41:02 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:41:02 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:41:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:41:12 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:41:12 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:41:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:41:22 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:41:22 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Fri Mar 29 11:41:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): dbus conn: 9988A40 (Fri Mar 29 11:41:32 2013) [sssd[be[DOMAIN]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 29 11:41:32 2013) [sssd[be[DOMAIN]]] [sbus_message_handler] (0x4000): Received SBUS method [ping]
On Fri, Mar 29, 2013 at 12:11:42PM +0000, Rowland Penny wrote:
On 29/03/13 11:21, Jakub Hrozek wrote:
On Thu, Mar 28, 2013 at 09:22:32PM +0000, Rowland Penny wrote:
Hello, I am trying to use sssd instead of winbind against a samba 4 AD server. After looking around the internet, I have got to the point where I can get a domain users info with 'getent passwd <domainuser>' and 'id <domainuser>'. I can also create a directory and chmod it <domainuser>:users, what I cannot do is login into the computer through ssh or the login GUI on the computer. This is on Linux Mint 14 using sssd 1.9.1.
Does anybody have any idea why sssd seems to work but fails in a very important way.
Can you paste or attach tail of /var/log/secure, your (sanitized) sssd.conf and the relevant portion of /var/log/sssd/sssd_$domain.log after raising debug_level to 6 or higher in the domain section? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, as requested here are the three files. Sorry but the domain logfile is a bit large.
No problem.
getent passwd testuser testuser:*:3000016:100:testuser:/home/HOME/testuser:/bin/bash
id testuser uid=3000016(testuser) gid=100(users) groups=100(users)
but testuser cannot login via ssh or the login gui
/var/log/auth.log
^^ thanks, I always forget how is the file called on Debian derivatives.
Mar 29 11:27:23 mint-VirtualBox mdm[1061]: pam_sss(mdm:auth): received for user testuser: 9 (Authentication service cannot retrieve authentication info)
Looks like SSSD couldn't connect to the authentication server..
/etc/sssd/sssd.conf
[sssd] #debug_level = 3 config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 domains = DOMAIN services = nss, pam
[nss] # The following prevents SSSD from searching for the root user/group in # all domains (you can add here a comma-separated list of system accounts that # are always going to be /etc/passwd users, or that you want to filter out). filter_groups = root filter_users = root reconnection_retries = 3
[pam]
[domain/DOMAIN] description = LDAP domain with AD server debug_level = 9 cache_credentials = true enumerate = False
id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap
# Uncomment if service discovery is not working ldap_uri = ldap://adserver.domain.lan/
# Define these only if anonymous binds are not allowed and no keytab is available ldap_default_bind_dn = CN=Administrator,CN=Users,DC=domain,DC=lan ldap_default_authtok_type = password ldap_default_authtok = P4$$w0rd*
ldap_schema = rfc2307bis
ldap_search_base = dc=domain,dc=lan
# It looks like the ?sub?search notation is also accepted: http://sgallagh.wordpress.com/2011/12/22/sssd-tips-and-tricks-vol-2-ldap/ #ldap_user_search_base = cn=Users,dc=domain,dc=lan?sub?uid=* ldap_user_search_base = cn=Users,dc=domain,dc=lan ldap_user_object_class = person
ldap_user_domain_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_gecos = displayName ldap_user_uuid = objectGUID ldap_user_modify_timestamp = whenChanged
ldap_group_search_base = dc=domain,dc=lan ldap_group_object_class = group ldap_group_name = sAMAccountName ldap_group_uuid = objectGUID ldap_group_modify_timestamp = whenChanged ldap_group_nesting_level = 2
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = True
ldap_pwd_policy = none
#krb5_server = domain.lan
Did you comment out krb5_server in order to use service discovery on purpose? It's a valid usecase, just checking if it was the intent.
krb5_realm = DOMAIN.LAN dns_discovery_domain = domain.lan
# Probably required with sssd 1.8.x and newer krb5_canonicalize = false
# Uncomment if using SASL/GSSAPI to bind and a valid /etc/krb5.keytab exists #ldap_sasl_mech = GSSAPI # Uncomment and adjust if the default principal host/fqdn@REALM is not available #ldap_sasl_authid=MINT-VIRTUALBOX$@DOMAIN.LAN
/var/log/sssd/sssd_DOMAIN.log
<snip first part of the log>
Here comes the account request...
(Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=mdm] (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_step] (0x4000): beginning to connect (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved'
..sssd begins to connect..
(Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 389 for server 'adserver.domain.lan' is 'neutral' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds
...triggers name resolution..
(Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'name not resolved' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_is_address] (0x4000): [adserver.domain.lan] does not look like an IP address (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'resolving name' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'adserver.domain.lan' in files (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'adserver.domain.lan' in DNS (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'adserver.domain.lan': Could not contact DNS servers
And fails because the underlying resolver library cannot contact DNS servers.
(Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [set_server_common_status] (0x0100): Marking server 'adserver.domain.lan' as 'not working' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (adserver.domain.lan), resolver returned (5) (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [get_server_status] (0x1000): Status of server 'adserver.domain.lan' is 'not working' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Fri Mar 29 11:27:13 2013) [sssd[be[DOMAIN]]] [be_mark_offline] (0x2000): Going offline!
As a result of failed DNS resolution, the sssd goes offline.
Later in the logfiles I see that the SSSD succeeded in connecting to the LDAP server, but the only authentication request captured in the logs is:
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_pam_handler] (0x1000): Wait queue of user [testuser] is empty, running request immediately. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x99a7ae0
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x99a7ba8
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Destroying timer event 0x99a7ba8 "ltdb_timeout"
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [ldb] (0x4000): tevent: Ending timer event 0x99a7ae0 "ltdb_callback"
(Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_auth_send] (0x0100): No ccache file for user [testuser] found. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [krb5_auth_send] (0x4000): Ccache_file is [not set] and is not active and TGT is not valid. (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'KERBEROS'. Will use DNS discovery domain 'domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_KERBEROS._udp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_KERBEROS._udp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Could not contact DNS servers] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned (5) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'neutral' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'KERBEROS'. Will use DNS discovery domain 'domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_KERBEROS._tcp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_KERBEROS._tcp.domain.lan' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Could not contact DNS servers] (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'KERBEROS' as 'not resolved' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned (5) (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'not working' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [fo_resolve_service_send] (0x0020): No available servers for service 'KERBEROS' (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Fri Mar 29 11:27:23 2013) [sssd[be[DOMAIN]]] [be_mark_offline] (0x2000): Going offline!
^^ Which fails after the service resolution via DNS failed.
Does authentication work if you set krb5_server to adserver.domain.lan ?
On 29/03/13 12:51, Jakub Hrozek wrote:
^^ Which fails after the service resolution via DNS failed.
Does authentication work if you set krb5_server to adserver.domain.lan ?
No, but the line in /var/log/auth.log has changed to:
Mar 29 13:46:57 mint-VirtualBox mdm[1065]: pam_sss(mdm:auth): Request to sssd failed. Broken pipe
DNS appears to be working:
adserver.domain.lan with ipaddress 192.168.0.10 is the samba4 AD server running Bind 9.9.1
The client mint-VirtualBox gets its DNS info via DHCP from the samba4 server
/etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.0.10 search domain.lan
hostname mint-VirtualBox
hostname -f mint-VirtualBox.domain.lan
host -t SRV _ldap._tcp.domain.lan. _ldap._tcp.domain.lan has SRV record 0 100 389 adserver.domain.lan.
host -t A adserver.domain.lan. adserver.domain.lan has address 192.168.0.10
host -t A mint-VirtualBox.domain.lan. mint-VirtualBox.domain.lan has address 192.168.0.183
Thanks for your help so far and if you have any other thoughts how I can get it to work, they would be very much appreciated.
Rowland
On Fri, Mar 29, 2013 at 02:46:41PM +0000, Rowland Penny wrote:
On 29/03/13 12:51, Jakub Hrozek wrote:
^^ Which fails after the service resolution via DNS failed.
Does authentication work if you set krb5_server to adserver.domain.lan ?
No, but the line in /var/log/auth.log has changed to:
Mar 29 13:46:57 mint-VirtualBox mdm[1065]: pam_sss(mdm:auth): Request to sssd failed. Broken pipe
Hmm, Broken Pipe usually means the process on the other hand was terminated unexpectedly which usually translates to "crashed". Can you check syslog if any of the sss processes (the PAM responder probably) crashed during processing the request.
Or is it possible to get the debug logs to see what's wrong?
DNS appears to be working:
adserver.domain.lan with ipaddress 192.168.0.10 is the samba4 AD server running Bind 9.9.1
The client mint-VirtualBox gets its DNS info via DHCP from the samba4 server
/etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.0.10 search domain.lan
hostname mint-VirtualBox
hostname -f mint-VirtualBox.domain.lan
host -t SRV _ldap._tcp.domain.lan. _ldap._tcp.domain.lan has SRV record 0 100 389 adserver.domain.lan.
I see, can you also check if the Kerberos service records are correctly resolvable? (They shouldn't be needed in case you set krb5_server manually):
host -t SRV _kerberos._udp.domain.lan
host -t A adserver.domain.lan. adserver.domain.lan has address 192.168.0.10
host -t A mint-VirtualBox.domain.lan. mint-VirtualBox.domain.lan has address 192.168.0.183
Thanks for your help so far and if you have any other thoughts how I can get it to work, they would be very much appreciated.
Rowland
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On 29/03/13 11:21, Jakub Hrozek wrote:
On Thu, Mar 28, 2013 at 09:22:32PM +0000, Rowland Penny wrote:
Hello, I am trying to use sssd instead of winbind against a samba 4 AD server. After looking around the internet, I have got to the point where I can get a domain users info with 'getent passwd <domainuser>' and 'id <domainuser>'. I can also create a directory and chmod it <domainuser>:users, what I cannot do is login into the computer through ssh or the login GUI on the computer. This is on Linux Mint 14 using sssd 1.9.1.
Does anybody have any idea why sssd seems to work but fails in a very important way.
Can you paste or attach tail of /var/log/secure, your (sanitized) sssd.conf and the relevant portion of /var/log/sssd/sssd_$domain.log after raising debug_level to 6 or higher in the domain section? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I thought that as sssd seemed to have started on Fedora, I would try it on that distro.
On Fedora 18, I can login as a domain user, but found that I have the same problem as with winbind, the user on the client has a different uidnumber to the server.
i.e on the client: getent passwd testuser testuser:*:1201401105:1201400513:testuser:/home/DOMAIN/testuser:/bin/bash
on the server: getent passwd testuser HOME\testuser:*:3000016:100::/home/DOMAIN/testuser:/bin/bash
my sssd.conf
[sssd] debug_level = 3 config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 domains = DOMAIN services = nss, pam
[nss] # The following prevents SSSD from searching for the root user/group in # all domains (you can add here a comma-separated list of system accounts that # are always going to be /etc/passwd users, or that you want to filter out). filter_groups = root,gdm filter_users = root,gdm reconnection_retries = 3
[pam]
[domain/DOMAIN] description = LDAP domain with AD server debug_level = 6 cache_credentials = true enumerate = False
id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad
ad_server = adserver.domain.lan ad_hostname = client.domain.lan ad_domain = domain.lan
# Uncomment if service discovery is not working #ldap_uri = ldap://adserver.domain.lan/
# Define these only if anonymous binds are not allowed and no keytab is available ldap_default_bind_dn = CN=Administrator,CN=Users,DC=domain,DC=lan ldap_default_authtok_type = password ldap_default_authtok = Pa$$w0rd*
ldap_schema = rfc2307bis
ldap_search_base = dc=domain,dc=lan
# It looks like the ?sub?search notation is also accepted: http://sgallagh.wordpress.com/2011/12/22/sssd-tips-and-tricks-vol-2-ldap/ #ldap_user_search_base = cn=Users,dc=domain,dc=lan?sub?uid=* ldap_user_search_base = dc=domain,dc=lan ldap_user_object_class = person
ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_gecos = displayName ldap_user_uuid = objectGUID ldap_user_modify_timestamp = whenChanged
ldap_group_search_base = dc=domain,dc=lan ldap_group_object_class = group ldap_group_name = sAMAccountName ldap_group_uuid = objectGUID ldap_group_modify_timestamp = whenChanged ldap_group_nesting_level = 2
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = True
ldap_pwd_policy = none
krb5_server = adserver.domain.lan krb5_realm = DOMAIN.LAN dns_discovery_domain = domain.lan
# Probably required with sssd 1.8.x and newer krb5_canonicalize = false
# Uncomment if using SASL/GSSAPI to bind and a valid /etc/krb5.keytab exists #ldap_sasl_mech = GSSAPI # Uncomment and adjust if the default principal host/fqdn@REALM is not available #ldap_sasl_authid=CLIENT$@DOMAIN.LAN
Is there anyway to get the clients to have the same uidNumber & gidNumber as on the server?
Rowland
On Sun, Mar 31, 2013 at 02:52:58PM +0100, Rowland Penny wrote:
On 29/03/13 11:21, Jakub Hrozek wrote:
On Thu, Mar 28, 2013 at 09:22:32PM +0000, Rowland Penny wrote:
Hello, I am trying to use sssd instead of winbind against a samba 4 AD server. After looking around the internet, I have got to the point where I can get a domain users info with 'getent passwd <domainuser>' and 'id <domainuser>'. I can also create a directory and chmod it <domainuser>:users, what I cannot do is login into the computer through ssh or the login GUI on the computer. This is on Linux Mint 14 using sssd 1.9.1.
Does anybody have any idea why sssd seems to work but fails in a very important way.
Can you paste or attach tail of /var/log/secure, your (sanitized) sssd.conf and the relevant portion of /var/log/sssd/sssd_$domain.log after raising debug_level to 6 or higher in the domain section? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I thought that as sssd seemed to have started on Fedora, I would try it on that distro.
On Fedora 18, I can login as a domain user, but found that I have the same problem as with winbind, the user on the client has a different uidnumber to the server.
This is most probably caused by using different algorithm for ID mapping on the server side and the client side. Can you check the winbind configuration what are they using ? I would check for "idmap backend" parameter in smb.conf
Alternatively, if the Samba server also has the POSIX attributes, you could just be using those.
i.e on the client: getent passwd testuser testuser:*:1201401105:1201400513:testuser:/home/DOMAIN/testuser:/bin/bash
on the server: getent passwd testuser HOME\testuser:*:3000016:100::/home/DOMAIN/testuser:/bin/bash
my sssd.conf
[sssd] debug_level = 3 config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 domains = DOMAIN services = nss, pam
[nss] # The following prevents SSSD from searching for the root user/group in # all domains (you can add here a comma-separated list of system accounts that # are always going to be /etc/passwd users, or that you want to filter out). filter_groups = root,gdm filter_users = root,gdm reconnection_retries = 3
[pam]
[domain/DOMAIN] description = LDAP domain with AD server debug_level = 6 cache_credentials = true enumerate = False
id_provider = ad
Ah, I see you are using the new AD provider. In SSSD 1.9 the AD provider has three advantages over using the LDAP/Kerberos providers: 1) Simplified configuration. You shouldn't be needing the attribute mappings you used below 2) Does not require POSIX attributes to be present on the server side. IDs can be mapped based on SIDs 3) Better performance during login (only when ID-mapping is in use)
auth_provider = ad access_provider = ad chpass_provider = ad
ad_server = adserver.domain.lan ad_hostname = client.domain.lan ad_domain = domain.lan
# Uncomment if service discovery is not working #ldap_uri = ldap://adserver.domain.lan/
# Define these only if anonymous binds are not allowed and no keytab is available ldap_default_bind_dn = CN=Administrator,CN=Users,DC=domain,DC=lan ldap_default_authtok_type = password ldap_default_authtok = Pa$$w0rd*
With the AD provider you shouldn't be needing any of the options below. The AD provider should just default to them.
Is there a reason you are using password binds and not GSSAPI?
ldap_schema = rfc2307bis ldap_search_base = dc=domain,dc=lan
# It looks like the ?sub?search notation is also accepted: http://sgallagh.wordpress.com/2011/12/22/sssd-tips-and-tricks-vol-2-ldap/ #ldap_user_search_base = cn=Users,dc=domain,dc=lan?sub?uid=* ldap_user_search_base = dc=domain,dc=lan ldap_user_object_class = person
ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_gecos = displayName ldap_user_uuid = objectGUID ldap_user_modify_timestamp = whenChanged
ldap_group_search_base = dc=domain,dc=lan ldap_group_object_class = group ldap_group_name = sAMAccountName ldap_group_uuid = objectGUID ldap_group_modify_timestamp = whenChanged ldap_group_nesting_level = 2
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = True
ldap_pwd_policy = none
krb5_server = adserver.domain.lan krb5_realm = DOMAIN.LAN dns_discovery_domain = domain.lan
# Probably required with sssd 1.8.x and newer krb5_canonicalize = false
# Uncomment if using SASL/GSSAPI to bind and a valid /etc/krb5.keytab exists #ldap_sasl_mech = GSSAPI # Uncomment and adjust if the default principal host/fqdn@REALM is not available #ldap_sasl_authid=CLIENT$@DOMAIN.LAN
Is there anyway to get the clients to have the same uidNumber & gidNumber as on the server?
Rowland
I think there are two options: 1) keep using the ID mapping and tailor the configuration of the ID mapper in the SSSD so that it generates the same output as the winbind mapper. We've done this before, it's not the nicest looking configuration, but it works.
2) Switch to using POSIX IDs instead of mapping them from SIDs with both winbind and SSSD. All that should be needed on the SSSD side is set: ldap_id_mapping = False to sssd.conf and restart the SSSD (you might need to rm the cache as SSSD doesn't really handle UID/GID changes very well yet).
On the winbind side, I'm a little fuzzy on the details, but I believe this could be done with "winbind nss info" configuration option.
From where I am 1) sounds like easier to implement since all you'd be
changing is sssd.conf
On 02/04/13 11:09, Jakub Hrozek wrote:
On Sun, Mar 31, 2013 at 02:52:58PM +0100, Rowland Penny wrote:
On 29/03/13 11:21, Jakub Hrozek wrote:
On Thu, Mar 28, 2013 at 09:22:32PM +0000, Rowland Penny wrote:
Hello, I am trying to use sssd instead of winbind against a samba 4 AD server. After looking around the internet, I have got to the point where I can get a domain users info with 'getent passwd <domainuser>' and 'id <domainuser>'. I can also create a directory and chmod it <domainuser>:users, what I cannot do is login into the computer through ssh or the login GUI on the computer. This is on Linux Mint 14 using sssd 1.9.1.
Does anybody have any idea why sssd seems to work but fails in a very important way.
Can you paste or attach tail of /var/log/secure, your (sanitized) sssd.conf and the relevant portion of /var/log/sssd/sssd_$domain.log after raising debug_level to 6 or higher in the domain section? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I thought that as sssd seemed to have started on Fedora, I would try it on that distro.
On Fedora 18, I can login as a domain user, but found that I have the same problem as with winbind, the user on the client has a different uidnumber to the server.
