October 2019 - FreeIPA-users - Fedora Mailing-Lists

ipa-server-install error [37/44] initializing group membership: [error] NotFound: no such entry

by Michael Schefczyk

Dear All, Trying to install ipa-server (4.7.1-11.module_el8.0.0+79+bbd20d7b package from @AppStream) on a new virtual CentOS Linux 8.0.1905 server within my LAN (fresh test install, the previous version on CentOS 7 did work), I persistently get the following error message when freipa-install tries to configure the dirsrv: [37/44]: initializing group membership [error] NotFound: no such entry I would very much welcome if anyone could point me to the right direction. I find the log content (below) not very telling. Regards, Michael Schefczyk 2019-10-13T07:21:07Z DEBUG step duration: dirsrv __add_topology_entries 0.05 sec 2019-10-13T07:21:07Z DEBUG [37/44]: initializing group membership 2019-10-13T07:21:07Z DEBUG Starting external process 2019-10-13T07:21:07Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpm2nl4f4x', '-H', 'ldapi://%2fvar%2frun%2fslapd-B72-COM.socket', '-Y', 'EXTERNAL'] 2019-10-13T07:21:07Z DEBUG Process finished, return code=0 2019-10-13T07:21:07Z DEBUG stdout=add objectClass: top extensibleObject add cn: IPA install add basedn: dc=b72,dc=com add filter: (objectclass=*) add ttl: 10 adding new entry "cn=IPA install 1570951250, cn=memberof task, cn=tasks, cn=config" modify complete 2019-10-13T07:21:07Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-B72-COM.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2019-10-13T07:21:07Z DEBUG Waiting for memberof task to complete. 2019-10-13T07:21:07Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1022, in error_handler yield File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1514, in find_entries raise e File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1474, in find_entries result = self.conn.result3(id, 0) File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 749, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 756, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 329, in _ldap_call reraise(exc_type, exc_value, exc_traceback) File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 44, in reraise raise exc_value File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 313, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_OBJECT: {'desc': 'No such object'} During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 605, in start_creation run_step(full_msg, method) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 591, in run_step method() File "/usr/lib/python3.6/site-packages/ipaserver/install/dsinstance.py", line 712, in init_memberof replication.wait_for_task(conn, dn) File "/usr/lib/python3.6/site-packages/ipaserver/install/replication.py", line 171, in wait_for_task entry = conn.get_entry(dn, attrlist) File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1571, in get_entry size_limit=size_limit, get_effective_rights=get_effective_rights, File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1383, in get_entries **kwargs) File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1521, in find_entries break File "/usr/lib64/python3.6/contextlib.py", line 99, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1032, in error_handler raise errors.NotFound(reason=arg_desc or 'no such entry') ipalib.errors.NotFound: no such entry 2019-10-13T07:21:07Z DEBUG [error] NotFound: no such entry 2019-10-13T07:21:07Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in execute return_value = self.run() File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 347, in run return cfgr.run() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line 550, in main master_install(self) File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 253, in decorated func(installer) File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 800, in install setup_pkinit=not options.no_pkinit) File "/usr/lib/python3.6/site-packages/ipaserver/install/dsinstance.py", line 345, in create_instance self.start_creation(runtime=30) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 605, in start_creation run_step(full_msg, method) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 591, in run_step method() File "/usr/lib/python3.6/site-packages/ipaserver/install/dsinstance.py", line 712, in init_memberof replication.wait_for_task(conn, dn) File "/usr/lib/python3.6/site-packages/ipaserver/install/replication.py", line 171, in wait_for_task entry = conn.get_entry(dn, attrlist) File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1571, in get_entry size_limit=size_limit, get_effective_rights=get_effective_rights, File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1383, in get_entries **kwargs) File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1521, in find_entries break File "/usr/lib64/python3.6/contextlib.py", line 99, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1032, in error_handler raise errors.NotFound(reason=arg_desc or 'no such entry') 2019-10-13T07:21:07Z DEBUG The ipa-server-install command failed, exception: NotFound: no such entry 2019-10-13T07:21:07Z ERROR no such entry 2019-10-13T07:21:07Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