This is most probably caused by using different algorithm for ID mapping on the server side and the client side. Can you check the winbind configuration what are they using ? I would check for "idmap backend" parameter in smb.conf
Alternatively, if the Samba server also has the POSIX attributes, you could just be using those.
i.e on the client: getent passwd testuser testuser:*:1201401105:1201400513:testuser:/home/DOMAIN/testuser:/bin/bash
on the server: getent passwd testuser HOME\testuser:*:3000016:100::/home/DOMAIN/testuser:/bin/bash
my sssd.conf
[sssd] debug_level = 3 config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 domains = DOMAIN services = nss, pam
[nss] # The following prevents SSSD from searching for the root user/group in # all domains (you can add here a comma-separated list of system accounts that # are always going to be /etc/passwd users, or that you want to filter out). filter_groups = root,gdm filter_users = root,gdm reconnection_retries = 3
[pam]
[domain/DOMAIN] description = LDAP domain with AD server debug_level = 6 cache_credentials = true enumerate = False
id_provider = ad
Ah, I see you are using the new AD provider. In SSSD 1.9 the AD provider has three advantages over using the LDAP/Kerberos providers:
- Simplified configuration. You shouldn't be needing the attribute
mappings you used below 2) Does not require POSIX attributes to be present on the server side. IDs can be mapped based on SIDs 3) Better performance during login (only when ID-mapping is in use)
auth_provider = ad access_provider = ad chpass_provider = ad
ad_server = adserver.domain.lan ad_hostname = client.domain.lan ad_domain = domain.lan
# Uncomment if service discovery is not working #ldap_uri = ldap://adserver.domain.lan/
# Define these only if anonymous binds are not allowed and no keytab is available ldap_default_bind_dn = CN=Administrator,CN=Users,DC=domain,DC=lan ldap_default_authtok_type = password ldap_default_authtok = Pa$$w0rd*
With the AD provider you shouldn't be needing any of the options below. The AD provider should just default to them.
Is there a reason you are using password binds and not GSSAPI?
OK, I have removed all the lines you suggested and getent stopped working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason:
(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'AD'. Will use DNS discovery domain 'DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Domain name not found] (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved'
It is trying to look up the samba domain name instead of the the DNS domain.name, re-adding the following line cures this:
dns_discovery_domain = domain.lan
I am also now using GSSAPI again, I just tried the username/password to see if it made any difference.
ldap_schema = rfc2307bis ldap_search_base = dc=domain,dc=lan
# It looks like the ?sub?search notation is also accepted: http://sgallagh.wordpress.com/2011/12/22/sssd-tips-and-tricks-vol-2-ldap/ #ldap_user_search_base = cn=Users,dc=domain,dc=lan?sub?uid=* ldap_user_search_base = dc=domain,dc=lan ldap_user_object_class = person
ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_gecos = displayName ldap_user_uuid = objectGUID ldap_user_modify_timestamp = whenChanged
ldap_group_search_base = dc=domain,dc=lan ldap_group_object_class = group ldap_group_name = sAMAccountName ldap_group_uuid = objectGUID ldap_group_modify_timestamp = whenChanged ldap_group_nesting_level = 2
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = True
ldap_pwd_policy = none
krb5_server = adserver.domain.lan krb5_realm = DOMAIN.LAN dns_discovery_domain = domain.lan
# Probably required with sssd 1.8.x and newer krb5_canonicalize = false
# Uncomment if using SASL/GSSAPI to bind and a valid /etc/krb5.keytab exists #ldap_sasl_mech = GSSAPI # Uncomment and adjust if the default principal host/fqdn@REALM is not available #ldap_sasl_authid=CLIENT$@DOMAIN.LAN
Is there anyway to get the clients to have the same uidNumber & gidNumber as on the server?
Rowland
I think there are two options:
- keep using the ID mapping and tailor the configuration of the ID
mapper in the SSSD so that it generates the same output as the winbind mapper. We've done this before, it's not the nicest looking configuration, but it works.
What sssd ID mapping seems to do is, get the last part of the SID and add a number to the front of it, is this correct? and if so where does the number come from? and is this the way Windows does it?
When you say 'the same output as the winbind mapper', which winbind are you refering to, the winbind on the Samba 4 server or the winbind on the Samba 3 client?
- Switch to using POSIX IDs instead of mapping them from SIDs with both
winbind and SSSD. All that should be needed on the SSSD side is set: ldap_id_mapping = False to sssd.conf and restart the SSSD (you might need to rm the cache as SSSD doesn't really handle UID/GID changes very well yet).
On the winbind side, I'm a little fuzzy on the details, but I believe this could be done with "winbind nss info" configuration option.
The problem here is the use of winbind, I cannot get the idmap_ad backend to work at all, and idmap_rid gives a different uid from the Samba 4 server
From where I am 1) sounds like easier to implement since all you'd be changing is sssd.conf
I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On 02/04/13 13:42, Rowland Penny wrote:
I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
YES!!!! it works
On the Samba 4 server: getent passwd rowland rowland:*:1201401105:1201400513:rowland:/home/DOMAIN/rowland:/bin/bash
On the client: getent passwd rowland rowland:*:1201401105:1201400513:rowland:/home/DOMAIN/rowland:/bin/bash
They match, this is the only way that I have been able to get a user to have the same uid & gid numbers on the server and the clients.
Thanks for such great software.
Rowland Penny
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote:
With the AD provider you shouldn't be needing any of the options below. The AD provider should just default to them.
Is there a reason you are using password binds and not GSSAPI?
OK, I have removed all the lines you suggested and getent stopped working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason:
(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'AD'. Will use DNS discovery domain 'DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Domain name not found] (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved'
It is trying to look up the samba domain name instead of the the DNS domain.name, re-adding the following line cures this:
dns_discovery_domain = domain.lan
I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
Rowland
I think there are two options:
- keep using the ID mapping and tailor the configuration of the ID
mapper in the SSSD so that it generates the same output as the winbind mapper. We've done this before, it's not the nicest looking configuration, but it works.
What sssd ID mapping seems to do is, get the last part of the SID and add a number to the front of it, is this correct? and if so where does the number come from? and is this the way Windows does it?
Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
When you say 'the same output as the winbind mapper', which winbind are you refering to, the winbind on the Samba 4 server or the winbind on the Samba 3 client?
Both actually. You really want to have the IDs consistent everywhere.
- Switch to using POSIX IDs instead of mapping them from SIDs with both
winbind and SSSD. All that should be needed on the SSSD side is set: ldap_id_mapping = False to sssd.conf and restart the SSSD (you might need to rm the cache as SSSD doesn't really handle UID/GID changes very well yet).
On the winbind side, I'm a little fuzzy on the details, but I believe this could be done with "winbind nss info" configuration option.
The problem here is the use of winbind, I cannot get the idmap_ad backend to work at all, and idmap_rid gives a different uid from the Samba 4 server
So which mapper does the S4 server use?
From where I am 1) sounds like easier to implement since all you'd be changing is sssd.conf
I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
On 02/04/13 22:39, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote:
With the AD provider you shouldn't be needing any of the options below. The AD provider should just default to them.
Is there a reason you are using password binds and not GSSAPI?
OK, I have removed all the lines you suggested and getent stopped working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason:
(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'AD'. Will use DNS discovery domain 'DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Domain name not found] (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved'
It is trying to look up the samba domain name instead of the the DNS domain.name, re-adding the following line cures this:
dns_discovery_domain = domain.lan
I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
Rowland
I think there are two options:
- keep using the ID mapping and tailor the configuration of the ID
mapper in the SSSD so that it generates the same output as the winbind mapper. We've done this before, it's not the nicest looking configuration, but it works.
What sssd ID mapping seems to do is, get the last part of the SID and add a number to the front of it, is this correct? and if so where does the number come from? and is this the way Windows does it?
Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
When you say 'the same output as the winbind mapper', which winbind are you refering to, the winbind on the Samba 4 server or the winbind on the Samba 3 client?
Both actually. You really want to have the IDs consistent everywhere.
That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
- Switch to using POSIX IDs instead of mapping them from SIDs with both
winbind and SSSD. All that should be needed on the SSSD side is set: ldap_id_mapping = False to sssd.conf and restart the SSSD (you might need to rm the cache as SSSD doesn't really handle UID/GID changes very well yet).
On the winbind side, I'm a little fuzzy on the details, but I believe this could be done with "winbind nss info" configuration option.
The problem here is the use of winbind, I cannot get the idmap_ad backend to work at all, and idmap_rid gives a different uid from the Samba 4 server
So which mapper does the S4 server use?
I do not know, I only know it is different from the S3 winbind.
From where I am 1) sounds like easier to implement since all you'd be changing is sssd.conf
I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
Rowland
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote:
With the AD provider you shouldn't be needing any of the options below. The AD provider should just default to them.
Is there a reason you are using password binds and not GSSAPI?
OK, I have removed all the lines you suggested and getent stopped working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason:
(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'AD'. Will use DNS discovery domain 'DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Domain name not found] (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved'
It is trying to look up the samba domain name instead of the the DNS domain.name, re-adding the following line cures this:
dns_discovery_domain = domain.lan
I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
Rowland
I think there are two options:
- keep using the ID mapping and tailor the configuration of the ID
mapper in the SSSD so that it generates the same output as the winbind mapper. We've done this before, it's not the nicest looking configuration, but it works.
What sssd ID mapping seems to do is, get the last part of the SID and add a number to the front of it, is this correct? and if so where does the number come from? and is this the way Windows does it?
Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
When you say 'the same output as the winbind mapper', which winbind are you refering to, the winbind on the Samba 4 server or the winbind on the Samba 3 client?
Both actually. You really want to have the IDs consistent everywhere.
That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
- Switch to using POSIX IDs instead of mapping them from SIDs with both
winbind and SSSD. All that should be needed on the SSSD side is set: ldap_id_mapping = False to sssd.conf and restart the SSSD (you might need to rm the cache as SSSD doesn't really handle UID/GID changes very well yet).
On the winbind side, I'm a little fuzzy on the details, but I believe this could be done with "winbind nss info" configuration option.
The problem here is the use of winbind, I cannot get the idmap_ad backend to work at all, and idmap_rid gives a different uid from the Samba 4 server
So which mapper does the S4 server use?
I do not know, I only know it is different from the S3 winbind.
From where I am 1) sounds like easier to implement since all you'd be changing is sssd.conf
I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote:
With the AD provider you shouldn't be needing any of the options below. The AD provider should just default to them.
Is there a reason you are using password binds and not GSSAPI?
OK, I have removed all the lines you suggested and getent stopped working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason:
(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'AD'. Will use DNS discovery domain 'DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Domain name not found] (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved'
It is trying to look up the samba domain name instead of the the DNS domain.name, re-adding the following line cures this:
dns_discovery_domain = domain.lan
I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
Rowland
I think there are two options:
- keep using the ID mapping and tailor the configuration of the ID
mapper in the SSSD so that it generates the same output as the winbind mapper. We've done this before, it's not the nicest looking configuration, but it works.
What sssd ID mapping seems to do is, get the last part of the SID and add a number to the front of it, is this correct? and if so where does the number come from? and is this the way Windows does it?
Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
When you say 'the same output as the winbind mapper', which winbind are you refering to, the winbind on the Samba 4 server or the winbind on the Samba 3 client?
Both actually. You really want to have the IDs consistent everywhere.
That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
- Switch to using POSIX IDs instead of mapping them from SIDs with both
winbind and SSSD. All that should be needed on the SSSD side is set: ldap_id_mapping = False to sssd.conf and restart the SSSD (you might need to rm the cache as SSSD doesn't really handle UID/GID changes very well yet).
On the winbind side, I'm a little fuzzy on the details, but I believe this could be done with "winbind nss info" configuration option.
The problem here is the use of winbind, I cannot get the idmap_ad backend to work at all, and idmap_rid gives a different uid from the Samba 4 server
So which mapper does the S4 server use?
I do not know, I only know it is different from the S3 winbind.
From where I am 1) sounds like easier to implement since all you'd be changing is sssd.conf
I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run. The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch. So you cannot remove either of the winbind's, I just choose not to create the symlinks, that way the samba daemon winbind cannot interfere with getent. As I said, using sssd with samba 4 is the only easy way that I have found to get consistent uid's etc, there is another way using nslcd, kstart etc but it is not really as easy as sssd.
So, unless someone can provide me a good reason why I should not do this, I will carry on testing it on my small home network.
Rowland
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote:
With the AD provider you shouldn't be needing any of the options below. The AD provider should just default to them.
Is there a reason you are using password binds and not GSSAPI?
OK, I have removed all the lines you suggested and getent stopped working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason:
(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'AD'. Will use DNS discovery domain 'DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Domain name not found] (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved'
It is trying to look up the samba domain name instead of the the DNS domain.name, re-adding the following line cures this:
dns_discovery_domain = domain.lan
I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
> Rowland
I think there are two options:
- keep using the ID mapping and tailor the configuration of the ID
mapper in the SSSD so that it generates the same output as the winbind mapper. We've done this before, it's not the nicest looking configuration, but it works.
What sssd ID mapping seems to do is, get the last part of the SID and add a number to the front of it, is this correct? and if so where does the number come from? and is this the way Windows does it?
Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
When you say 'the same output as the winbind mapper', which winbind are you refering to, the winbind on the Samba 4 server or the winbind on the Samba 3 client?
Both actually. You really want to have the IDs consistent everywhere.
That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
- Switch to using POSIX IDs instead of mapping them from SIDs with
both winbind and SSSD. All that should be needed on the SSSD side is set: ldap_id_mapping = False to sssd.conf and restart the SSSD (you might need to rm the cache as SSSD doesn't really handle UID/GID changes very well yet).
On the winbind side, I'm a little fuzzy on the details, but I believe this could be done with "winbind nss info" configuration option.
The problem here is the use of winbind, I cannot get the idmap_ad backend to work at all, and idmap_rid gives a different uid from the Samba 4 server
So which mapper does the S4 server use?
I do not know, I only know it is different from the S3 winbind.
From where I am 1) sounds like easier to implement since all you'd be
changing is sssd.conf
I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run.
That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch.
What do you mean here?
So you cannot remove either of the winbind's, I just choose not to create the symlinks, that way the samba daemon winbind cannot interfere with getent. As I said, using sssd with samba 4 is the only easy way that I have found to get consistent uid's etc, there is another way using nslcd, kstart etc but it is not really as easy as sssd.
Why not? To have consitent uid/gid you just set them for each user or let S4 do it for you (autoincrement). Then all you have to to on the client is to read them from the AD. You can do the same with windows and unix extensions ...
-- andreas
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote:
> With the AD provider you shouldn't be needing any of the options > below. > The AD provider should just default to them. > > Is there a reason you are using password binds and not GSSAPI? OK, I have removed all the lines you suggested and getent stopped working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason:
(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] (0x0400): SRV resolution of service 'AD'. Will use DNS discovery domain 'DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] (0x0020): SRV query failed: [Domain name not found] (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved'
It is trying to look up the samba domain name instead of the the DNS domain.name, re-adding the following line cures this:
dns_discovery_domain = domain.lan
I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
>> Rowland > I think there are two options: > 1) keep using the ID mapping and tailor the configuration of the ID > mapper in the SSSD so that it generates the same output as the winbind > mapper. We've done this before, it's not the nicest looking > configuration, but it works. What sssd ID mapping seems to do is, get the last part of the SID and add a number to the front of it, is this correct? and if so where does the number come from? and is this the way Windows does it?
Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
When you say 'the same output as the winbind mapper', which winbind are you refering to, the winbind on the Samba 4 server or the winbind on the Samba 3 client?
Both actually. You really want to have the IDs consistent everywhere.
That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
> 2) Switch to using POSIX IDs instead of mapping them from SIDs with > both > winbind and SSSD. All that should be needed on the SSSD side is set: > ldap_id_mapping = False > to sssd.conf and restart the SSSD (you might need to rm the cache as > SSSD doesn't really handle UID/GID changes very well yet). > > On the winbind side, I'm a little fuzzy on the details, but I believe > this could be done with "winbind nss info" configuration option. The problem here is the use of winbind, I cannot get the idmap_ad backend to work at all, and idmap_rid gives a different uid from the Samba 4 server
So which mapper does the S4 server use?
I do not know, I only know it is different from the S3 winbind.
> From where I am 1) sounds like easier to implement since all you'd be > > changing is sssd.conf I am being to think that the way forward is to stop winbind on the Samba 4 server and use sssd instead.
That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run.
That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch.
What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
So you cannot remove either of the winbind's, I just choose not to create the symlinks, that way the samba daemon winbind cannot interfere with getent. As I said, using sssd with samba 4 is the only easy way that I have found to get consistent uid's etc, there is another way using nslcd, kstart etc but it is not really as easy as sssd.
Why not? To have consitent uid/gid you just set them for each user or let S4 do it for you (autoincrement). Then all you have to to on the client is to read them from the AD. You can do the same with windows and unix extensions ...
-- andreas
I have tried to use winbind with idmap_rid, but I got different results from the server. I was then advised to try idmap_ad, with this I could not get any results at all, no matter what ranges etc I put into smb.conf.
In my opinion, for what it is worth, If Samba want people to use winbind, they need to sort out winbind for the clients, perhaps base it on whatever S4 uses, reduce the choices of backend to one and make it pull the info from the S4 database and store it locally with little modification to the smb.conf
But then again, this is what sssd seems to do, with sssd running on the server & linux clients I get consistent uid's etc with less in the clients smb.conf, seemingly no ranges to worry about and just one extra conf file to set and there is very little to set if you use the sssd ad backend.
I am not claiming that using sssd is perfect, but it is a darn sight better than the mess winbind is at the moment.
Rowland
On 04/05/2013 12:36 PM, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >> With the AD provider you shouldn't be needing any of the options >> below. >> The AD provider should just default to them. >> >> Is there a reason you are using password binds and not GSSAPI? > OK, I have removed all the lines you suggested and getent stopped > working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason: > > (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] > (0x0400): SRV resolution of service 'AD'. Will use DNS discovery > domain 'DOMAIN' > (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] > (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' > (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] > (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' > (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] > [request_watch_destructor] (0x0400): Deleting request watch > (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] > (0x0020): SRV query failed: [Domain name not found] > (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] > (0x0100): Marking port 0 of server '(no name)' as 'not working' > (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] > (0x0100): Marking SRV lookup of service 'AD' as 'not resolved' > > It is trying to look up the samba domain name instead of the the > DNS > domain.name, re-adding the following line cures this: > > dns_discovery_domain = domain.lan I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
>>> Rowland >> I think there are two options: >> 1) keep using the ID mapping and tailor the configuration of >> the ID >> mapper in the SSSD so that it generates the same output as the >> winbind >> mapper. We've done this before, it's not the nicest looking >> configuration, but it works. > What sssd ID mapping seems to do is, get the last part of the SID > and add a number to the front of it, is this correct? and if so > where does the number come from? and is this the way Windows does > it? Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
> When you say 'the same output as the winbind mapper', which winbind > are you refering to, the winbind on the Samba 4 server or the > winbind on the Samba 3 client? Both actually. You really want to have the IDs consistent everywhere.