1 week

2
3
0 / 0

FreeIPA having problem after upgrading from Fedora 30 to 31

by Patrick Dung

Hello, I got problem upgrading from FC30 to FC31. Before upgrade the FreeIPA in FC30 is running fine. After OS upgrade, IPA cannot start and checked that it stuck at the CA part. I run ipa-server-upgrade manually but there is problem. 2019-10-29T21:03:58Z DEBUG request GET https://home.local.nonet:8443/ca/rest/account/login 2019-10-29T21:03:58Z DEBUG request body '' 2019-10-29T21:03:58Z DEBUG response status 500 2019-10-29T21:03:58Z DEBUG response headers Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 2481 Date: Tue, 29 Oct 2019 21:03:58 GMT Connection: close 2019-10-29T21:03:58Z DEBUG response body (decoded): b'<!doctype html><html lang="en"><head><title>HTTP Status 500 \xe2\x80\x93 Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 \xe2\x80\x93 Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Subsystem unavailable</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>javax.ws.rs.ServiceUnavailableException: Subsystem unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:150)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:515)\n\tcom.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)\n\torg.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\torg.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)\n\torg.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)\n\torg.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)\n\torg.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)\n\torg.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:748)\n</pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/9.0.26</h3></body></html>' 2019-10-29T21:03:58Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2019-10-29T21:03:58Z DEBUG File "/usr/lib/python3.7/site-packages/ipapython/admintool.py", line 179, in execute return_value = self.run() File "/usr/lib/python3.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 54, in run server.upgrade() File "/usr/lib/python3.7/site-packages/ipaserver/install/server/upgrade.py", line 2223, in upgrade upgrade_configuration() File "/usr/lib/python3.7/site-packages/ipaserver/install/server/upgrade.py", line 2093, in upgrade_configuration ca_enable_ldap_profile_subsystem(ca) File "/usr/lib/python3.7/site-packages/ipaserver/install/server/upgrade.py", line 414, in ca_enable_ldap_profile_subsystem cainstance.migrate_profiles_to_ldap() File "/usr/lib/python3.7/site-packages/ipaserver/install/cainstance.py", line 1937, in migrate_profiles_to_ldap _create_dogtag_profile(profile_id, profile_data, overwrite=False) File "/usr/lib/python3.7/site-packages/ipaserver/install/cainstance.py", line 1943, in _create_dogtag_profile with api.Backend.ra_certprofile as profile_api: File "/usr/lib/python3.7/site-packages/ipaserver/plugins/dogtag.py", line 1315, in __enter__ raise errors.RemoteRetrieveError(reason=_('Failed to authenticate to CA REST API')) 2019-10-29T21:03:58Z DEBUG The ipa-server-upgrade command failed, exception: RemoteRetrieveError: Failed to authenticate to CA REST API 2019-10-29T21:03:58Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details: RemoteRetrieveError: Failed to authenticate to CA REST API 2019-10-29T21:03:58Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information From /var/log/pki/pki-tomcat/ca/debug log file: 2019-10-30 05:03:50 [main] FINE: LdapAuthInfo: init() 2019-10-30 05:03:50 [main] FINE: LdapAuthInfo: init begins 2019-10-30 05:03:50 [main] FINEST: Getting internaldb.ldapauth.authtype=SslClientAuth 2019-10-30 05:03:50 [main] FINE: LdapAuthInfo: init ends 2019-10-30 05:03:50 [main] FINEST: Property internaldb.errorIfDown not found 2019-10-30 05:03:50 [main] FINEST: Getting internaldb.errorIfDown=true 2019-10-30 05:03:50 [main] FINEST: Property internaldb.doCloning not found 2019-10-30 05:03:50 [main] FINEST: Getting internaldb.doCloning=true 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: doCloning: true 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: mininum: 3 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: maximum: 15 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: host: home.local.nonet 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: port: 636 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: secure: true 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: authentication: 2 2019-10-30 05:03:50 [main] FINE: LdapBoundConnFactory: makeConnection(true) 2019-10-30 05:03:50 [main] FINEST: Getting internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca 2019-10-30 05:03:50 [main] FINEST: Property tcp.keepAlive not found 2019-10-30 05:03:50 [main] FINEST: Getting tcp.keepAlive=true 2019-10-30 05:03:50 [main] FINE: TCP Keep-Alive: true 2019-10-30 05:03:50 [main] FINE: LdapBoundConnection: Connecting to home.local.nonet:636 with client cert auth 2019-10-30 05:03:50 [main] FINE: ldapconn/PKISocketFactory.makeSSLSocket: begins 2019-10-30 05:03:50 [main] SEVERE: Unable to create socket: java.net.ConnectException: Connection refused (Connection refused) java.net.ConnectException: Connection refused (Connection refused) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at java.net.Socket.connect(Socket.java:556) at java.net.Socket.<init>(Socket.java:452) at java.net.Socket.<init>(Socket.java:262) Some error is logged to /var/log/messages: Oct 30 05:26:50 home server[65722]: WARNING: Exception processing realm [com.netscape.cms.tomcat.ProxyRealm@5647a92b] background process Oct 30 05:26:50 home server[65722]: javax.ws.rs.ServiceUnavailableException: Subsystem unavailable Oct 30 05:26:50 home server[65722]: #011at com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:142) Oct 30 05:26:50 home server[65722]: #011at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1137) Oct 30 05:26:50 home server[65722]: #011at org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5566) Oct 30 05:26:50 home server[65722]: #011at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1353) Oct 30 05:26:50 home server[65722]: #011at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1357) Oct 30 05:26:50 home server[65722]: #011at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1335) Oct 30 05:26:50 home server[65722]: #011at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) Oct 30 05:26:50 home server[65722]: #011at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) Oct 30 05:26:50 home server[65722]: #011at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) Oct 30 05:26:50 home server[65722]: #011at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) Oct 30 05:26:50 home server[65722]: #011at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) Oct 30 05:26:50 home server[65722]: #011at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) Oct 30 05:26:50 home server[65722]: #011at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) Oct 30 05:26:50 home server[65722]: #011at java.lang.Thread.run(Thread.java:748) I am able to connect to my ldap server port 636 with TLS without problem. Thanks, Patrick