That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
>> 2) Switch to using POSIX IDs instead of mapping them from SIDs >> with >> both >> winbind and SSSD. All that should be needed on the SSSD side is >> set: >> ldap_id_mapping = False >> to sssd.conf and restart the SSSD (you might need to rm the >> cache as >> SSSD doesn't really handle UID/GID changes very well yet). >> >> On the winbind side, I'm a little fuzzy on the details, but I >> believe >> this could be done with "winbind nss info" configuration option. > The problem here is the use of winbind, I cannot get the idmap_ad > backend to work at all, and idmap_rid gives a different uid from > the > Samba 4 server So which mapper does the S4 server use?
I do not know, I only know it is different from the S3 winbind.
>> From where I am 1) sounds like easier to implement since all >> you'd be >> >> changing is sssd.conf > I am being to think that the way forward is to stop winbind on the > Samba 4 server and use sssd instead. That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run.
That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch.
What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
So you cannot remove either of the winbind's, I just choose not to create the symlinks, that way the samba daemon winbind cannot interfere with getent. As I said, using sssd with samba 4 is the only easy way that I have found to get consistent uid's etc, there is another way using nslcd, kstart etc but it is not really as easy as sssd.
Why not? To have consitent uid/gid you just set them for each user or let S4 do it for you (autoincrement). Then all you have to to on the client is to read them from the AD. You can do the same with windows and unix extensions ...
-- andreas
I have tried to use winbind with idmap_rid, but I got different results from the server. I was then advised to try idmap_ad, with this I could not get any results at all, no matter what ranges etc I put into smb.conf.
In my opinion, for what it is worth, If Samba want people to use winbind, they need to sort out winbind for the clients, perhaps base it on whatever S4 uses, reduce the choices of backend to one and make it pull the info from the S4 database and store it locally with little modification to the smb.conf
But then again, this is what sssd seems to do, with sssd running on the server & linux clients I get consistent uid's etc with less in the clients smb.conf, seemingly no ranges to worry about and just one extra conf file to set and there is very little to set if you use the sssd ad backend.
I am not claiming that using sssd is perfect, but it is a darn sight better than the mess winbind is at the moment.
Rowland
The funny thing is that SSSD uses a lot of samba code under the hood ;-) It seems to do it better than winbind itself...
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>With the AD provider you shouldn't be needing any of the options >>below. >>The AD provider should just default to them. >> >>Is there a reason you are using password binds and not GSSAPI? >OK, I have removed all the lines you suggested and getent stopped >working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason: > >(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] >(0x0400): SRV resolution of service 'AD'. Will use DNS discovery >domain 'DOMAIN' >(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] >(0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' >(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] >(0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >[request_watch_destructor] (0x0400): Deleting request watch >(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] >(0x0020): SRV query failed: [Domain name not found] >(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] >(0x0100): Marking port 0 of server '(no name)' as 'not working' >(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] >(0x0100): Marking SRV lookup of service 'AD' as 'not resolved' > >It is trying to look up the samba domain name instead of the the DNS >domain.name, re-adding the following line cures this: > >dns_discovery_domain = domain.lan I see, this is interesting. Does the value of dns_discovery_domain differ from the value of ad_domain? If not, then I would consider it a bug.
I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
>>>Rowland >>I think there are two options: >>1) keep using the ID mapping and tailor the configuration of the ID >>mapper in the SSSD so that it generates the same output as the winbind >>mapper. We've done this before, it's not the nicest looking >>configuration, but it works. >What sssd ID mapping seems to do is, get the last part of the SID >and add a number to the front of it, is this correct? and if so >where does the number come from? and is this the way Windows does >it? Correct, The first number is a hashed value of the domain part of the SID and the "last part of the SID" is usually called the RID.
Can you check if setting ldap_idmap_autorid_compat to True would yield the same IDs as winbind does? (Sorry I don't have a box with winbind handy and I always forget the details).
I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
>When you say 'the same output as the winbind mapper', which winbind >are you refering to, the winbind on the Samba 4 server or the >winbind on the Samba 3 client? Both actually. You really want to have the IDs consistent everywhere.
That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
>>2) Switch to using POSIX IDs instead of mapping them from SIDs with >>both >>winbind and SSSD. All that should be needed on the SSSD side is set: >>ldap_id_mapping = False >>to sssd.conf and restart the SSSD (you might need to rm the cache as >>SSSD doesn't really handle UID/GID changes very well yet). >> >>On the winbind side, I'm a little fuzzy on the details, but I believe >>this could be done with "winbind nss info" configuration option. >The problem here is the use of winbind, I cannot get the idmap_ad >backend to work at all, and idmap_rid gives a different uid from the >Samba 4 server So which mapper does the S4 server use?
I do not know, I only know it is different from the S3 winbind.
>> From where I am 1) sounds like easier to implement since all you'd be >> >>changing is sssd.conf >I am being to think that the way forward is to stop winbind on the >Samba 4 server and use sssd instead. That is a noble goal and one which we wanted to accomplish in the upcoming 1.10 release, but it was postponed to the next one: https://fedorahosted.org/sssd/ticket/1534
The Samba server seems to be leveraging an interface only winbind is able to serve at the moment to convert SIDs to GIDs on the server side.
I don't know all the details, sorry, maybe on of the Samba developers lurking on this list would chime in.
I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run.
That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch.
What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub Hrozek wrote: > On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>> With the AD provider you shouldn't be needing any of the options >>> below. >>> The AD provider should just default to them. >>> >>> Is there a reason you are using password binds and not GSSAPI? >> OK, I have removed all the lines you suggested and getent stopped >> working, examining /var/log/sssd/sssd_DOMAIN.log gives the reason: >> >> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] >> (0x0400): SRV resolution of service 'AD'. Will use DNS discovery >> domain 'DOMAIN' >> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] >> (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' >> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolv_getsrv_send] >> (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >> [request_watch_destructor] (0x0400): Deleting request watch >> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] >> (0x0020): SRV query failed: [Domain name not found] >> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [fo_set_port_status] >> (0x0100): Marking port 0 of server '(no name)' as 'not working' >> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [set_srv_data_status] >> (0x0100): Marking SRV lookup of service 'AD' as 'not resolved' >> >> It is trying to look up the samba domain name instead of the the DNS >> domain.name, re-adding the following line cures this: >> >> dns_discovery_domain = domain.lan > I see, this is interesting. Does the value of dns_discovery_domain > differ from the value of ad_domain? If not, then I would consider it a > bug. I must have misunderstood you, because I turned off 'ad_domain = domain.lan'. I have now turned it back on again and turned off the dns_discovery_domain line and it still works.
>>>> Rowland >>> I think there are two options: >>> 1) keep using the ID mapping and tailor the configuration of the ID >>> mapper in the SSSD so that it generates the same output as the winbind >>> mapper. We've done this before, it's not the nicest looking >>> configuration, but it works. >> What sssd ID mapping seems to do is, get the last part of the SID >> and add a number to the front of it, is this correct? and if so >> where does the number come from? and is this the way Windows does >> it? > Correct, The first number is a hashed value of the domain part of the > SID > and the "last part of the SID" is usually called the RID. > > Can you check if setting ldap_idmap_autorid_compat to True would yield > the same IDs as winbind does? (Sorry I don't have a box with winbind > handy and I always forget the details). I have tried it and no it wouldn't, with S3 winbind I got:
uid=21105(user) gid=20513(domain_users) groups=20513(domain_users)
With the line added into sssd.conf and winbind turned off, I now get:
uid=201105(user) gid=200513(domain_users) groups=200513(domain_users)
>> When you say 'the same output as the winbind mapper', which winbind >> are you refering to, the winbind on the Samba 4 server or the >> winbind on the Samba 3 client? > Both actually. You really want to have the IDs consistent everywhere. That is the problem, the built into samba4 winbind returns different results:
uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
>>> 2) Switch to using POSIX IDs instead of mapping them from SIDs with >>> both >>> winbind and SSSD. All that should be needed on the SSSD side is set: >>> ldap_id_mapping = False >>> to sssd.conf and restart the SSSD (you might need to rm the cache as >>> SSSD doesn't really handle UID/GID changes very well yet). >>> >>> On the winbind side, I'm a little fuzzy on the details, but I believe >>> this could be done with "winbind nss info" configuration option. >> The problem here is the use of winbind, I cannot get the idmap_ad >> backend to work at all, and idmap_rid gives a different uid from the >> Samba 4 server > So which mapper does the S4 server use? I do not know, I only know it is different from the S3 winbind.
>>> From where I am 1) sounds like easier to implement since all you'd be >>> >>> changing is sssd.conf >> I am being to think that the way forward is to stop winbind on the >> Samba 4 server and use sssd instead. > That is a noble goal and one which we wanted to accomplish in the > upcoming 1.10 release, but it was postponed to the next one: > https://fedorahosted.org/sssd/ticket/1534 > > The Samba server seems to be leveraging an interface only winbind is > able to serve at the moment to convert SIDs to GIDs on the server side. > > I don't know all the details, sorry, maybe on of the Samba developers > lurking on this list would chime in. I don't understand this, by removing the S4 winbind links on the server and installing sssd 1.9.4, I appear to have got it to work, I now have consistent uid's & gid's without any real effort.
I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run.
That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch.
What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: > On 02/04/13 22:39, Jakub Hrozek wrote: >> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>>> With the AD provider you shouldn't be needing any of the options >>>> below. >>>> The AD provider should just default to them. >>>> >>>> Is there a reason you are using password binds and not GSSAPI? >>> OK, I have removed all the lines you suggested and getent stopped >>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>> reason: >>> >>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] >>> (0x0400): SRV resolution of service 'AD'. Will use DNS discovery >>> domain 'DOMAIN' >>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] >>> (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' >>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>> [resolv_getsrv_send] >>> (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>> [request_watch_destructor] (0x0400): Deleting request watch >>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] >>> (0x0020): SRV query failed: [Domain name not found] >>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>> [fo_set_port_status] >>> (0x0100): Marking port 0 of server '(no name)' as 'not working' >>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>> [set_srv_data_status] >>> (0x0100): Marking SRV lookup of service 'AD' as 'not resolved' >>> >>> It is trying to look up the samba domain name instead of the >>> the DNS >>> domain.name, re-adding the following line cures this: >>> >>> dns_discovery_domain = domain.lan >> I see, this is interesting. Does the value of dns_discovery_domain >> differ from the value of ad_domain? If not, then I would >> consider it a >> bug. > I must have misunderstood you, because I turned off 'ad_domain = > domain.lan'. I have now turned it back on again and turned off the > dns_discovery_domain line and it still works. > >>>>> Rowland >>>> I think there are two options: >>>> 1) keep using the ID mapping and tailor the configuration of >>>> the ID >>>> mapper in the SSSD so that it generates the same output as >>>> the winbind >>>> mapper. We've done this before, it's not the nicest looking >>>> configuration, but it works. >>> What sssd ID mapping seems to do is, get the last part of the SID >>> and add a number to the front of it, is this correct? and if so >>> where does the number come from? and is this the way Windows does >>> it? >> Correct, The first number is a hashed value of the domain part >> of the >> SID >> and the "last part of the SID" is usually called the RID. >> >> Can you check if setting ldap_idmap_autorid_compat to True >> would yield >> the same IDs as winbind does? (Sorry I don't have a box with >> winbind >> handy and I always forget the details). > I have tried it and no it wouldn't, with S3 winbind I got: > > uid=21105(user) gid=20513(domain_users) groups=20513(domain_users) > > With the line added into sssd.conf and winbind turned off, I now > get: > > uid=201105(user) gid=200513(domain_users) > groups=200513(domain_users) > >>> When you say 'the same output as the winbind mapper', which >>> winbind >>> are you refering to, the winbind on the Samba 4 server or the >>> winbind on the Samba 3 client? >> Both actually. You really want to have the IDs consistent >> everywhere. > That is the problem, the built into samba4 winbind returns > different > results: > > uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) > >>>> 2) Switch to using POSIX IDs instead of mapping them from >>>> SIDs with >>>> both >>>> winbind and SSSD. All that should be needed on the SSSD side >>>> is set: >>>> ldap_id_mapping = False >>>> to sssd.conf and restart the SSSD (you might need to rm the >>>> cache as >>>> SSSD doesn't really handle UID/GID changes very well yet). >>>> >>>> On the winbind side, I'm a little fuzzy on the details, but I >>>> believe >>>> this could be done with "winbind nss info" configuration option. >>> The problem here is the use of winbind, I cannot get the idmap_ad >>> backend to work at all, and idmap_rid gives a different uid >>> from the >>> Samba 4 server >> So which mapper does the S4 server use? > I do not know, I only know it is different from the S3 winbind. > >>>> From where I am 1) sounds like easier to implement since >>>> all you'd be >>>> >>>> changing is sssd.conf >>> I am being to think that the way forward is to stop winbind on >>> the >>> Samba 4 server and use sssd instead. >> That is a noble goal and one which we wanted to accomplish in the >> upcoming 1.10 release, but it was postponed to the next one: >> https://fedorahosted.org/sssd/ticket/1534 >> >> The Samba server seems to be leveraging an interface only >> winbind is >> able to serve at the moment to convert SIDs to GIDs on the >> server side. >> >> I don't know all the details, sorry, maybe on of the Samba >> developers >> lurking on this list would chime in. > I don't understand this, by removing the S4 winbind links on the > server and installing sssd 1.9.4, I appear to have got it to work, > I now have consistent uid's & gid's without any real effort. I had a short chat with the Samba Red Hat maintainer Andreas Schneider (CC-ed) and he advised against removing winbind from the server, too.
I'm sure he'll provide a more qualified answer than I can :-)
Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run.
That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch.
What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote: > On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >> On 02/04/13 22:39, Jakub Hrozek wrote: >>> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>>>> With the AD provider you shouldn't be needing any of the options >>>>> below. >>>>> The AD provider should just default to them. >>>>> >>>>> Is there a reason you are using password binds and not GSSAPI? >>>> OK, I have removed all the lines you suggested and getent stopped >>>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>> reason: >>>> >>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] >>>> (0x0400): SRV resolution of service 'AD'. Will use DNS discovery >>>> domain 'DOMAIN' >>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] >>>> (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' >>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>> [resolv_getsrv_send] >>>> (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>> [request_watch_destructor] (0x0400): Deleting request watch >>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] >>>> (0x0020): SRV query failed: [Domain name not found] >>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>> [fo_set_port_status] >>>> (0x0100): Marking port 0 of server '(no name)' as 'not working' >>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>> [set_srv_data_status] >>>> (0x0100): Marking SRV lookup of service 'AD' as 'not resolved' >>>> >>>> It is trying to look up the samba domain name instead of the >>>> the DNS >>>> domain.name, re-adding the following line cures this: >>>> >>>> dns_discovery_domain = domain.lan >>> I see, this is interesting. Does the value of dns_discovery_domain >>> differ from the value of ad_domain? If not, then I would >>> consider it a >>> bug. >> I must have misunderstood you, because I turned off 'ad_domain = >> domain.lan'. I have now turned it back on again and turned off the >> dns_discovery_domain line and it still works. >> >>>>>> Rowland >>>>> I think there are two options: >>>>> 1) keep using the ID mapping and tailor the configuration of >>>>> the ID >>>>> mapper in the SSSD so that it generates the same output as >>>>> the winbind >>>>> mapper. We've done this before, it's not the nicest looking >>>>> configuration, but it works. >>>> What sssd ID mapping seems to do is, get the last part of the SID >>>> and add a number to the front of it, is this correct? and if so >>>> where does the number come from? and is this the way Windows does >>>> it? >>> Correct, The first number is a hashed value of the domain part >>> of the >>> SID >>> and the "last part of the SID" is usually called the RID. >>> >>> Can you check if setting ldap_idmap_autorid_compat to True >>> would yield >>> the same IDs as winbind does? (Sorry I don't have a box with >>> winbind >>> handy and I always forget the details). >> I have tried it and no it wouldn't, with S3 winbind I got: >> >> uid=21105(user) gid=20513(domain_users) groups=20513(domain_users) >> >> With the line added into sssd.conf and winbind turned off, I now >> get: >> >> uid=201105(user) gid=200513(domain_users) >> groups=200513(domain_users) >> >>>> When you say 'the same output as the winbind mapper', which >>>> winbind >>>> are you refering to, the winbind on the Samba 4 server or the >>>> winbind on the Samba 3 client? >>> Both actually. You really want to have the IDs consistent >>> everywhere. >> That is the problem, the built into samba4 winbind returns >> different >> results: >> >> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >> >>>>> 2) Switch to using POSIX IDs instead of mapping them from >>>>> SIDs with >>>>> both >>>>> winbind and SSSD. All that should be needed on the SSSD side >>>>> is set: >>>>> ldap_id_mapping = False >>>>> to sssd.conf and restart the SSSD (you might need to rm the >>>>> cache as >>>>> SSSD doesn't really handle UID/GID changes very well yet). >>>>> >>>>> On the winbind side, I'm a little fuzzy on the details, but I >>>>> believe >>>>> this could be done with "winbind nss info" configuration option. >>>> The problem here is the use of winbind, I cannot get the idmap_ad >>>> backend to work at all, and idmap_rid gives a different uid >>>> from the >>>> Samba 4 server >>> So which mapper does the S4 server use? >> I do not know, I only know it is different from the S3 winbind. >> >>>>> From where I am 1) sounds like easier to implement since >>>>> all you'd be >>>>> >>>>> changing is sssd.conf >>>> I am being to think that the way forward is to stop winbind on >>>> the >>>> Samba 4 server and use sssd instead. >>> That is a noble goal and one which we wanted to accomplish in the >>> upcoming 1.10 release, but it was postponed to the next one: >>> https://fedorahosted.org/sssd/ticket/1534 >>> >>> The Samba server seems to be leveraging an interface only >>> winbind is >>> able to serve at the moment to convert SIDs to GIDs on the >>> server side. >>> >>> I don't know all the details, sorry, maybe on of the Samba >>> developers >>> lurking on this list would chime in. >> I don't understand this, by removing the S4 winbind links on the >> server and installing sssd 1.9.4, I appear to have got it to work, >> I now have consistent uid's & gid's without any real effort. > I had a short chat with the Samba Red Hat maintainer Andreas > Schneider > (CC-ed) and he advised against removing winbind from the server, > too. > > I'm sure he'll provide a more qualified answer than I can :-) Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code base and I think that I am right in saying that it will not start if the samba (AD) daemon is run.
That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
The other is built into the samba daemon and requires the creation of a couple of symlinks to use winbind in /etc/nsswitch.
What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
Rowland
Rowland
On 04/05/2013 03:15 PM, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote: > On 05/04/13 15:35, Jakub Hrozek wrote: >> On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>>>>> With the AD provider you shouldn't be needing any of the >>>>>> options >>>>>> below. >>>>>> The AD provider should just default to them. >>>>>> >>>>>> Is there a reason you are using password binds and not GSSAPI? >>>>> OK, I have removed all the lines you suggested and getent >>>>> stopped >>>>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>>> reason: >>>>> >>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>> [resolve_srv_send] >>>>> (0x0400): SRV resolution of service 'AD'. Will use DNS >>>>> discovery >>>>> domain 'DOMAIN' >>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>> [resolve_srv_cont] >>>>> (0x0100): Searching for servers via SRV query >>>>> '_ldap._tcp.DOMAIN' >>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>> [resolv_getsrv_send] >>>>> (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>> [request_watch_destructor] (0x0400): Deleting request watch >>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>> [resolve_srv_done] >>>>> (0x0020): SRV query failed: [Domain name not found] >>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>> [fo_set_port_status] >>>>> (0x0100): Marking port 0 of server '(no name)' as 'not working' >>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>> [set_srv_data_status] >>>>> (0x0100): Marking SRV lookup of service 'AD' as 'not resolved' >>>>> >>>>> It is trying to look up the samba domain name instead of the >>>>> the DNS >>>>> domain.name, re-adding the following line cures this: >>>>> >>>>> dns_discovery_domain = domain.lan >>>> I see, this is interesting. Does the value of >>>> dns_discovery_domain >>>> differ from the value of ad_domain? If not, then I would >>>> consider it a >>>> bug. >>> I must have misunderstood you, because I turned off 'ad_domain = >>> domain.lan'. I have now turned it back on again and turned off >>> the >>> dns_discovery_domain line and it still works. >>> >>>>>>> Rowland >>>>>> I think there are two options: >>>>>> 1) keep using the ID mapping and tailor the configuration of >>>>>> the ID >>>>>> mapper in the SSSD so that it generates the same output as >>>>>> the winbind >>>>>> mapper. We've done this before, it's not the nicest looking >>>>>> configuration, but it works. >>>>> What sssd ID mapping seems to do is, get the last part of >>>>> the SID >>>>> and add a number to the front of it, is this correct? and if so >>>>> where does the number come from? and is this the way Windows >>>>> does >>>>> it? >>>> Correct, The first number is a hashed value of the domain part >>>> of the >>>> SID >>>> and the "last part of the SID" is usually called the RID. >>>> >>>> Can you check if setting ldap_idmap_autorid_compat to True >>>> would yield >>>> the same IDs as winbind does? (Sorry I don't have a box with >>>> winbind >>>> handy and I always forget the details). >>> I have tried it and no it wouldn't, with S3 winbind I got: >>> >>> uid=21105(user) gid=20513(domain_users) >>> groups=20513(domain_users) >>> >>> With the line added into sssd.conf and winbind turned off, I now >>> get: >>> >>> uid=201105(user) gid=200513(domain_users) >>> groups=200513(domain_users) >>> >>>>> When you say 'the same output as the winbind mapper', which >>>>> winbind >>>>> are you refering to, the winbind on the Samba 4 server or the >>>>> winbind on the Samba 3 client? >>>> Both actually. You really want to have the IDs consistent >>>> everywhere. >>> That is the problem, the built into samba4 winbind returns >>> different >>> results: >>> >>> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >>> >>>>>> 2) Switch to using POSIX IDs instead of mapping them from >>>>>> SIDs with >>>>>> both >>>>>> winbind and SSSD. All that should be needed on the SSSD side >>>>>> is set: >>>>>> ldap_id_mapping = False >>>>>> to sssd.conf and restart the SSSD (you might need to rm the >>>>>> cache as >>>>>> SSSD doesn't really handle UID/GID changes very well yet). >>>>>> >>>>>> On the winbind side, I'm a little fuzzy on the details, but I >>>>>> believe >>>>>> this could be done with "winbind nss info" configuration >>>>>> option. >>>>> The problem here is the use of winbind, I cannot get the >>>>> idmap_ad >>>>> backend to work at all, and idmap_rid gives a different uid >>>>> from the >>>>> Samba 4 server >>>> So which mapper does the S4 server use? >>> I do not know, I only know it is different from the S3 winbind. >>> >>>>>> From where I am 1) sounds like easier to implement since >>>>>> all you'd be >>>>>> >>>>>> changing is sssd.conf >>>>> I am being to think that the way forward is to stop winbind on >>>>> the >>>>> Samba 4 server and use sssd instead. >>>> That is a noble goal and one which we wanted to accomplish in >>>> the >>>> upcoming 1.10 release, but it was postponed to the next one: >>>> https://fedorahosted.org/sssd/ticket/1534 >>>> >>>> The Samba server seems to be leveraging an interface only >>>> winbind is >>>> able to serve at the moment to convert SIDs to GIDs on the >>>> server side. >>>> >>>> I don't know all the details, sorry, maybe on of the Samba >>>> developers >>>> lurking on this list would chime in. >>> I don't understand this, by removing the S4 winbind links on the >>> server and installing sssd 1.9.4, I appear to have got it to >>> work, >>> I now have consistent uid's & gid's without any real effort. >> I had a short chat with the Samba Red Hat maintainer Andreas >> Schneider >> (CC-ed) and he advised against removing winbind from the server, >> too. >> >> I'm sure he'll provide a more qualified answer than I can :-) > Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code > base and > I think that I am right in saying that it will not start if the > samba > (AD) daemon is run. That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
> The other is built into the samba daemon and > requires the creation of a couple of symlinks to use winbind in > /etc/nsswitch. What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
Rowland
Rowland
This is really not my domain and some people on the list know much more than I but things like recognition of the transitive trusts, support of NTLM, CIFS integration, printing, all those areas require more advanced functionality than sssd can provide ATM. If you are not using these features you might be OK buy if you planning to and just have not tried them yet then we want to set your expectations that they would not work. How bad things will break? I do not know. I do not think we tried.
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote: >On 05/04/13 15:35, Jakub Hrozek wrote: >>On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >>>On 02/04/13 22:39, Jakub Hrozek wrote: >>>>On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>>>>>With the AD provider you shouldn't be needing any of the options >>>>>>below. >>>>>>The AD provider should just default to them. >>>>>> >>>>>>Is there a reason you are using password binds and not GSSAPI? >>>>>OK, I have removed all the lines you suggested and getent stopped >>>>>working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>>>reason: >>>>> >>>>>(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] >>>>>(0x0400): SRV resolution of service 'AD'. Will use DNS discovery >>>>>domain 'DOMAIN' >>>>>(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] >>>>>(0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' >>>>>(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>[resolv_getsrv_send] >>>>>(0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >>>>>(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>[request_watch_destructor] (0x0400): Deleting request watch >>>>>(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] >>>>>(0x0020): SRV query failed: [Domain name not found] >>>>>(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>[fo_set_port_status] >>>>>(0x0100): Marking port 0 of server '(no name)' as 'not working' >>>>>(Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>[set_srv_data_status] >>>>>(0x0100): Marking SRV lookup of service 'AD' as 'not resolved' >>>>> >>>>>It is trying to look up the samba domain name instead of the >>>>>the DNS >>>>>domain.name, re-adding the following line cures this: >>>>> >>>>>dns_discovery_domain = domain.lan >>>>I see, this is interesting. Does the value of dns_discovery_domain >>>>differ from the value of ad_domain? If not, then I would >>>>consider it a >>>>bug. >>>I must have misunderstood you, because I turned off 'ad_domain = >>>domain.lan'. I have now turned it back on again and turned off the >>>dns_discovery_domain line and it still works. >>> >>>>>>>Rowland >>>>>>I think there are two options: >>>>>>1) keep using the ID mapping and tailor the configuration of >>>>>>the ID >>>>>>mapper in the SSSD so that it generates the same output as >>>>>>the winbind >>>>>>mapper. We've done this before, it's not the nicest looking >>>>>>configuration, but it works. >>>>>What sssd ID mapping seems to do is, get the last part of the SID >>>>>and add a number to the front of it, is this correct? and if so >>>>>where does the number come from? and is this the way Windows does >>>>>it? >>>>Correct, The first number is a hashed value of the domain part >>>>of the >>>>SID >>>>and the "last part of the SID" is usually called the RID. >>>> >>>>Can you check if setting ldap_idmap_autorid_compat to True >>>>would yield >>>>the same IDs as winbind does? (Sorry I don't have a box with >>>>winbind >>>>handy and I always forget the details). >>>I have tried it and no it wouldn't, with S3 winbind I got: >>> >>>uid=21105(user) gid=20513(domain_users) groups=20513(domain_users) >>> >>>With the line added into sssd.conf and winbind turned off, I now >>>get: >>> >>>uid=201105(user) gid=200513(domain_users) >>>groups=200513(domain_users) >>> >>>>>When you say 'the same output as the winbind mapper', which >>>>>winbind >>>>>are you refering to, the winbind on the Samba 4 server or the >>>>>winbind on the Samba 3 client? >>>>Both actually. You really want to have the IDs consistent >>>>everywhere. >>>That is the problem, the built into samba4 winbind returns >>>different >>>results: >>> >>>uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >>> >>>>>>2) Switch to using POSIX IDs instead of mapping them from >>>>>>SIDs with >>>>>>both >>>>>>winbind and SSSD. All that should be needed on the SSSD side >>>>>>is set: >>>>>>ldap_id_mapping = False >>>>>>to sssd.conf and restart the SSSD (you might need to rm the >>>>>>cache as >>>>>>SSSD doesn't really handle UID/GID changes very well yet). >>>>>> >>>>>>On the winbind side, I'm a little fuzzy on the details, but I >>>>>>believe >>>>>>this could be done with "winbind nss info" configuration option. >>>>>The problem here is the use of winbind, I cannot get the idmap_ad >>>>>backend to work at all, and idmap_rid gives a different uid >>>>>from the >>>>>Samba 4 server >>>>So which mapper does the S4 server use? >>>I do not know, I only know it is different from the S3 winbind. >>> >>>>>> From where I am 1) sounds like easier to implement since >>>>>>all you'd be >>>>>> >>>>>>changing is sssd.conf >>>>>I am being to think that the way forward is to stop winbind on >>>>>the >>>>>Samba 4 server and use sssd instead. >>>>That is a noble goal and one which we wanted to accomplish in the >>>>upcoming 1.10 release, but it was postponed to the next one: >>>>https://fedorahosted.org/sssd/ticket/1534 >>>> >>>>The Samba server seems to be leveraging an interface only >>>>winbind is >>>>able to serve at the moment to convert SIDs to GIDs on the >>>>server side. >>>> >>>>I don't know all the details, sorry, maybe on of the Samba >>>>developers >>>>lurking on this list would chime in. >>>I don't understand this, by removing the S4 winbind links on the >>>server and installing sssd 1.9.4, I appear to have got it to work, >>>I now have consistent uid's & gid's without any real effort. >>I had a short chat with the Samba Red Hat maintainer Andreas >>Schneider >>(CC-ed) and he advised against removing winbind from the server, >>too. >> >>I'm sure he'll provide a more qualified answer than I can :-) >Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code >base and >I think that I am right in saying that it will not start if the samba >(AD) daemon is run. That's correct and the DC needs the 'builtin' winbind daemon for the DC to function. It will not work with the s3fs winbind.
>The other is built into the samba daemon and >requires the creation of a couple of symlinks to use winbind in >/etc/nsswitch. What do you mean here?
If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
There is an interface for SID to name conversion in Samba and currently only winbind implements the interface. We wanted to have a compatible implementation done for 1.10 but we're probably not going to make it.
I don't know exactly from the top of my head what functionality the samba server uses this interface for. Maybe Andreas or Sumit know?
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
On 08/04/13 11:39, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote: > On Friday 05 April 2013 15:54:41 Rowland Penny wrote: >> On 05/04/13 15:35, Jakub Hrozek wrote: >>> On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >>>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>>> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>>>>>> With the AD provider you shouldn't be needing any of the options >>>>>>> below. >>>>>>> The AD provider should just default to them. >>>>>>> >>>>>>> Is there a reason you are using password binds and not GSSAPI? >>>>>> OK, I have removed all the lines you suggested and getent stopped >>>>>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>>>> reason: >>>>>> >>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_send] >>>>>> (0x0400): SRV resolution of service 'AD'. Will use DNS discovery >>>>>> domain 'DOMAIN' >>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_cont] >>>>>> (0x0100): Searching for servers via SRV query '_ldap._tcp.DOMAIN' >>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>> [resolv_getsrv_send] >>>>>> (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>> [request_watch_destructor] (0x0400): Deleting request watch >>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] [resolve_srv_done] >>>>>> (0x0020): SRV query failed: [Domain name not found] >>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>> [fo_set_port_status] >>>>>> (0x0100): Marking port 0 of server '(no name)' as 'not working' >>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>> [set_srv_data_status] >>>>>> (0x0100): Marking SRV lookup of service 'AD' as 'not resolved' >>>>>> >>>>>> It is trying to look up the samba domain name instead of the >>>>>> the DNS >>>>>> domain.name, re-adding the following line cures this: >>>>>> >>>>>> dns_discovery_domain = domain.lan >>>>> I see, this is interesting. Does the value of dns_discovery_domain >>>>> differ from the value of ad_domain? If not, then I would >>>>> consider it a >>>>> bug. >>>> I must have misunderstood you, because I turned off 'ad_domain = >>>> domain.lan'. I have now turned it back on again and turned off the >>>> dns_discovery_domain line and it still works. >>>> >>>>>>>> Rowland >>>>>>> I think there are two options: >>>>>>> 1) keep using the ID mapping and tailor the configuration of >>>>>>> the ID >>>>>>> mapper in the SSSD so that it generates the same output as >>>>>>> the winbind >>>>>>> mapper. We've done this before, it's not the nicest looking >>>>>>> configuration, but it works. >>>>>> What sssd ID mapping seems to do is, get the last part of the SID >>>>>> and add a number to the front of it, is this correct? and if so >>>>>> where does the number come from? and is this the way Windows does >>>>>> it? >>>>> Correct, The first number is a hashed value of the domain part >>>>> of the >>>>> SID >>>>> and the "last part of the SID" is usually called the RID. >>>>> >>>>> Can you check if setting ldap_idmap_autorid_compat to True >>>>> would yield >>>>> the same IDs as winbind does? (Sorry I don't have a box with >>>>> winbind >>>>> handy and I always forget the details). >>>> I have tried it and no it wouldn't, with S3 winbind I got: >>>> >>>> uid=21105(user) gid=20513(domain_users) groups=20513(domain_users) >>>> >>>> With the line added into sssd.conf and winbind turned off, I now >>>> get: >>>> >>>> uid=201105(user) gid=200513(domain_users) >>>> groups=200513(domain_users) >>>> >>>>>> When you say 'the same output as the winbind mapper', which >>>>>> winbind >>>>>> are you refering to, the winbind on the Samba 4 server or the >>>>>> winbind on the Samba 3 client? >>>>> Both actually. You really want to have the IDs consistent >>>>> everywhere. >>>> That is the problem, the built into samba4 winbind returns >>>> different >>>> results: >>>> >>>> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >>>> >>>>>>> 2) Switch to using POSIX IDs instead of mapping them from >>>>>>> SIDs with >>>>>>> both >>>>>>> winbind and SSSD. All that should be needed on the SSSD side >>>>>>> is set: >>>>>>> ldap_id_mapping = False >>>>>>> to sssd.conf and restart the SSSD (you might need to rm the >>>>>>> cache as >>>>>>> SSSD doesn't really handle UID/GID changes very well yet). >>>>>>> >>>>>>> On the winbind side, I'm a little fuzzy on the details, but I >>>>>>> believe >>>>>>> this could be done with "winbind nss info" configuration option. >>>>>> The problem here is the use of winbind, I cannot get the idmap_ad >>>>>> backend to work at all, and idmap_rid gives a different uid >>>>> >from the >>>>>> Samba 4 server >>>>> So which mapper does the S4 server use? >>>> I do not know, I only know it is different from the S3 winbind. >>>> >>>>>>> From where I am 1) sounds like easier to implement since >>>>>>> all you'd be >>>>>>> >>>>>>> changing is sssd.conf >>>>>> I am being to think that the way forward is to stop winbind on >>>>>> the >>>>>> Samba 4 server and use sssd instead. >>>>> That is a noble goal and one which we wanted to accomplish in the >>>>> upcoming 1.10 release, but it was postponed to the next one: >>>>> https://fedorahosted.org/sssd/ticket/1534 >>>>> >>>>> The Samba server seems to be leveraging an interface only >>>>> winbind is >>>>> able to serve at the moment to convert SIDs to GIDs on the >>>>> server side. >>>>> >>>>> I don't know all the details, sorry, maybe on of the Samba >>>>> developers >>>>> lurking on this list would chime in. >>>> I don't understand this, by removing the S4 winbind links on the >>>> server and installing sssd 1.9.4, I appear to have got it to work, >>>> I now have consistent uid's & gid's without any real effort. >>> I had a short chat with the Samba Red Hat maintainer Andreas >>> Schneider >>> (CC-ed) and he advised against removing winbind from the server, >>> too. >>> >>> I'm sure he'll provide a more qualified answer than I can :-) >> Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code >> base and >> I think that I am right in saying that it will not start if the samba >> (AD) daemon is run. > That's correct and the DC needs the 'builtin' winbind daemon for > the DC to > function. It will not work with the s3fs winbind. > >> The other is built into the samba daemon and >> requires the creation of a couple of symlinks to use winbind in >> /etc/nsswitch. > What do you mean here? If, as I do, you compile Samba 4, you have to create a couple of symlinks:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Without these, you do not get any domain users etc from getent.
Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
There is an interface for SID to name conversion in Samba and currently only winbind implements the interface. We wanted to have a compatible implementation done for 1.10 but we're probably not going to make it.
I don't know exactly from the top of my head what functionality the samba server uses this interface for. Maybe Andreas or Sumit know?
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I admit it, I was wrong, you cannot use sssd ad mode on a Samba 4 server instead of winbind.
Everything seemed to work ok until I tried to use cifs to mount the users homedirectory from the S4 server. It mounted ok and if you checked the user permissions on the the server & client they matched, both names & uid's. Getfacl showed that the user should be able to write to the share, only the user couldn't, the user had no rights to their own directory. I can only assume that cifs somehow uses winbind on the server and gets the uidnumbers that S4 winbind gives, these are different to what sssd comes up with.
What (so far) seems to work is: use winbind on the S4 server, set the uidNumber & gidNumber etc in the S4 LDAP for the users, no need for posix objectclasses. Then set up sssd on the linux clients to pull from ldap using kerberos.