1 month, 1 week

5
7
0 / 0

number of topology segments for 3 servers clean setup?

by lejeczek

hi everyone, I wanted to ask about number of segments after a clean IPA setup with 3 servers. I see for both 'domain' & 'ca' two segments created by master/replica installations, which makes me wonder - should there not be three? no/yes & why? many thanks, L.

1 month, 1 week

4
5
0 / 0

Trust between two different FreeIPA servers

by Vinícius Ferrão

Hello, As today there’s any way to create a trust between two FreeIPA servers? I know that up to version 4.5 this isn’t possible yet. If there’s no way to create a trust, at least one server can consume it’s users from another one? They are in different domain level, one being a subdomain (DNS and Kerberos Realms) of another one, this way: # Server 1 int.example.com # Server 2 other.int.example.com Thanks,

1 month, 1 week

2
2
0 / 0

Fwd: Synchronization of an external IdP database into the LDAP DB

by Ivan Panico

Hi, Suppose I have an application X currently managed through FreeIPA LDAP (that application query directly freeIPA LDAP). Suppose I also have an enterprise IdP for SAML communication. My application is used by another application Y that is customer facing and uses impersonation. At some point needs to retrieve groups for the end-user (hence the LDAP query). Now I want to move all my auth authz workflow to SAML. My problem is that if I do that, my local LDAP DB is not populated with my enterprise IdP users and groups and my distant IdP can't be queried in LDAP by my application X so I can't retrieve my group. Is there a way to make this workflow work using some functionality in FreeIPA ? X = Hdfs Y = any application that gives access to hdfs data for example Dataiku Regards, Ivan