Rowland
On 04/11/2013 10:00 AM, Rowland Penny wrote:
On 08/04/13 11:39, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote: > On 05/04/13 17:05, Andreas Schneider wrote: >> On Friday 05 April 2013 15:54:41 Rowland Penny wrote: >>> On 05/04/13 15:35, Jakub Hrozek wrote: >>>> On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >>>>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>>>> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>>>>>>> With the AD provider you shouldn't be needing any of the >>>>>>>> options >>>>>>>> below. >>>>>>>> The AD provider should just default to them. >>>>>>>> >>>>>>>> Is there a reason you are using password binds and not >>>>>>>> GSSAPI? >>>>>>> OK, I have removed all the lines you suggested and getent >>>>>>> stopped >>>>>>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>>>>> reason: >>>>>>> >>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>> [resolve_srv_send] >>>>>>> (0x0400): SRV resolution of service 'AD'. Will use DNS >>>>>>> discovery >>>>>>> domain 'DOMAIN' >>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>> [resolve_srv_cont] >>>>>>> (0x0100): Searching for servers via SRV query >>>>>>> '_ldap._tcp.DOMAIN' >>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>> [resolv_getsrv_send] >>>>>>> (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>> [request_watch_destructor] (0x0400): Deleting request watch >>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>> [resolve_srv_done] >>>>>>> (0x0020): SRV query failed: [Domain name not found] >>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>> [fo_set_port_status] >>>>>>> (0x0100): Marking port 0 of server '(no name)' as 'not >>>>>>> working' >>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>> [set_srv_data_status] >>>>>>> (0x0100): Marking SRV lookup of service 'AD' as 'not >>>>>>> resolved' >>>>>>> >>>>>>> It is trying to look up the samba domain name instead of the >>>>>>> the DNS >>>>>>> domain.name, re-adding the following line cures this: >>>>>>> >>>>>>> dns_discovery_domain = domain.lan >>>>>> I see, this is interesting. Does the value of >>>>>> dns_discovery_domain >>>>>> differ from the value of ad_domain? If not, then I would >>>>>> consider it a >>>>>> bug. >>>>> I must have misunderstood you, because I turned off >>>>> 'ad_domain = >>>>> domain.lan'. I have now turned it back on again and turned >>>>> off the >>>>> dns_discovery_domain line and it still works. >>>>> >>>>>>>>> Rowland >>>>>>>> I think there are two options: >>>>>>>> 1) keep using the ID mapping and tailor the configuration of >>>>>>>> the ID >>>>>>>> mapper in the SSSD so that it generates the same output as >>>>>>>> the winbind >>>>>>>> mapper. We've done this before, it's not the nicest looking >>>>>>>> configuration, but it works. >>>>>>> What sssd ID mapping seems to do is, get the last part of >>>>>>> the SID >>>>>>> and add a number to the front of it, is this correct? and >>>>>>> if so >>>>>>> where does the number come from? and is this the way >>>>>>> Windows does >>>>>>> it? >>>>>> Correct, The first number is a hashed value of the domain part >>>>>> of the >>>>>> SID >>>>>> and the "last part of the SID" is usually called the RID. >>>>>> >>>>>> Can you check if setting ldap_idmap_autorid_compat to True >>>>>> would yield >>>>>> the same IDs as winbind does? (Sorry I don't have a box with >>>>>> winbind >>>>>> handy and I always forget the details). >>>>> I have tried it and no it wouldn't, with S3 winbind I got: >>>>> >>>>> uid=21105(user) gid=20513(domain_users) >>>>> groups=20513(domain_users) >>>>> >>>>> With the line added into sssd.conf and winbind turned off, I >>>>> now >>>>> get: >>>>> >>>>> uid=201105(user) gid=200513(domain_users) >>>>> groups=200513(domain_users) >>>>> >>>>>>> When you say 'the same output as the winbind mapper', which >>>>>>> winbind >>>>>>> are you refering to, the winbind on the Samba 4 server or the >>>>>>> winbind on the Samba 3 client? >>>>>> Both actually. You really want to have the IDs consistent >>>>>> everywhere. >>>>> That is the problem, the built into samba4 winbind returns >>>>> different >>>>> results: >>>>> >>>>> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >>>>> >>>>>>>> 2) Switch to using POSIX IDs instead of mapping them from >>>>>>>> SIDs with >>>>>>>> both >>>>>>>> winbind and SSSD. All that should be needed on the SSSD side >>>>>>>> is set: >>>>>>>> ldap_id_mapping = False >>>>>>>> to sssd.conf and restart the SSSD (you might need to rm the >>>>>>>> cache as >>>>>>>> SSSD doesn't really handle UID/GID changes very well yet). >>>>>>>> >>>>>>>> On the winbind side, I'm a little fuzzy on the details, >>>>>>>> but I >>>>>>>> believe >>>>>>>> this could be done with "winbind nss info" configuration >>>>>>>> option. >>>>>>> The problem here is the use of winbind, I cannot get the >>>>>>> idmap_ad >>>>>>> backend to work at all, and idmap_rid gives a different uid >>>>>> >from the >>>>>>> Samba 4 server >>>>>> So which mapper does the S4 server use? >>>>> I do not know, I only know it is different from the S3 winbind. >>>>> >>>>>>>> From where I am 1) sounds like easier to implement since >>>>>>>> all you'd be >>>>>>>> >>>>>>>> changing is sssd.conf >>>>>>> I am being to think that the way forward is to stop >>>>>>> winbind on >>>>>>> the >>>>>>> Samba 4 server and use sssd instead. >>>>>> That is a noble goal and one which we wanted to accomplish >>>>>> in the >>>>>> upcoming 1.10 release, but it was postponed to the next one: >>>>>> https://fedorahosted.org/sssd/ticket/1534 >>>>>> >>>>>> The Samba server seems to be leveraging an interface only >>>>>> winbind is >>>>>> able to serve at the moment to convert SIDs to GIDs on the >>>>>> server side. >>>>>> >>>>>> I don't know all the details, sorry, maybe on of the Samba >>>>>> developers >>>>>> lurking on this list would chime in. >>>>> I don't understand this, by removing the S4 winbind links on >>>>> the >>>>> server and installing sssd 1.9.4, I appear to have got it >>>>> to work, >>>>> I now have consistent uid's & gid's without any real effort. >>>> I had a short chat with the Samba Red Hat maintainer Andreas >>>> Schneider >>>> (CC-ed) and he advised against removing winbind from the server, >>>> too. >>>> >>>> I'm sure he'll provide a more qualified answer than I can :-) >>> Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code >>> base and >>> I think that I am right in saying that it will not start if >>> the samba >>> (AD) daemon is run. >> That's correct and the DC needs the 'builtin' winbind daemon for >> the DC to >> function. It will not work with the s3fs winbind. >> >>> The other is built into the samba daemon and >>> requires the creation of a couple of symlinks to use winbind in >>> /etc/nsswitch. >> What do you mean here? > If, as I do, you compile Samba 4, you have to create a couple of > symlinks: > > ln -s /usr/local/samba/lib/libnss_winbind.so.2 > /lib/libnss_winbind.so > ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 > > Without these, you do not get any domain users etc from getent. > Truth be told, I've never compiled Samba from scratch myself, but the nssswitch libraries must be installed to /lib{,64}, are you sure there isn't just a configure time switch for that?
If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
There is an interface for SID to name conversion in Samba and currently only winbind implements the interface. We wanted to have a compatible implementation done for 1.10 but we're probably not going to make it.
I don't know exactly from the top of my head what functionality the samba server uses this interface for. Maybe Andreas or Sumit know?
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I admit it, I was wrong, you cannot use sssd ad mode on a Samba 4 server instead of winbind.
Everything seemed to work ok until I tried to use cifs to mount the users homedirectory from the S4 server. It mounted ok and if you checked the user permissions on the the server & client they matched, both names & uid's. Getfacl showed that the user should be able to write to the share, only the user couldn't, the user had no rights to their own directory. I can only assume that cifs somehow uses winbind on the server and gets the uidnumbers that S4 winbind gives, these are different to what sssd comes up with.
What (so far) seems to work is: use winbind on the S4 server, set the uidNumber & gidNumber etc in the S4 LDAP for the users, no need for posix objectclasses. Then set up sssd on the linux clients to pull from ldap using kerberos.
Rowland
Yes that would work however another scenario that we expect to more or less work is: S4 DS + winbind on the server side using rid ID mapping algorythm, no UID/GID in LDAP, client is SSSD 1.9 with AD back end and id mapping used.
That should work. What would fail are some client side utilities that grew some interfaces to the winbind. But we plan to address them down the road.
Thanks for investigation! It is a valuable information for us.
On 11/04/13 18:49, Dmitri Pal wrote:
On 04/11/2013 10:00 AM, Rowland Penny wrote:
On 08/04/13 11:39, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote: > On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote: >> On 05/04/13 17:05, Andreas Schneider wrote: >>> On Friday 05 April 2013 15:54:41 Rowland Penny wrote: >>>> On 05/04/13 15:35, Jakub Hrozek wrote: >>>>> On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >>>>>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>>>>> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny wrote: >>>>>>>>> With the AD provider you shouldn't be needing any of the >>>>>>>>> options >>>>>>>>> below. >>>>>>>>> The AD provider should just default to them. >>>>>>>>> >>>>>>>>> Is there a reason you are using password binds and not >>>>>>>>> GSSAPI? >>>>>>>> OK, I have removed all the lines you suggested and getent >>>>>>>> stopped >>>>>>>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>>>>>> reason: >>>>>>>> >>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>> [resolve_srv_send] >>>>>>>> (0x0400): SRV resolution of service 'AD'. Will use DNS >>>>>>>> discovery >>>>>>>> domain 'DOMAIN' >>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>> [resolve_srv_cont] >>>>>>>> (0x0100): Searching for servers via SRV query >>>>>>>> '_ldap._tcp.DOMAIN' >>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>> [resolv_getsrv_send] >>>>>>>> (0x0100): Trying to resolve SRV record of '_ldap._tcp.DOMAIN' >>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>> [request_watch_destructor] (0x0400): Deleting request watch >>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>> [resolve_srv_done] >>>>>>>> (0x0020): SRV query failed: [Domain name not found] >>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>> [fo_set_port_status] >>>>>>>> (0x0100): Marking port 0 of server '(no name)' as 'not >>>>>>>> working' >>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>> [set_srv_data_status] >>>>>>>> (0x0100): Marking SRV lookup of service 'AD' as 'not >>>>>>>> resolved' >>>>>>>> >>>>>>>> It is trying to look up the samba domain name instead of the >>>>>>>> the DNS >>>>>>>> domain.name, re-adding the following line cures this: >>>>>>>> >>>>>>>> dns_discovery_domain = domain.lan >>>>>>> I see, this is interesting. Does the value of >>>>>>> dns_discovery_domain >>>>>>> differ from the value of ad_domain? If not, then I would >>>>>>> consider it a >>>>>>> bug. >>>>>> I must have misunderstood you, because I turned off >>>>>> 'ad_domain = >>>>>> domain.lan'. I have now turned it back on again and turned >>>>>> off the >>>>>> dns_discovery_domain line and it still works. >>>>>> >>>>>>>>>> Rowland >>>>>>>>> I think there are two options: >>>>>>>>> 1) keep using the ID mapping and tailor the configuration of >>>>>>>>> the ID >>>>>>>>> mapper in the SSSD so that it generates the same output as >>>>>>>>> the winbind >>>>>>>>> mapper. We've done this before, it's not the nicest looking >>>>>>>>> configuration, but it works. >>>>>>>> What sssd ID mapping seems to do is, get the last part of >>>>>>>> the SID >>>>>>>> and add a number to the front of it, is this correct? and >>>>>>>> if so >>>>>>>> where does the number come from? and is this the way >>>>>>>> Windows does >>>>>>>> it? >>>>>>> Correct, The first number is a hashed value of the domain part >>>>>>> of the >>>>>>> SID >>>>>>> and the "last part of the SID" is usually called the RID. >>>>>>> >>>>>>> Can you check if setting ldap_idmap_autorid_compat to True >>>>>>> would yield >>>>>>> the same IDs as winbind does? (Sorry I don't have a box with >>>>>>> winbind >>>>>>> handy and I always forget the details). >>>>>> I have tried it and no it wouldn't, with S3 winbind I got: >>>>>> >>>>>> uid=21105(user) gid=20513(domain_users) >>>>>> groups=20513(domain_users) >>>>>> >>>>>> With the line added into sssd.conf and winbind turned off, I >>>>>> now >>>>>> get: >>>>>> >>>>>> uid=201105(user) gid=200513(domain_users) >>>>>> groups=200513(domain_users) >>>>>> >>>>>>>> When you say 'the same output as the winbind mapper', which >>>>>>>> winbind >>>>>>>> are you refering to, the winbind on the Samba 4 server or the >>>>>>>> winbind on the Samba 3 client? >>>>>>> Both actually. You really want to have the IDs consistent >>>>>>> everywhere. >>>>>> That is the problem, the built into samba4 winbind returns >>>>>> different >>>>>> results: >>>>>> >>>>>> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >>>>>> >>>>>>>>> 2) Switch to using POSIX IDs instead of mapping them from >>>>>>>>> SIDs with >>>>>>>>> both >>>>>>>>> winbind and SSSD. All that should be needed on the SSSD side >>>>>>>>> is set: >>>>>>>>> ldap_id_mapping = False >>>>>>>>> to sssd.conf and restart the SSSD (you might need to rm the >>>>>>>>> cache as >>>>>>>>> SSSD doesn't really handle UID/GID changes very well yet). >>>>>>>>> >>>>>>>>> On the winbind side, I'm a little fuzzy on the details, >>>>>>>>> but I >>>>>>>>> believe >>>>>>>>> this could be done with "winbind nss info" configuration >>>>>>>>> option. >>>>>>>> The problem here is the use of winbind, I cannot get the >>>>>>>> idmap_ad >>>>>>>> backend to work at all, and idmap_rid gives a different uid >>>>>>> >from the >>>>>>>> Samba 4 server >>>>>>> So which mapper does the S4 server use? >>>>>> I do not know, I only know it is different from the S3 winbind. >>>>>> >>>>>>>>> From where I am 1) sounds like easier to implement since >>>>>>>>> all you'd be >>>>>>>>> >>>>>>>>> changing is sssd.conf >>>>>>>> I am being to think that the way forward is to stop >>>>>>>> winbind on >>>>>>>> the >>>>>>>> Samba 4 server and use sssd instead. >>>>>>> That is a noble goal and one which we wanted to accomplish >>>>>>> in the >>>>>>> upcoming 1.10 release, but it was postponed to the next one: >>>>>>> https://fedorahosted.org/sssd/ticket/1534 >>>>>>> >>>>>>> The Samba server seems to be leveraging an interface only >>>>>>> winbind is >>>>>>> able to serve at the moment to convert SIDs to GIDs on the >>>>>>> server side. >>>>>>> >>>>>>> I don't know all the details, sorry, maybe on of the Samba >>>>>>> developers >>>>>>> lurking on this list would chime in. >>>>>> I don't understand this, by removing the S4 winbind links on >>>>>> the >>>>>> server and installing sssd 1.9.4, I appear to have got it >>>>>> to work, >>>>>> I now have consistent uid's & gid's without any real effort. >>>>> I had a short chat with the Samba Red Hat maintainer Andreas >>>>> Schneider >>>>> (CC-ed) and he advised against removing winbind from the server, >>>>> too. >>>>> >>>>> I'm sure he'll provide a more qualified answer than I can :-) >>>> Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code >>>> base and >>>> I think that I am right in saying that it will not start if >>>> the samba >>>> (AD) daemon is run. >>> That's correct and the DC needs the 'builtin' winbind daemon for >>> the DC to >>> function. It will not work with the s3fs winbind. >>> >>>> The other is built into the samba daemon and >>>> requires the creation of a couple of symlinks to use winbind in >>>> /etc/nsswitch. >>> What do you mean here? >> If, as I do, you compile Samba 4, you have to create a couple of >> symlinks: >> >> ln -s /usr/local/samba/lib/libnss_winbind.so.2 >> /lib/libnss_winbind.so >> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 >> >> Without these, you do not get any domain users etc from getent. >> > Truth be told, I've never compiled Samba from scratch myself, but > the > nssswitch libraries must be installed to /lib{,64}, are you sure > there > isn't just a configure time switch for that? > > If you are talking about libnss_winbind.so, then as far as I know, no there isn't, you just have to create the two symlinks and add 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it works. If you do add the links etc then sssd does not work on the S4 server. As sssd seems to work better than winbind then I shall continue to use it, but what I cannot understand is why do I seem to get the feeling that you are trying to talk me out of using sssd.
Rowland
On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
There is an interface for SID to name conversion in Samba and currently only winbind implements the interface. We wanted to have a compatible implementation done for 1.10 but we're probably not going to make it.
I don't know exactly from the top of my head what functionality the samba server uses this interface for. Maybe Andreas or Sumit know?
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I admit it, I was wrong, you cannot use sssd ad mode on a Samba 4 server instead of winbind.
Everything seemed to work ok until I tried to use cifs to mount the users homedirectory from the S4 server. It mounted ok and if you checked the user permissions on the the server & client they matched, both names & uid's. Getfacl showed that the user should be able to write to the share, only the user couldn't, the user had no rights to their own directory. I can only assume that cifs somehow uses winbind on the server and gets the uidnumbers that S4 winbind gives, these are different to what sssd comes up with.
What (so far) seems to work is: use winbind on the S4 server, set the uidNumber & gidNumber etc in the S4 LDAP for the users, no need for posix objectclasses. Then set up sssd on the linux clients to pull from ldap using kerberos.
Rowland
Yes that would work however another scenario that we expect to more or less work is: S4 DS + winbind on the server side using rid ID mapping algorythm, no UID/GID in LDAP, client is SSSD 1.9 with AD back end and id mapping used.
You have lost me there, are you referring to the S4 winbind built into the S4 samba daemon? if so, there does not seem to be any documentation anywhere that I can find. As I said, I tried to get winbind on the clients working with both id_map rid & ad backends and could not get either to work. Whatever I use, has to come up with the same UID/GID that the S4 winbind does, because that is what the unix server seems to require. In fact I will state it plainly, whatever is used must produce exactly the same Unix information as the S4 winbind.
Rowland
That should work. What would fail are some client side utilities that grew some interfaces to the winbind. But we plan to address them down the road.
Thanks for investigation! It is a valuable information for us.
On 04/11/2013 02:30 PM, Rowland Penny wrote:
On 11/04/13 18:49, Dmitri Pal wrote:
On 04/11/2013 10:00 AM, Rowland Penny wrote:
On 08/04/13 11:39, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote: > On 05/04/13 19:00, Jakub Hrozek wrote: >> On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote: >>> On 05/04/13 17:05, Andreas Schneider wrote: >>>> On Friday 05 April 2013 15:54:41 Rowland Penny wrote: >>>>> On 05/04/13 15:35, Jakub Hrozek wrote: >>>>>> On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >>>>>>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>>>>>> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny >>>>>>>> wrote: >>>>>>>>>> With the AD provider you shouldn't be needing any of the >>>>>>>>>> options >>>>>>>>>> below. >>>>>>>>>> The AD provider should just default to them. >>>>>>>>>> >>>>>>>>>> Is there a reason you are using password binds and not >>>>>>>>>> GSSAPI? >>>>>>>>> OK, I have removed all the lines you suggested and getent >>>>>>>>> stopped >>>>>>>>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>>>>>>> reason: >>>>>>>>> >>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>> [resolve_srv_send] >>>>>>>>> (0x0400): SRV resolution of service 'AD'. Will use DNS >>>>>>>>> discovery >>>>>>>>> domain 'DOMAIN' >>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>> [resolve_srv_cont] >>>>>>>>> (0x0100): Searching for servers via SRV query >>>>>>>>> '_ldap._tcp.DOMAIN' >>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>> [resolv_getsrv_send] >>>>>>>>> (0x0100): Trying to resolve SRV record of >>>>>>>>> '_ldap._tcp.DOMAIN' >>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>> [request_watch_destructor] (0x0400): Deleting request watch >>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>> [resolve_srv_done] >>>>>>>>> (0x0020): SRV query failed: [Domain name not found] >>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>> [fo_set_port_status] >>>>>>>>> (0x0100): Marking port 0 of server '(no name)' as 'not >>>>>>>>> working' >>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>> [set_srv_data_status] >>>>>>>>> (0x0100): Marking SRV lookup of service 'AD' as 'not >>>>>>>>> resolved' >>>>>>>>> >>>>>>>>> It is trying to look up the samba domain name instead of >>>>>>>>> the >>>>>>>>> the DNS >>>>>>>>> domain.name, re-adding the following line cures this: >>>>>>>>> >>>>>>>>> dns_discovery_domain = domain.lan >>>>>>>> I see, this is interesting. Does the value of >>>>>>>> dns_discovery_domain >>>>>>>> differ from the value of ad_domain? If not, then I would >>>>>>>> consider it a >>>>>>>> bug. >>>>>>> I must have misunderstood you, because I turned off >>>>>>> 'ad_domain = >>>>>>> domain.lan'. I have now turned it back on again and turned >>>>>>> off the >>>>>>> dns_discovery_domain line and it still works. >>>>>>> >>>>>>>>>>> Rowland >>>>>>>>>> I think there are two options: >>>>>>>>>> 1) keep using the ID mapping and tailor the >>>>>>>>>> configuration of >>>>>>>>>> the ID >>>>>>>>>> mapper in the SSSD so that it generates the same output as >>>>>>>>>> the winbind >>>>>>>>>> mapper. We've done this before, it's not the nicest >>>>>>>>>> looking >>>>>>>>>> configuration, but it works. >>>>>>>>> What sssd ID mapping seems to do is, get the last part of >>>>>>>>> the SID >>>>>>>>> and add a number to the front of it, is this correct? and >>>>>>>>> if so >>>>>>>>> where does the number come from? and is this the way >>>>>>>>> Windows does >>>>>>>>> it? >>>>>>>> Correct, The first number is a hashed value of the domain >>>>>>>> part >>>>>>>> of the >>>>>>>> SID >>>>>>>> and the "last part of the SID" is usually called the RID. >>>>>>>> >>>>>>>> Can you check if setting ldap_idmap_autorid_compat to True >>>>>>>> would yield >>>>>>>> the same IDs as winbind does? (Sorry I don't have a box with >>>>>>>> winbind >>>>>>>> handy and I always forget the details). >>>>>>> I have tried it and no it wouldn't, with S3 winbind I got: >>>>>>> >>>>>>> uid=21105(user) gid=20513(domain_users) >>>>>>> groups=20513(domain_users) >>>>>>> >>>>>>> With the line added into sssd.conf and winbind turned off, I >>>>>>> now >>>>>>> get: >>>>>>> >>>>>>> uid=201105(user) gid=200513(domain_users) >>>>>>> groups=200513(domain_users) >>>>>>> >>>>>>>>> When you say 'the same output as the winbind mapper', which >>>>>>>>> winbind >>>>>>>>> are you refering to, the winbind on the Samba 4 server >>>>>>>>> or the >>>>>>>>> winbind on the Samba 3 client? >>>>>>>> Both actually. You really want to have the IDs consistent >>>>>>>> everywhere. >>>>>>> That is the problem, the built into samba4 winbind returns >>>>>>> different >>>>>>> results: >>>>>>> >>>>>>> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >>>>>>> >>>>>>>>>> 2) Switch to using POSIX IDs instead of mapping them from >>>>>>>>>> SIDs with >>>>>>>>>> both >>>>>>>>>> winbind and SSSD. All that should be needed on the SSSD >>>>>>>>>> side >>>>>>>>>> is set: >>>>>>>>>> ldap_id_mapping = False >>>>>>>>>> to sssd.conf and restart the SSSD (you might need to rm >>>>>>>>>> the >>>>>>>>>> cache as >>>>>>>>>> SSSD doesn't really handle UID/GID changes very well yet). >>>>>>>>>> >>>>>>>>>> On the winbind side, I'm a little fuzzy on the details, >>>>>>>>>> but I >>>>>>>>>> believe >>>>>>>>>> this could be done with "winbind nss info" configuration >>>>>>>>>> option. >>>>>>>>> The problem here is the use of winbind, I cannot get the >>>>>>>>> idmap_ad >>>>>>>>> backend to work at all, and idmap_rid gives a different uid >>>>>>>> >from the >>>>>>>>> Samba 4 server >>>>>>>> So which mapper does the S4 server use? >>>>>>> I do not know, I only know it is different from the S3 >>>>>>> winbind. >>>>>>> >>>>>>>>>> From where I am 1) sounds like easier to implement >>>>>>>>>> since >>>>>>>>>> all you'd be >>>>>>>>>> >>>>>>>>>> changing is sssd.conf >>>>>>>>> I am being to think that the way forward is to stop >>>>>>>>> winbind on >>>>>>>>> the >>>>>>>>> Samba 4 server and use sssd instead. >>>>>>>> That is a noble goal and one which we wanted to accomplish >>>>>>>> in the >>>>>>>> upcoming 1.10 release, but it was postponed to the next one: >>>>>>>> https://fedorahosted.org/sssd/ticket/1534 >>>>>>>> >>>>>>>> The Samba server seems to be leveraging an interface only >>>>>>>> winbind is >>>>>>>> able to serve at the moment to convert SIDs to GIDs on the >>>>>>>> server side. >>>>>>>> >>>>>>>> I don't know all the details, sorry, maybe on of the Samba >>>>>>>> developers >>>>>>>> lurking on this list would chime in. >>>>>>> I don't understand this, by removing the S4 winbind links on >>>>>>> the >>>>>>> server and installing sssd 1.9.4, I appear to have got it >>>>>>> to work, >>>>>>> I now have consistent uid's & gid's without any real effort. >>>>>> I had a short chat with the Samba Red Hat maintainer Andreas >>>>>> Schneider >>>>>> (CC-ed) and he advised against removing winbind from the >>>>>> server, >>>>>> too. >>>>>> >>>>>> I'm sure he'll provide a more qualified answer than I can :-) >>>>> Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code >>>>> base and >>>>> I think that I am right in saying that it will not start if >>>>> the samba >>>>> (AD) daemon is run. >>>> That's correct and the DC needs the 'builtin' winbind daemon for >>>> the DC to >>>> function. It will not work with the s3fs winbind. >>>> >>>>> The other is built into the samba daemon and >>>>> requires the creation of a couple of symlinks to use winbind in >>>>> /etc/nsswitch. >>>> What do you mean here? >>> If, as I do, you compile Samba 4, you have to create a couple of >>> symlinks: >>> >>> ln -s /usr/local/samba/lib/libnss_winbind.so.2 >>> /lib/libnss_winbind.so >>> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 >>> >>> Without these, you do not get any domain users etc from getent. >>> >> Truth be told, I've never compiled Samba from scratch myself, but >> the >> nssswitch libraries must be installed to /lib{,64}, are you sure >> there >> isn't just a configure time switch for that? >> >> > If you are talking about libnss_winbind.so, then as far as I > know, no > there isn't, you just have to create the two symlinks and add > 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it > works. > If you do add the links etc then sssd does not work on the S4 > server. > As sssd seems to work better than winbind then I shall continue to > use > it, but what I cannot understand is why do I seem to get the > feeling > that you are trying to talk me out of using sssd. > > Rowland > > On the samba file server or DC there other things that file server gets directly from winbind that sssd does not have yet. We are concerned that this would cause issues for you that you yet have not seen. That would be the reason. If you are willing to continue trying and are prepared to encounter issues and report back then we are OK.
Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
There is an interface for SID to name conversion in Samba and currently only winbind implements the interface. We wanted to have a compatible implementation done for 1.10 but we're probably not going to make it.
I don't know exactly from the top of my head what functionality the samba server uses this interface for. Maybe Andreas or Sumit know?
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I admit it, I was wrong, you cannot use sssd ad mode on a Samba 4 server instead of winbind.
Everything seemed to work ok until I tried to use cifs to mount the users homedirectory from the S4 server. It mounted ok and if you checked the user permissions on the the server & client they matched, both names & uid's. Getfacl showed that the user should be able to write to the share, only the user couldn't, the user had no rights to their own directory. I can only assume that cifs somehow uses winbind on the server and gets the uidnumbers that S4 winbind gives, these are different to what sssd comes up with.
What (so far) seems to work is: use winbind on the S4 server, set the uidNumber & gidNumber etc in the S4 LDAP for the users, no need for posix objectclasses. Then set up sssd on the linux clients to pull from ldap using kerberos.
Rowland
Yes that would work however another scenario that we expect to more or less work is: S4 DS + winbind on the server side using rid ID mapping algorythm, no UID/GID in LDAP, client is SSSD 1.9 with AD back end and id mapping used.
You have lost me there, are you referring to the S4 winbind built into the S4 samba daemon?
Sorry for typo, if confused the whole thing. I meant "Samba FS + winbind"
if so, there does not seem to be any documentation anywhere that I can find. As I said, I tried to get winbind on the clients working with both id_map rid & ad backends and could not get either to work. Whatever I use, has to come up with the same UID/GID that the S4 winbind does, because that is what the unix server seems to require. In fact I will state it plainly, whatever is used must produce exactly the same Unix information as the S4 winbind.
Correct and I am curious why it did not work because we used the same algorithm in SSSD id map translation as winbind rid uses with only one difference - SSSD can have additional ranges to support multiple domains. If it is a bug in SSSD it is a major one that we need to fix ASAP. If it is a bad configuration I want to get to the core of the problem and have a clear set of instructions how to set things up because we need it for the next round of work we will start later this spring-summer.
Rowland
That should work. What would fail are some client side utilities that grew some interfaces to the winbind. But we plan to address them down the road.
Thanks for investigation! It is a valuable information for us.
On 11/04/13 19:50, Dmitri Pal wrote:
On 04/11/2013 02:30 PM, Rowland Penny wrote:
On 11/04/13 18:49, Dmitri Pal wrote:
On 04/11/2013 10:00 AM, Rowland Penny wrote:
On 08/04/13 11:39, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote: > On 04/05/2013 02:40 PM, Rowland Penny wrote: >> On 05/04/13 19:00, Jakub Hrozek wrote: >>> On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote: >>>> On 05/04/13 17:05, Andreas Schneider wrote: >>>>> On Friday 05 April 2013 15:54:41 Rowland Penny wrote: >>>>>> On 05/04/13 15:35, Jakub Hrozek wrote: >>>>>>> On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote: >>>>>>>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>>>>>>> On Tue, Apr 02, 2013 at 01:42:46PM +0100, Rowland Penny >>>>>>>>> wrote: >>>>>>>>>>> With the AD provider you shouldn't be needing any of the >>>>>>>>>>> options >>>>>>>>>>> below. >>>>>>>>>>> The AD provider should just default to them. >>>>>>>>>>> >>>>>>>>>>> Is there a reason you are using password binds and not >>>>>>>>>>> GSSAPI? >>>>>>>>>> OK, I have removed all the lines you suggested and getent >>>>>>>>>> stopped >>>>>>>>>> working, examining /var/log/sssd/sssd_DOMAIN.log gives the >>>>>>>>>> reason: >>>>>>>>>> >>>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>> [resolve_srv_send] >>>>>>>>>> (0x0400): SRV resolution of service 'AD'. Will use DNS >>>>>>>>>> discovery >>>>>>>>>> domain 'DOMAIN' >>>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>> [resolve_srv_cont] >>>>>>>>>> (0x0100): Searching for servers via SRV query >>>>>>>>>> '_ldap._tcp.DOMAIN' >>>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>> [resolv_getsrv_send] >>>>>>>>>> (0x0100): Trying to resolve SRV record of >>>>>>>>>> '_ldap._tcp.DOMAIN' >>>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>> [request_watch_destructor] (0x0400): Deleting request watch >>>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>> [resolve_srv_done] >>>>>>>>>> (0x0020): SRV query failed: [Domain name not found] >>>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>> [fo_set_port_status] >>>>>>>>>> (0x0100): Marking port 0 of server '(no name)' as 'not >>>>>>>>>> working' >>>>>>>>>> (Tue Apr 2 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>> [set_srv_data_status] >>>>>>>>>> (0x0100): Marking SRV lookup of service 'AD' as 'not >>>>>>>>>> resolved' >>>>>>>>>> >>>>>>>>>> It is trying to look up the samba domain name instead of >>>>>>>>>> the >>>>>>>>>> the DNS >>>>>>>>>> domain.name, re-adding the following line cures this: >>>>>>>>>> >>>>>>>>>> dns_discovery_domain = domain.lan >>>>>>>>> I see, this is interesting. Does the value of >>>>>>>>> dns_discovery_domain >>>>>>>>> differ from the value of ad_domain? If not, then I would >>>>>>>>> consider it a >>>>>>>>> bug. >>>>>>>> I must have misunderstood you, because I turned off >>>>>>>> 'ad_domain = >>>>>>>> domain.lan'. I have now turned it back on again and turned >>>>>>>> off the >>>>>>>> dns_discovery_domain line and it still works. >>>>>>>> >>>>>>>>>>>> Rowland >>>>>>>>>>> I think there are two options: >>>>>>>>>>> 1) keep using the ID mapping and tailor the >>>>>>>>>>> configuration of >>>>>>>>>>> the ID >>>>>>>>>>> mapper in the SSSD so that it generates the same output as >>>>>>>>>>> the winbind >>>>>>>>>>> mapper. We've done this before, it's not the nicest >>>>>>>>>>> looking >>>>>>>>>>> configuration, but it works. >>>>>>>>>> What sssd ID mapping seems to do is, get the last part of >>>>>>>>>> the SID >>>>>>>>>> and add a number to the front of it, is this correct? and >>>>>>>>>> if so >>>>>>>>>> where does the number come from? and is this the way >>>>>>>>>> Windows does >>>>>>>>>> it? >>>>>>>>> Correct, The first number is a hashed value of the domain >>>>>>>>> part >>>>>>>>> of the >>>>>>>>> SID >>>>>>>>> and the "last part of the SID" is usually called the RID. >>>>>>>>> >>>>>>>>> Can you check if setting ldap_idmap_autorid_compat to True >>>>>>>>> would yield >>>>>>>>> the same IDs as winbind does? (Sorry I don't have a box with >>>>>>>>> winbind >>>>>>>>> handy and I always forget the details). >>>>>>>> I have tried it and no it wouldn't, with S3 winbind I got: >>>>>>>> >>>>>>>> uid=21105(user) gid=20513(domain_users) >>>>>>>> groups=20513(domain_users) >>>>>>>> >>>>>>>> With the line added into sssd.conf and winbind turned off, I >>>>>>>> now >>>>>>>> get: >>>>>>>> >>>>>>>> uid=201105(user) gid=200513(domain_users) >>>>>>>> groups=200513(domain_users) >>>>>>>> >>>>>>>>>> When you say 'the same output as the winbind mapper', which >>>>>>>>>> winbind >>>>>>>>>> are you refering to, the winbind on the Samba 4 server >>>>>>>>>> or the >>>>>>>>>> winbind on the Samba 3 client? >>>>>>>>> Both actually. You really want to have the IDs consistent >>>>>>>>> everywhere. >>>>>>>> That is the problem, the built into samba4 winbind returns >>>>>>>> different >>>>>>>> results: >>>>>>>> >>>>>>>> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users) >>>>>>>> >>>>>>>>>>> 2) Switch to using POSIX IDs instead of mapping them from >>>>>>>>>>> SIDs with >>>>>>>>>>> both >>>>>>>>>>> winbind and SSSD. All that should be needed on the SSSD >>>>>>>>>>> side >>>>>>>>>>> is set: >>>>>>>>>>> ldap_id_mapping = False >>>>>>>>>>> to sssd.conf and restart the SSSD (you might need to rm >>>>>>>>>>> the >>>>>>>>>>> cache as >>>>>>>>>>> SSSD doesn't really handle UID/GID changes very well yet). >>>>>>>>>>> >>>>>>>>>>> On the winbind side, I'm a little fuzzy on the details, >>>>>>>>>>> but I >>>>>>>>>>> believe >>>>>>>>>>> this could be done with "winbind nss info" configuration >>>>>>>>>>> option. >>>>>>>>>> The problem here is the use of winbind, I cannot get the >>>>>>>>>> idmap_ad >>>>>>>>>> backend to work at all, and idmap_rid gives a different uid >>>>>>>>> >from the >>>>>>>>>> Samba 4 server >>>>>>>>> So which mapper does the S4 server use? >>>>>>>> I do not know, I only know it is different from the S3 >>>>>>>> winbind. >>>>>>>> >>>>>>>>>>> From where I am 1) sounds like easier to implement >>>>>>>>>>> since >>>>>>>>>>> all you'd be >>>>>>>>>>> >>>>>>>>>>> changing is sssd.conf >>>>>>>>>> I am being to think that the way forward is to stop >>>>>>>>>> winbind on >>>>>>>>>> the >>>>>>>>>> Samba 4 server and use sssd instead. >>>>>>>>> That is a noble goal and one which we wanted to accomplish >>>>>>>>> in the >>>>>>>>> upcoming 1.10 release, but it was postponed to the next one: >>>>>>>>> https://fedorahosted.org/sssd/ticket/1534 >>>>>>>>> >>>>>>>>> The Samba server seems to be leveraging an interface only >>>>>>>>> winbind is >>>>>>>>> able to serve at the moment to convert SIDs to GIDs on the >>>>>>>>> server side. >>>>>>>>> >>>>>>>>> I don't know all the details, sorry, maybe on of the Samba >>>>>>>>> developers >>>>>>>>> lurking on this list would chime in. >>>>>>>> I don't understand this, by removing the S4 winbind links on >>>>>>>> the >>>>>>>> server and installing sssd 1.9.4, I appear to have got it >>>>>>>> to work, >>>>>>>> I now have consistent uid's & gid's without any real effort. >>>>>>> I had a short chat with the Samba Red Hat maintainer Andreas >>>>>>> Schneider >>>>>>> (CC-ed) and he advised against removing winbind from the >>>>>>> server, >>>>>>> too. >>>>>>> >>>>>>> I'm sure he'll provide a more qualified answer than I can :-) >>>>>> Hi, on Samba 4 you get 2 winbind's, one is based on the S3 code >>>>>> base and >>>>>> I think that I am right in saying that it will not start if >>>>>> the samba >>>>>> (AD) daemon is run. >>>>> That's correct and the DC needs the 'builtin' winbind daemon for >>>>> the DC to >>>>> function. It will not work with the s3fs winbind. >>>>> >>>>>> The other is built into the samba daemon and >>>>>> requires the creation of a couple of symlinks to use winbind in >>>>>> /etc/nsswitch. >>>>> What do you mean here? >>>> If, as I do, you compile Samba 4, you have to create a couple of >>>> symlinks: >>>> >>>> ln -s /usr/local/samba/lib/libnss_winbind.so.2 >>>> /lib/libnss_winbind.so >>>> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 >>>> >>>> Without these, you do not get any domain users etc from getent. >>>> >>> Truth be told, I've never compiled Samba from scratch myself, but >>> the >>> nssswitch libraries must be installed to /lib{,64}, are you sure >>> there >>> isn't just a configure time switch for that? >>> >>> >> If you are talking about libnss_winbind.so, then as far as I >> know, no >> there isn't, you just have to create the two symlinks and add >> 'winbind' to the passwd & group lines in /etc/nsswitch.conf and it >> works. >> If you do add the links etc then sssd does not work on the S4 >> server. >> As sssd seems to work better than winbind then I shall continue to >> use >> it, but what I cannot understand is why do I seem to get the >> feeling >> that you are trying to talk me out of using sssd. >> >> Rowland >> >> > On the samba file server or DC there other things that file server > gets > directly from winbind that sssd does not have yet. > We are concerned that this would cause issues for you that you yet > have > not seen. That would be the reason. > If you are willing to continue trying and are prepared to encounter > issues and report back then we are OK. > Could you give me some idea what sssd doesn't do that winbind does?