1 month, 1 week

1
0
0 / 0

FreeIPA: Cannot login to AD User from IPA client, login from server works

by Danijel Bojic

Hi dear freeipa-users :D I am currently testing FreeIPA in a Windows Active Directory environment. The goal is to use this as a productive secondary domain with a one-way trust from AD to FreeIPA. (We have lots of developers that work with Linux clients (Fedora and CentOS) aswell as want to profit from their already existing user account in the AD environment. This will also make it easier for the IT to track which clients/vms etc. are domain joined and which are not and would allow us to restrict them slightly on our systems.) I did the installation following the manual on the Freeipa page. After that i had to troubleshoot why AD users are not getting correct UID/GID assigned from AD --> https://www.reddit.com/r/linuxadmin/comments/dcb1xh/freeipa_and_windows_a... I fixed that by doing the said thing by deleting established trust, re-adding trust with correct parameters, deleting sssd cache. Now im facing something else that gives me a headache since a few days. I am unable to login to AD users from IPA joined Client. ipa-client-install etc. done. and should be fine. But im unable to su to user, or ssh, or get infos with ID or getent passwd user. I can kinit into said user though from client, thats why im guessing that ipa-client install worked. And from ipa server off, im also able to login to the user like intended (ssh, su, getent, id works all fine). I added debug_level 9 to sssd but im unable to identify the problem. I pasted down below said log file aswell as the krb5.conf and sssd.conf if there is anything wrong. AD domain is: domain.ad IPA domain is: domain.test User: user I hope someone can help me here :) Best regards, Dani sssd.conf [domain/domain.test] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = domain.test id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipa-client.domain.test chpass_provider = ipa ipa_server = _srv_, ipa.domain.test ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 9 [sssd] services = nss, sudo, pam, ssh domains = domain.test debug_level = 9 [nss] homedir_substring = /home debug_level = 9 [pam] debug_level = 9 [sudo] debug_level = 9 [autofs] [ssh] debug_level = 9 [pac] [ifp] [secrets] [session_recording] krb5.conf #File modified by ipa-client-install includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = domain.TEST dns_lookup_realm = true dns_lookup_kdc = true rdns = false dns_canonicalize_hostname = false ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] domain.TEST = { pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem auth_to_local = RULE:[1:$1@$0](^.*@DOMAIN.AD$)s/@DOMAIN.AD/@domain.ad/ auth_to_local = DEFAULT } [domain_realm] .domain.test = domain.TEST domain.test = domain.TEST ipa-client.domain.test = domain.TEST .DOMAIN.ad = domain.AD domain.ad = domain.AD ad-test.domain.ad = domain.AD Logfile: /var/log/sssd/sssd_domain (Fri Oct 25 15:08:15 2019) [sssd[be[domain.test]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Fri Oct 25 15:08:15 2019) [sssd[be[domain.test]]] [ipa_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules (Fri Oct 25 15:08:15 2019) [sssd[be[domain.test]]] [be_ptask_done] (0x0400): Task [SUDO Full Refresh]: finished successfully (Fri Oct 25 15:08:15 2019) [sssd[be[domain.test]]] [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task 21600 seconds from last execution time [1572030495] (Fri Oct 25 15:08:15 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[(nil)], ldap[0x55a487f688d0] (Fri Oct 25 15:08:15 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_dispatch] (0x4000): dbus conn: 0x55a487f6a870 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][name=user(a)domain.ad] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_attach_req] (0x0400): DP Request [Account #4]: New request. Flags [0x0001]. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.ad is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.ad is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid=user))]. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_print_server] (0x2000): Searching 192.168.14.60:389 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=user))][cn=Default Trust View,cn=views,cn=accounts,dc=domain,dc=test]. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 18 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_add] (0x2000): New operation 18 timeout 6 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[0x55a487f7e000], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_destructor] (0x2000): Operation 18 finished (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaUserOverride)(uid=user))]. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.ad is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_get_acct_info_send] (0x0400): Sending request_type: [REQ_FULL_WITH_MEMBERS] for trust user [user] to IPA server (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 19 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_add] (0x2000): New operation 19 timeout 6 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[0x55a487fac5d0], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[0x55a487fac5d0], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_destructor] (0x2000): Operation 19 finished (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55a487f92830 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55a487f92900 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Running timer event 0x55a487f92830 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f92900 "ltdb_timeout" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f92830 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_search_by_name] (0x0400): No such entry (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_cache_search_groups] (0x2000): Search groups with filter: (&(objectCategory=group)(ghost=user(a)domain.ad)) (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55a487f7d500 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55a487f7d5d0 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Running timer event 0x55a487f7d500 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f7d5d0 "ltdb_timeout" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f7d500 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_cache_search_groups] (0x2000): No such entry (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_done] (0x0400): DP Request [Account #4]: Request handler finished [0]: Success (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [_dp_req_recv] (0x0400): DP Request [Account #4]: Receiving request data. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4]: Finished. Success. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_reply_std] (0x1000): DP Request [Account #4]: Returning [Success]: 0,0,Success (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1::domain.ad:name=user@domain.ad] from reply table (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_destructor] (0x0400): DP Request [Account #4]: Request removed. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[(nil)], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_dispatch] (0x4000): dbus conn: 0x55a487f6a870 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][name=user(a)domain.ad] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_attach_req] (0x0400): DP Request [Account #5]: New request. Flags [0x0001]. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [cn=accounts,dc=domain,dc=test] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_print_server] (0x2000): Searching 192.168.14.60:389 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(|(krbPrincipalName=user@domain.ad)(mail=user@domain.ad)(krbPrincipalName=user\\@domain.ad@domain.TEST))(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=domain,dc=test]. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTSecurityIdentifier] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUserAuthType] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 20 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_add] (0x2000): New operation 20 timeout 6 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[0x55a487f7dc70], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_destructor] (0x2000): Operation 20 finished (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_search_user_process] (0x2000): Retrieved total 0 users (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55a487f97290 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55a487f97360 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Running timer event 0x55a487f97290 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f97360 "ltdb_timeout" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f97290 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_search_by_name] (0x0400): No such entry (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_cache_search_groups] (0x2000): Search groups with filter: (&(objectCategory=group)(ghost=user(a)domain.ad)) (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55a487f96800 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55a487f968d0 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Running timer event 0x55a487f96800 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f968d0 "ltdb_timeout" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f96800 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_cache_search_groups] (0x2000): No such entry (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55a487f72da0 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55a487f72e70 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Running timer event 0x55a487f72da0 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f72e70 "ltdb_timeout" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f72da0 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [user(a)domain.ad] found. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_done] (0x0400): DP Request [Account #5]: Request handler finished [0]: Success (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [_dp_req_recv] (0x0400): DP Request [Account #5]: Receiving request data. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #5]: Finished. Success. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_reply_std] (0x1000): DP Request [Account #5]: Returning [Success]: 0,0,Success (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:U:domain.test:name=user@domain.ad] from reply table (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_destructor] (0x0400): DP Request [Account #5]: Request removed. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[(nil)], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_dispatch] (0x4000): dbus conn: 0x55a487f6a870 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_dispatch] (0x4000): Dispatching. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][name=user(a)domain.ad] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_attach_req] (0x0400): DP Request [Account #6]: New request. Flags [0x0001]. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_attach_req] (0x0400): Number of active DP request: 1 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.ad is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.ad is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.test is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sss_domain_get_state] (0x1000): Domain domain.ad is Active (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_get_acct_info_send] (0x0400): Sending request_type: [REQ_FULL_WITH_MEMBERS] for trust user [user(a)domain.ad] to IPA server (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 21 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_add] (0x2000): New operation 21 timeout 6 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[0x55a487f7d750], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_op_destructor] (0x2000): Operation 21 finished (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55a487f97630 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55a487f97700 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Running timer event 0x55a487f97630 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f97700 "ltdb_timeout" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [ldb] (0x4000): Destroying timer event 0x55a487f97630 "ltdb_callback" (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [user(a)domain.ad] found. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_done] (0x0400): DP Request [Account #6]: Request handler finished [0]: Success (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [_dp_req_recv] (0x0400): DP Request [Account #6]: Receiving request data. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #6]: Finished. Success. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_reply_std] (0x1000): DP Request [Account #6]: Returning [Success]: 0,0,Success (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:U:domain.ad:name=user@domain.ad] from reply table (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_destructor] (0x0400): DP Request [Account #6]: Request removed. (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: sh[0x55a487f69200], connected[1], ops[(nil)], ldap[0x55a487f688d0] (Fri Oct 25 15:08:44 2019) [sssd[be[domain.test]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list