As far as I can see, I get (via getent): uidNumber gidNumber unixhomedirectory loginShell
There is an interface for SID to name conversion in Samba and currently only winbind implements the interface. We wanted to have a compatible implementation done for 1.10 but we're probably not going to make it.
I don't know exactly from the top of my head what functionality the samba server uses this interface for. Maybe Andreas or Sumit know?
which as far as I can see is what winbind would give me.
I can create directories & files and change ownership to a domain user &/or domain group, or in other words, I cannot tell the difference between using winbind or sssd except for the constant uidnumbers & gidnumbers.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I admit it, I was wrong, you cannot use sssd ad mode on a Samba 4 server instead of winbind.
Everything seemed to work ok until I tried to use cifs to mount the users homedirectory from the S4 server. It mounted ok and if you checked the user permissions on the the server & client they matched, both names & uid's. Getfacl showed that the user should be able to write to the share, only the user couldn't, the user had no rights to their own directory. I can only assume that cifs somehow uses winbind on the server and gets the uidnumbers that S4 winbind gives, these are different to what sssd comes up with.
What (so far) seems to work is: use winbind on the S4 server, set the uidNumber & gidNumber etc in the S4 LDAP for the users, no need for posix objectclasses. Then set up sssd on the linux clients to pull from ldap using kerberos.
Rowland
Yes that would work however another scenario that we expect to more or less work is: S4 DS + winbind on the server side using rid ID mapping algorythm, no UID/GID in LDAP, client is SSSD 1.9 with AD back end and id mapping used.
You have lost me there, are you referring to the S4 winbind built into the S4 samba daemon?
Sorry for typo, if confused the whole thing. I meant "Samba FS + winbind"
if so, there does not seem to be any documentation anywhere that I can find. As I said, I tried to get winbind on the clients working with both id_map rid & ad backends and could not get either to work. Whatever I use, has to come up with the same UID/GID that the S4 winbind does, because that is what the unix server seems to require. In fact I will state it plainly, whatever is used must produce exactly the same Unix information as the S4 winbind.
Correct and I am curious why it did not work because we used the same algorithm in SSSD id map translation as winbind rid uses with only one difference - SSSD can have additional ranges to support multiple domains. If it is a bug in SSSD it is a major one that we need to fix ASAP. If it is a bad configuration I want to get to the core of the problem and have a clear set of instructions how to set things up because we need it for the next round of work we will start later this spring-summer.
Rowland
That should work. What would fail are some client side utilities that grew some interfaces to the winbind. But we plan to address them down the road.
Thanks for investigation! It is a valuable information for us.
You have probably based your work on the S3 winbind, this is a separate daemon. If you run S4 as an AD DC you do not get a separate winbind daemon, it is now built into the samba daemon, the S3 samba daemon is not to be confused with the S3 smbd daemon which the samba daemon runs to get the s3fs fileserver backend. The S4 winbind seems to operate differently from S3 winbind and has, I understand, a different code base.
On the samba 4 server setup as per the samba4 howto, running as an AD DC, getent passwd username gives:
DOMAIN\username:*:3000017:100::/home/DOMAIN/username:/bin/bash
There does not seem to be a way to change the base for the UID (3000017) and the GID(100) comes from the RID 513, so to use sssd with the ad backend, the users uid produced by sssd (based on the line above) would have to be 3000017, not what it is coming up with at the moment.
What I am doing at the moment is setting the users uidNumber etc on the S4 server and using sssd ldap to pull the info and it does seem to work
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/11/2013 03:33 PM, Rowland Penny wrote:
On 11/04/13 19:50, Dmitri Pal wrote:
On 04/11/2013 02:30 PM, Rowland Penny wrote:
On 11/04/13 18:49, Dmitri Pal wrote:
On 04/11/2013 10:00 AM, Rowland Penny wrote:
On 08/04/13 11:39, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote: > On 05/04/13 19:46, Dmitri Pal wrote: >> On 04/05/2013 02:40 PM, Rowland Penny wrote: >>> On 05/04/13 19:00, Jakub Hrozek wrote: >>>> On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland >>>> Penny wrote: >>>>> On 05/04/13 17:05, Andreas Schneider wrote: >>>>>> On Friday 05 April 2013 15:54:41 Rowland >>>>>> Penny wrote: >>>>>>> On 05/04/13 15:35, Jakub Hrozek wrote: >>>>>>>> On Wed, Apr 03, 2013 at 11:20:44AM +0100, >>>>>>>> Rowland Penny wrote: >>>>>>>>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>>>>>>>> On Tue, Apr 02, 2013 at 01:42:46PM >>>>>>>>>> +0100, Rowland Penny wrote: >>>>>>>>>>>> With the AD provider you >>>>>>>>>>>> shouldn't be needing any of the >>>>>>>>>>>> options below. The AD provider >>>>>>>>>>>> should just default to them. >>>>>>>>>>>> >>>>>>>>>>>> Is there a reason you are using >>>>>>>>>>>> password binds and not GSSAPI? >>>>>>>>>>> OK, I have removed all the lines >>>>>>>>>>> you suggested and getent stopped >>>>>>>>>>> working, examining >>>>>>>>>>> /var/log/sssd/sssd_DOMAIN.log gives >>>>>>>>>>> the reason: >>>>>>>>>>> >>>>>>>>>>> (Tue Apr 2 12:52:55 2013) >>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>> [resolve_srv_send] (0x0400): SRV >>>>>>>>>>> resolution of service 'AD'. Will >>>>>>>>>>> use DNS discovery domain 'DOMAIN' >>>>>>>>>>> (Tue Apr 2 12:52:55 2013) >>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>> [resolve_srv_cont] (0x0100): >>>>>>>>>>> Searching for servers via SRV >>>>>>>>>>> query '_ldap._tcp.DOMAIN' (Tue Apr >>>>>>>>>>> 2 12:52:55 2013) >>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>> [resolv_getsrv_send] (0x0100): >>>>>>>>>>> Trying to resolve SRV record of >>>>>>>>>>> '_ldap._tcp.DOMAIN' (Tue Apr 2 >>>>>>>>>>> 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>>> [request_watch_destructor] >>>>>>>>>>> (0x0400): Deleting request watch >>>>>>>>>>> (Tue Apr 2 12:52:55 2013) >>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>> [resolve_srv_done] (0x0020): SRV >>>>>>>>>>> query failed: [Domain name not >>>>>>>>>>> found] (Tue Apr 2 12:52:55 2013) >>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>> [fo_set_port_status] (0x0100): >>>>>>>>>>> Marking port 0 of server '(no >>>>>>>>>>> name)' as 'not working' (Tue Apr 2 >>>>>>>>>>> 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>>> [set_srv_data_status] (0x0100): >>>>>>>>>>> Marking SRV lookup of service 'AD' >>>>>>>>>>> as 'not resolved' >>>>>>>>>>> >>>>>>>>>>> It is trying to look up the samba >>>>>>>>>>> domain name instead of the the DNS >>>>>>>>>>> domain.name, re-adding the >>>>>>>>>>> following line cures this: >>>>>>>>>>> >>>>>>>>>>> dns_discovery_domain = domain.lan >>>>>>>>>> I see, this is interesting. Does the >>>>>>>>>> value of dns_discovery_domain differ >>>>>>>>>> from the value of ad_domain? If not, >>>>>>>>>> then I would consider it a bug. >>>>>>>>> I must have misunderstood you, because >>>>>>>>> I turned off 'ad_domain = domain.lan'. >>>>>>>>> I have now turned it back on again and >>>>>>>>> turned off the dns_discovery_domain >>>>>>>>> line and it still works. >>>>>>>>> >>>>>>>>>>>>> Rowland >>>>>>>>>>>> I think there are two options: 1) >>>>>>>>>>>> keep using the ID mapping and >>>>>>>>>>>> tailor the configuration of the >>>>>>>>>>>> ID mapper in the SSSD so that it >>>>>>>>>>>> generates the same output as the >>>>>>>>>>>> winbind mapper. We've done this >>>>>>>>>>>> before, it's not the nicest >>>>>>>>>>>> looking configuration, but it >>>>>>>>>>>> works. >>>>>>>>>>> What sssd ID mapping seems to do >>>>>>>>>>> is, get the last part of the SID >>>>>>>>>>> and add a number to the front of >>>>>>>>>>> it, is this correct? and if so >>>>>>>>>>> where does the number come from? >>>>>>>>>>> and is this the way Windows does >>>>>>>>>>> it? >>>>>>>>>> Correct, The first number is a hashed >>>>>>>>>> value of the domain part of the SID >>>>>>>>>> and the "last part of the SID" is >>>>>>>>>> usually called the RID. >>>>>>>>>> >>>>>>>>>> Can you check if setting >>>>>>>>>> ldap_idmap_autorid_compat to True >>>>>>>>>> would yield the same IDs as winbind >>>>>>>>>> does? (Sorry I don't have a box with >>>>>>>>>> winbind handy and I always forget the >>>>>>>>>> details). >>>>>>>>> I have tried it and no it wouldn't, >>>>>>>>> with S3 winbind I got: >>>>>>>>> >>>>>>>>> uid=21105(user) >>>>>>>>> gid=20513(domain_users) >>>>>>>>> groups=20513(domain_users) >>>>>>>>> >>>>>>>>> With the line added into sssd.conf and >>>>>>>>> winbind turned off, I now get: >>>>>>>>> >>>>>>>>> uid=201105(user) >>>>>>>>> gid=200513(domain_users) >>>>>>>>> groups=200513(domain_users) >>>>>>>>> >>>>>>>>>>> When you say 'the same output as >>>>>>>>>>> the winbind mapper', which winbind >>>>>>>>>>> are you refering to, the winbind on >>>>>>>>>>> the Samba 4 server or the winbind >>>>>>>>>>> on the Samba 3 client? >>>>>>>>>> Both actually. You really want to >>>>>>>>>> have the IDs consistent everywhere. >>>>>>>>> That is the problem, the built into >>>>>>>>> samba4 winbind returns different >>>>>>>>> results: >>>>>>>>> >>>>>>>>> uid=3000016(DOMAIN\user) gid=100(users) >>>>>>>>> groups=100(users) >>>>>>>>> >>>>>>>>>>>> 2) Switch to using POSIX IDs >>>>>>>>>>>> instead of mapping them from SIDs >>>>>>>>>>>> with both winbind and SSSD. All >>>>>>>>>>>> that should be needed on the >>>>>>>>>>>> SSSD side is set: ldap_id_mapping >>>>>>>>>>>> = False to sssd.conf and restart >>>>>>>>>>>> the SSSD (you might need to rm >>>>>>>>>>>> the cache as SSSD doesn't really >>>>>>>>>>>> handle UID/GID changes very well >>>>>>>>>>>> yet). >>>>>>>>>>>> >>>>>>>>>>>> On the winbind side, I'm a little >>>>>>>>>>>> fuzzy on the details, but I >>>>>>>>>>>> believe this could be done with >>>>>>>>>>>> "winbind nss info" configuration >>>>>>>>>>>> option. >>>>>>>>>>> The problem here is the use of >>>>>>>>>>> winbind, I cannot get the idmap_ad >>>>>>>>>>> backend to work at all, and >>>>>>>>>>> idmap_rid gives a different uid >>>>>>>>>>> from the Samba 4 server >>>>>>>>>> So which mapper does the S4 server >>>>>>>>>> use? >>>>>>>>> I do not know, I only know it is >>>>>>>>> different from the S3 winbind. >>>>>>>>> >>>>>>>>>>>> From where I am 1) sounds like >>>>>>>>>>>> easier to implement since all >>>>>>>>>>>> you'd be >>>>>>>>>>>> >>>>>>>>>>>> changing is sssd.conf >>>>>>>>>>> I am being to think that the way >>>>>>>>>>> forward is to stop winbind on the >>>>>>>>>>> Samba 4 server and use sssd >>>>>>>>>>> instead. >>>>>>>>>> That is a noble goal and one which we >>>>>>>>>> wanted to accomplish in the upcoming >>>>>>>>>> 1.10 release, but it was postponed to >>>>>>>>>> the next one: >>>>>>>>>> https://fedorahosted.org/sssd/ticket/1534 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>
The Samba server seems to be leveraging an interface only
>>>>>>>>>> winbind is able to serve at the >>>>>>>>>> moment to convert SIDs to GIDs on >>>>>>>>>> the server side. >>>>>>>>>> >>>>>>>>>> I don't know all the details, sorry, >>>>>>>>>> maybe on of the Samba developers >>>>>>>>>> lurking on this list would chime in. >>>>>>>>> I don't understand this, by removing >>>>>>>>> the S4 winbind links on the server and >>>>>>>>> installing sssd 1.9.4, I appear to >>>>>>>>> have got it to work, I now have >>>>>>>>> consistent uid's & gid's without any >>>>>>>>> real effort. >>>>>>>> I had a short chat with the Samba Red Hat >>>>>>>> maintainer Andreas Schneider (CC-ed) and >>>>>>>> he advised against removing winbind from >>>>>>>> the server, too. >>>>>>>> >>>>>>>> I'm sure he'll provide a more qualified >>>>>>>> answer than I can :-) >>>>>>> Hi, on Samba 4 you get 2 winbind's, one is >>>>>>> based on the S3 code base and I think that >>>>>>> I am right in saying that it will not start >>>>>>> if the samba (AD) daemon is run. >>>>>> That's correct and the DC needs the 'builtin' >>>>>> winbind daemon for the DC to function. It >>>>>> will not work with the s3fs winbind. >>>>>> >>>>>>> The other is built into the samba daemon >>>>>>> and requires the creation of a couple of >>>>>>> symlinks to use winbind in /etc/nsswitch. >>>>>> What do you mean here? >>>>> If, as I do, you compile Samba 4, you have to >>>>> create a couple of symlinks: >>>>> >>>>> ln -s /usr/local/samba/lib/libnss_winbind.so.2 >>>>> /lib/libnss_winbind.so ln -s >>>>> /lib/libnss_winbind.so >>>>> /lib/libnss_winbind.so.2 >>>>> >>>>> Without these, you do not get any domain users >>>>> etc from getent. >>>>> >>>> Truth be told, I've never compiled Samba from >>>> scratch myself, but the nssswitch libraries must >>>> be installed to /lib{,64}, are you sure there >>>> isn't just a configure time switch for that? >>>> >>>> >>> If you are talking about libnss_winbind.so, then as >>> far as I know, no there isn't, you just have to >>> create the two symlinks and add 'winbind' to the >>> passwd & group lines in /etc/nsswitch.conf and it >>> works. If you do add the links etc then sssd does >>> not work on the S4 server. As sssd seems to work >>> better than winbind then I shall continue to use >>> it, but what I cannot understand is why do I seem >>> to get the feeling that you are trying to talk me >>> out of using sssd. >>> >>> Rowland >>> >>> >> On the samba file server or DC there other things >> that file server gets directly from winbind that sssd >> does not have yet. We are concerned that this would >> cause issues for you that you yet have not seen. That >> would be the reason. If you are willing to continue >> trying and are prepared to encounter issues and >> report back then we are OK. >> > Could you give me some idea what sssd doesn't do that > winbind does? > > As far as I can see, I get (via getent): uidNumber > gidNumber unixhomedirectory loginShell > There is an interface for SID to name conversion in Samba and currently only winbind implements the interface. We wanted to have a compatible implementation done for 1.10 but we're probably not going to make it.
I don't know exactly from the top of my head what functionality the samba server uses this interface for. Maybe Andreas or Sumit know?
> which as far as I can see is what winbind would give > me. > > I can create directories & files and change ownership > to a domain user &/or domain group, or in other words, > I cannot tell the difference between using winbind or > sssd except for the constant uidnumbers & gidnumbers. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I admit it, I was wrong, you cannot use sssd ad mode on a Samba 4
server instead of winbind.
Everything seemed to work ok until I tried to use cifs to mount the users homedirectory from the S4 server. It mounted ok and if you checked the user permissions on the the server & client they matched, both names & uid's. Getfacl showed that the user should be able to write to the share, only the user couldn't, the user had no rights to their own directory. I can only assume that cifs somehow uses winbind on the server and gets the uidnumbers that S4 winbind gives, these are different to what sssd comes up with.
What (so far) seems to work is: use winbind on the S4 server, set the uidNumber & gidNumber etc in the S4 LDAP for the users, no need for posix objectclasses. Then set up sssd on the linux clients to pull from ldap using kerberos.
Rowland
Yes that would work however another scenario that we expect to more or less work is: S4 DS + winbind on the server side using rid ID mapping algorythm, no UID/GID in LDAP, client is SSSD 1.9 with AD back end and id mapping used.
You have lost me there, are you referring to the S4 winbind built into the S4 samba daemon?
Sorry for typo, if confused the whole thing. I meant "Samba FS + winbind"
if so, there does not seem to be any documentation anywhere that I can find. As I said, I tried to get winbind on the clients working with both id_map rid & ad backends and could not get either to work. Whatever I use, has to come up with the same UID/GID that the S4 winbind does, because that is what the unix server seems to require. In fact I will state it plainly, whatever is used must produce exactly the same Unix information as the S4 winbind.
Correct and I am curious why it did not work because we used the same algorithm in SSSD id map translation as winbind rid uses with only one difference - SSSD can have additional ranges to support multiple domains. If it is a bug in SSSD it is a major one that we need to fix ASAP. If it is a bad configuration I want to get to the core of the problem and have a clear set of instructions how to set things up because we need it for the next round of work we will start later this spring-summer.
Rowland
That should work. What would fail are some client side utilities that grew some interfaces to the winbind. But we plan to address them down the road.
Thanks for investigation! It is a valuable information for us.
You have probably based your work on the S3 winbind, this is a separate daemon. If you run S4 as an AD DC you do not get a separate winbind daemon, it is now built into the samba daemon, the S3 samba daemon is not to be confused with the S3 smbd daemon which the samba daemon runs to get the s3fs fileserver backend. The S4 winbind seems to operate differently from S3 winbind and has, I understand, a different code base.
On the samba 4 server setup as per the samba4 howto, running as an AD DC, getent passwd username gives:
DOMAIN\username:*:3000017:100::/home/DOMAIN/username:/bin/bash
There does not seem to be a way to change the base for the UID (3000017) and the GID(100) comes from the RID 513, so to use sssd with the ad backend, the users uid produced by sssd (based on the line above) would have to be 3000017, not what it is coming up with at the moment.
What I am doing at the moment is setting the users uidNumber etc on the S4 server and using sssd ldap to pull the info and it does seem to work
This thread is too long for me to scan through and check, but are you using:
ldap_idmap_autorid_compat = True
in your sssd.conf? If not, that's why you're getting different IDs. By default, we use a deterministic algorithm to create the IDs, but winbind's autorid algorithm requires that they all start at the first slot and go upwards from there.
Also, make sure that ldap_idmap_range_min, ldap_idmap_range_max and ldap_idmap_range_size match their equivalents in winbind. I'm not certain if they do by default.
See sssd-ad(5) for more details (on SSSD 1.9 and later)
On 11/04/13 21:01, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/11/2013 03:33 PM, Rowland Penny wrote:
On 11/04/13 19:50, Dmitri Pal wrote:
On 04/11/2013 02:30 PM, Rowland Penny wrote:
On 11/04/13 18:49, Dmitri Pal wrote:
On 04/11/2013 10:00 AM, Rowland Penny wrote:
On 08/04/13 11:39, Jakub Hrozek wrote: > On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny > wrote: >> On 05/04/13 19:46, Dmitri Pal wrote: >>> On 04/05/2013 02:40 PM, Rowland Penny wrote: >>>> On 05/04/13 19:00, Jakub Hrozek wrote: >>>>> On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland >>>>> Penny wrote: >>>>>> On 05/04/13 17:05, Andreas Schneider wrote: >>>>>>> On Friday 05 April 2013 15:54:41 Rowland >>>>>>> Penny wrote: >>>>>>>> On 05/04/13 15:35, Jakub Hrozek wrote: >>>>>>>>> On Wed, Apr 03, 2013 at 11:20:44AM +0100, >>>>>>>>> Rowland Penny wrote: >>>>>>>>>> On 02/04/13 22:39, Jakub Hrozek wrote: >>>>>>>>>>> On Tue, Apr 02, 2013 at 01:42:46PM >>>>>>>>>>> +0100, Rowland Penny wrote: >>>>>>>>>>>>> With the AD provider you >>>>>>>>>>>>> shouldn't be needing any of the >>>>>>>>>>>>> options below. The AD provider >>>>>>>>>>>>> should just default to them. >>>>>>>>>>>>> >>>>>>>>>>>>> Is there a reason you are using >>>>>>>>>>>>> password binds and not GSSAPI? >>>>>>>>>>>> OK, I have removed all the lines >>>>>>>>>>>> you suggested and getent stopped >>>>>>>>>>>> working, examining >>>>>>>>>>>> /var/log/sssd/sssd_DOMAIN.log gives >>>>>>>>>>>> the reason: >>>>>>>>>>>> >>>>>>>>>>>> (Tue Apr 2 12:52:55 2013) >>>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>>> [resolve_srv_send] (0x0400): SRV >>>>>>>>>>>> resolution of service 'AD'. Will >>>>>>>>>>>> use DNS discovery domain 'DOMAIN' >>>>>>>>>>>> (Tue Apr 2 12:52:55 2013) >>>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>>> [resolve_srv_cont] (0x0100): >>>>>>>>>>>> Searching for servers via SRV >>>>>>>>>>>> query '_ldap._tcp.DOMAIN' (Tue Apr >>>>>>>>>>>> 2 12:52:55 2013) >>>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>>> [resolv_getsrv_send] (0x0100): >>>>>>>>>>>> Trying to resolve SRV record of >>>>>>>>>>>> '_ldap._tcp.DOMAIN' (Tue Apr 2 >>>>>>>>>>>> 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>>>> [request_watch_destructor] >>>>>>>>>>>> (0x0400): Deleting request watch >>>>>>>>>>>> (Tue Apr 2 12:52:55 2013) >>>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>>> [resolve_srv_done] (0x0020): SRV >>>>>>>>>>>> query failed: [Domain name not >>>>>>>>>>>> found] (Tue Apr 2 12:52:55 2013) >>>>>>>>>>>> [sssd[be[DOMAIN]]] >>>>>>>>>>>> [fo_set_port_status] (0x0100): >>>>>>>>>>>> Marking port 0 of server '(no >>>>>>>>>>>> name)' as 'not working' (Tue Apr 2 >>>>>>>>>>>> 12:52:55 2013) [sssd[be[DOMAIN]]] >>>>>>>>>>>> [set_srv_data_status] (0x0100): >>>>>>>>>>>> Marking SRV lookup of service 'AD' >>>>>>>>>>>> as 'not resolved' >>>>>>>>>>>> >>>>>>>>>>>> It is trying to look up the samba >>>>>>>>>>>> domain name instead of the the DNS >>>>>>>>>>>> domain.name, re-adding the >>>>>>>>>>>> following line cures this: >>>>>>>>>>>> >>>>>>>>>>>> dns_discovery_domain = domain.lan >>>>>>>>>>> I see, this is interesting. Does the >>>>>>>>>>> value of dns_discovery_domain differ >>>>>>>>>>> from the value of ad_domain? If not, >>>>>>>>>>> then I would consider it a bug. >>>>>>>>>> I must have misunderstood you, because >>>>>>>>>> I turned off 'ad_domain = domain.lan'. >>>>>>>>>> I have now turned it back on again and >>>>>>>>>> turned off the dns_discovery_domain >>>>>>>>>> line and it still works. >>>>>>>>>> >>>>>>>>>>>>>> Rowland >>>>>>>>>>>>> I think there are two options: 1) >>>>>>>>>>>>> keep using the ID mapping and >>>>>>>>>>>>> tailor the configuration of the >>>>>>>>>>>>> ID mapper in the SSSD so that it >>>>>>>>>>>>> generates the same output as the >>>>>>>>>>>>> winbind mapper. We've done this >>>>>>>>>>>>> before, it's not the nicest >>>>>>>>>>>>> looking configuration, but it >>>>>>>>>>>>> works. >>>>>>>>>>>> What sssd ID mapping seems to do >>>>>>>>>>>> is, get the last part of the SID >>>>>>>>>>>> and add a number to the front of >>>>>>>>>>>> it, is this correct? and if so >>>>>>>>>>>> where does the number come from? >>>>>>>>>>>> and is this the way Windows does >>>>>>>>>>>> it? >>>>>>>>>>> Correct, The first number is a hashed >>>>>>>>>>> value of the domain part of the SID >>>>>>>>>>> and the "last part of the SID" is >>>>>>>>>>> usually called the RID. >>>>>>>>>>> >>>>>>>>>>> Can you check if setting >>>>>>>>>>> ldap_idmap_autorid_compat to True >>>>>>>>>>> would yield the same IDs as winbind >>>>>>>>>>> does? (Sorry I don't have a box with >>>>>>>>>>> winbind handy and I always forget the >>>>>>>>>>> details). >>>>>>>>>> I have tried it and no it wouldn't, >>>>>>>>>> with S3 winbind I got: >>>>>>>>>> >>>>>>>>>> uid=21105(user) >>>>>>>>>> gid=20513(domain_users) >>>>>>>>>> groups=20513(domain_users) >>>>>>>>>> >>>>>>>>>> With the line added into sssd.conf and >>>>>>>>>> winbind turned off, I now get: >>>>>>>>>> >>>>>>>>>> uid=201105(user) >>>>>>>>>> gid=200513(domain_users) >>>>>>>>>> groups=200513(domain_users) >>>>>>>>>> >>>>>>>>>>>> When you say 'the same output as >>>>>>>>>>>> the winbind mapper', which winbind >>>>>>>>>>>> are you refering to, the winbind on >>>>>>>>>>>> the Samba 4 server or the winbind >>>>>>>>>>>> on the Samba 3 client? >>>>>>>>>>> Both actually. You really want to >>>>>>>>>>> have the IDs consistent everywhere. >>>>>>>>>> That is the problem, the built into >>>>>>>>>> samba4 winbind returns different >>>>>>>>>> results: >>>>>>>>>> >>>>>>>>>> uid=3000016(DOMAIN\user) gid=100(users) >>>>>>>>>> groups=100(users) >>>>>>>>>> >>>>>>>>>>>>> 2) Switch to using POSIX IDs >>>>>>>>>>>>> instead of mapping them from SIDs >>>>>>>>>>>>> with both winbind and SSSD. All >>>>>>>>>>>>> that should be needed on the >>>>>>>>>>>>> SSSD side is set: ldap_id_mapping >>>>>>>>>>>>> = False to sssd.conf and restart >>>>>>>>>>>>> the SSSD (you might need to rm >>>>>>>>>>>>> the cache as SSSD doesn't really >>>>>>>>>>>>> handle UID/GID changes very well >>>>>>>>>>>>> yet). >>>>>>>>>>>>> >>>>>>>>>>>>> On the winbind side, I'm a little >>>>>>>>>>>>> fuzzy on the details, but I >>>>>>>>>>>>> believe this could be done with >>>>>>>>>>>>> "winbind nss info" configuration >>>>>>>>>>>>> option. >>>>>>>>>>>> The problem here is the use of >>>>>>>>>>>> winbind, I cannot get the idmap_ad >>>>>>>>>>>> backend to work at all, and >>>>>>>>>>>> idmap_rid gives a different uid >>>>>>>>>>>> from the Samba 4 server >>>>>>>>>>> So which mapper does the S4 server >>>>>>>>>>> use? >>>>>>>>>> I do not know, I only know it is >>>>>>>>>> different from the S3 winbind. >>>>>>>>>> >>>>>>>>>>>>> From where I am 1) sounds like >>>>>>>>>>>>> easier to implement since all >>>>>>>>>>>>> you'd be >>>>>>>>>>>>> >>>>>>>>>>>>> changing is sssd.conf >>>>>>>>>>>> I am being to think that the way >>>>>>>>>>>> forward is to stop winbind on the >>>>>>>>>>>> Samba 4 server and use sssd >>>>>>>>>>>> instead. >>>>>>>>>>> That is a noble goal and one which we >>>>>>>>>>> wanted to accomplish in the upcoming >>>>>>>>>>> 1.10 release, but it was postponed to >>>>>>>>>>> the next one: >>>>>>>>>>> https://fedorahosted.org/sssd/ticket/1534 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>
The Samba server seems to be leveraging an interface only
>>>>>>>>>>> winbind is able to serve at the >>>>>>>>>>> moment to convert SIDs to GIDs on >>>>>>>>>>> the server side. >>>>>>>>>>> >>>>>>>>>>> I don't know all the details, sorry, >>>>>>>>>>> maybe on of the Samba developers >>>>>>>>>>> lurking on this list would chime in. >>>>>>>>>> I don't understand this, by removing >>>>>>>>>> the S4 winbind links on the server and >>>>>>>>>> installing sssd 1.9.4, I appear to >>>>>>>>>> have got it to work, I now have >>>>>>>>>> consistent uid's & gid's without any >>>>>>>>>> real effort. >>>>>>>>> I had a short chat with the Samba Red Hat >>>>>>>>> maintainer Andreas Schneider (CC-ed) and >>>>>>>>> he advised against removing winbind from >>>>>>>>> the server, too. >>>>>>>>> >>>>>>>>> I'm sure he'll provide a more qualified >>>>>>>>> answer than I can :-) >>>>>>>> Hi, on Samba 4 you get 2 winbind's, one is >>>>>>>> based on the S3 code base and I think that >>>>>>>> I am right in saying that it will not start >>>>>>>> if the samba (AD) daemon is run. >>>>>>> That's correct and the DC needs the 'builtin' >>>>>>> winbind daemon for the DC to function. It >>>>>>> will not work with the s3fs winbind. >>>>>>> >>>>>>>> The other is built into the samba daemon >>>>>>>> and requires the creation of a couple of >>>>>>>> symlinks to use winbind in /etc/nsswitch. >>>>>>> What do you mean here? >>>>>> If, as I do, you compile Samba 4, you have to >>>>>> create a couple of symlinks: >>>>>> >>>>>> ln -s /usr/local/samba/lib/libnss_winbind.so.2 >>>>>> /lib/libnss_winbind.so ln -s >>>>>> /lib/libnss_winbind.so >>>>>> /lib/libnss_winbind.so.2 >>>>>> >>>>>> Without these, you do not get any domain users >>>>>> etc from getent. >>>>>> >>>>> Truth be told, I've never compiled Samba from >>>>> scratch myself, but the nssswitch libraries must >>>>> be installed to /lib{,64}, are you sure there >>>>> isn't just a configure time switch for that? >>>>> >>>>> >>>> If you are talking about libnss_winbind.so, then as >>>> far as I know, no there isn't, you just have to >>>> create the two symlinks and add 'winbind' to the >>>> passwd & group lines in /etc/nsswitch.conf and it >>>> works. If you do add the links etc then sssd does >>>> not work on the S4 server. As sssd seems to work >>>> better than winbind then I shall continue to use >>>> it, but what I cannot understand is why do I seem >>>> to get the feeling that you are trying to talk me >>>> out of using sssd. >>>> >>>> Rowland >>>> >>>> >>> On the samba file server or DC there other things >>> that file server gets directly from winbind that sssd >>> does not have yet. We are concerned that this would >>> cause issues for you that you yet have not seen. That >>> would be the reason. If you are willing to continue >>> trying and are prepared to encounter issues and >>> report back then we are OK. >>> >> Could you give me some idea what sssd doesn't do that >> winbind does? >> >> As far as I can see, I get (via getent): uidNumber >> gidNumber unixhomedirectory loginShell >> > There is an interface for SID to name conversion in Samba > and currently only winbind implements the interface. We > wanted to have a compatible implementation done for 1.10 > but we're probably not going to make it. > > I don't know exactly from the top of my head what > functionality the samba server uses this interface for. > Maybe Andreas or Sumit know? > >> which as far as I can see is what winbind would give >> me. >> >> I can create directories & files and change ownership >> to a domain user &/or domain group, or in other words, >> I cannot tell the difference between using winbind or >> sssd except for the constant uidnumbers & gidnumbers. > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users >
OK, I admit it, I was wrong, you cannot use sssd ad mode on a Samba 4
server instead of winbind.
Everything seemed to work ok until I tried to use cifs to mount the users homedirectory from the S4 server. It mounted ok and if you checked the user permissions on the the server & client they matched, both names & uid's. Getfacl showed that the user should be able to write to the share, only the user couldn't, the user had no rights to their own directory. I can only assume that cifs somehow uses winbind on the server and gets the uidnumbers that S4 winbind gives, these are different to what sssd comes up with.
What (so far) seems to work is: use winbind on the S4 server, set the uidNumber & gidNumber etc in the S4 LDAP for the users, no need for posix objectclasses. Then set up sssd on the linux clients to pull from ldap using kerberos.
Rowland
Yes that would work however another scenario that we expect to more or less work is: S4 DS + winbind on the server side using rid ID mapping algorythm, no UID/GID in LDAP, client is SSSD 1.9 with AD back end and id mapping used.
You have lost me there, are you referring to the S4 winbind built into the S4 samba daemon?
Sorry for typo, if confused the whole thing. I meant "Samba FS + winbind"
if so, there does not seem to be any documentation anywhere that I can find. As I said, I tried to get winbind on the clients working with both id_map rid & ad backends and could not get either to work. Whatever I use, has to come up with the same UID/GID that the S4 winbind does, because that is what the unix server seems to require. In fact I will state it plainly, whatever is used must produce exactly the same Unix information as the S4 winbind.
Correct and I am curious why it did not work because we used the same algorithm in SSSD id map translation as winbind rid uses with only one difference - SSSD can have additional ranges to support multiple domains. If it is a bug in SSSD it is a major one that we need to fix ASAP. If it is a bad configuration I want to get to the core of the problem and have a clear set of instructions how to set things up because we need it for the next round of work we will start later this spring-summer.
Rowland
That should work. What would fail are some client side utilities that grew some interfaces to the winbind. But we plan to address them down the road.
Thanks for investigation! It is a valuable information for us.
You have probably based your work on the S3 winbind, this is a separate daemon. If you run S4 as an AD DC you do not get a separate winbind daemon, it is now built into the samba daemon, the S3 samba daemon is not to be confused with the S3 smbd daemon which the samba daemon runs to get the s3fs fileserver backend. The S4 winbind seems to operate differently from S3 winbind and has, I understand, a different code base.
On the samba 4 server setup as per the samba4 howto, running as an AD DC, getent passwd username gives:
DOMAIN\username:*:3000017:100::/home/DOMAIN/username:/bin/bash
There does not seem to be a way to change the base for the UID (3000017) and the GID(100) comes from the RID 513, so to use sssd with the ad backend, the users uid produced by sssd (based on the line above) would have to be 3000017, not what it is coming up with at the moment.
What I am doing at the moment is setting the users uidNumber etc on the S4 server and using sssd ldap to pull the info and it does seem to work
This thread is too long for me to scan through and check, but are you using:
ldap_idmap_autorid_compat = True
No, but to be honest, after trying to get winbind to work similar to what you are suggesting, I am off any form of idmapping, this is not how windows works and I think that idea should be layed to rest.
in your sssd.conf? If not, that's why you're getting different IDs. By default, we use a deterministic algorithm to create the IDs, but winbind's autorid algorithm requires that they all start at the first slot and go upwards from there.
All S4 winbind uid's seem to start at 3000000 and I take it they come from the users RID, so to me, that is the way that sssd needs to work, i.e. a user logging into any client in the domain would get the same uid, 3000017 for instance. Also S4 winbind does not seem to use slots, every S4 winbind starts at 3000000, so sssd again needs to be aware of the workgroup name instead of using a number based on the SID. Setting up sssd needs to very simple, using different idmap ranges etc is not simple.
Also, make sure that ldap_idmap_range_min, ldap_idmap_range_max and ldap_idmap_range_size match their equivalents in winbind. I'm not certain if they do by default. See sssd-ad(5) for more details (on SSSD 1.9 and later)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFnFqsACgkQeiVVYja6o6PmpACfeAf8iO9HMYYkGKU4Nuq9UyRT etwAnRAxo5ug5AsLlTL+N4LgiUMY3ytp =4XP6 -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org