1 month, 1 week

4
6
0 / 0

ipa-replica-install

by Joseph, Matthew

Hello, I'm currently running into an issue when trying to do the ipa-replica-install. I did the ipa-replica-prepare command and copied the replica gpg file to the new replica server and run the following command to do the install Ipa-replica-install -setup-ca -setup-dns -no-forwarders /var/lib/ipa/replica-info-server.domain.ca.gpg I get the following error part way through the process; DatabaseError: Server is unwilling to perform: modification of attribute nsds5replicaleasetimeout is not allowed in replica entry I looked at the log and saw the following' DEBUG The ipa-replica-install command failed, exception: DatabaseError: Server is unwilling to perform: Modification of attribute nsds5replicaleasetimeout is not allowed in replica entry ERROR Server is unwilling to perform: modification of attribute nsds5replicaleasetimeout is not allowed in replica entry I did a search and could not find the nsds5replicaleasetimeoute entry in LDAP. Is this something I can add myself? Or is there something else that needs to be done? I don't see much information on this error when searching. I had a replica before and removed it so I'm not quite sure what is going on with this. The only difference I can see between the 2 replica's is this new one is running a slightly newer version of RHEL, IPA and 389. Master Server information: RHEL 7.1 IPA version 4.1.0-18 389-ds 1.3.3.1-13 Replica Server Information: RHEL 7.7 IPA Version 4.6.5-11 389-ds 1.3.9.1-18 Thanks, Matt

1 month, 1 week

2
1
0 / 0

Freeipa homedir overrides

by Matthias Salzmann

Hello together I'am a newby in Freeipa I have a ( one-side ) cross-forrest trust with an Active Directory Domain. AD user are able to login with ssh on the linux server. That works fine. With sssd i am able to override the homedir. (override_homedir = /home/%u) Unfortunately it is not possible to override the homedir with an additional variable. Example: /home/%g/%u ( %g = $group ) The default group of each user should be included in homedir like /home/merchandising/paul In FreeIpa server i am able to override a user homedir with ID views but only for a single user. Does it anyone knows how i can override the homedir for a special group? Many Thanks Matthias

1 month, 1 week

2
2
0 / 0

Re: Can't resolve external users on clients, but I can on servers

by TOULMONDE Sébastien (SPC/DCS)

Hi Sumit, I'll try to search if there's any duplicates, but it seems unlikely... Nevertheless - this bug is only hit when the domain search order is null? Thanks, Seb. This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer

1 month, 1 week

2
1
0 / 0

Re: Can't resolve external users on clients, but I can on servers

by TOULMONDE Sébastien (SPC/DCS)

Ok, so here’s the solution I found almost by accident… If I specify the domain search order to ‘ad.domain:ipa.domain’ -> the clients can now resolve the external users If, for whatever reason, the search order is empty, the clients are back to ipa-only resolve… Hope it helps someone 😊 Sébastien Toulmonde Linux Engineering | ITS Linux CC M +32 (0)475 49 81 45 [Proximus]<http://www.proximus.be/> Connect with us on: [Proximus Facebook]<https://www.facebook.com/proximusBe> [Proximus Twitter] <https://twitter.com/proximus> [Proximus YouTube] <https://www.youtube.com/proximus> [Proximus LinkedIn] <https://www.linkedin.com/company/proximus> This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer

1 month, 1 week

2
1
0 / 0

2019

2018

2017

FreeIPA-users October 2019