November 2021 - FreeIPA-users - Fedora mailing-lists

FreeIPA, SSO and daily(?) OTP
by Djerk Geurts 24 Nov '21

24 Nov '21

Hi all, I'm looking to implement OTP on FreeIPA, but would prefer not to keep requesting users enter their OTP each login. In fact I get users to add their public key to their profile when adding them to FreeIPA so they can SSH to hosts using SSO auth. In the same way when they connect to a (bastion) jumphost .bashrc checks if they have a valid Kerberos ticket and issues kinit if they don't have one. What I'm after is the following: * User connects to a jumphost and is prompted for their IPA password and 2FA code on login. Checking for a valid Kerberos ticket in .bashrc works as even if a user does certificate auth to the jumphost the kinit will prompt for a password. Which is fine, as it only happens when there's no valid Kerberos ticket. * User connects through the jumphost (to other hosts, Kerberos and the client certificate ensures that this is fully SSO as far as user experience goes. * A user should be prompted for a OTP (once) every 24 hours. I want to add 2FA to this process, but only for obtaining the Kerberos ticket, not for subsequent logins. So my questions: * Will adding 2FA break the SSO and prompt a user for a OTP on each connection they make to a host? * If it does, is it possible to only prompt for a OTP on the first connection made by the user. I trust Kerberos auth for SSO, I just want to add 2FA to obtaining a valid Kerberos ticket. Maybe I'm over thinking things, but I'd like to have a firm understanding on how 2FA changes things before deploying it. Thanks, Djerk Geurts

2 1

sudorules attribute "entryuuid" not allowed
by Kees Bakker 23 Nov '21

23 Nov '21

Hi, On my Centos 7 master there was this error message [19/Nov/2021:11:16:11.863597190 +0100] - ERR - oc_check_allowed_sv - Entry "ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com" -- attribute "entryuuid" not allowed [19/Nov/2021:11:16:26.331298112 +0100] - ERR - oc_check_allowed_sv - Entry "ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com" -- attribute "entryuuid" not allowed [19/Nov/2021:11:16:45.264647201 +0100] - ERR - oc_check_allowed_sv - Entry "ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com" -- attribute "entryuuid" not allowed The sudorule was add via the web-GUI on a Centos 8stream master. The replication more or less succeeded, besides this error message. However, * checkipaconsistency reports "LDAP Conflicts" (the Centos 7 master has count 1, the other masters have count 0) * ipa-healthcheck reports an error too [ { "source": "ipahealthcheck.ds.replication", "kw": { "msg": "Replication conflict", "glue": false, "conflict": "Schema violation", "key": "ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=ghs,dc=nl" }, "uuid": "01d364fc-e48e-44bd-9ea8-63db1e800788", "duration": "0.001689", "when": "20211122070012Z", "check": "ReplicationConflictCheck", "result": "ERROR" } ] Any advise how to get rid of the error messages would be greatly appreciated. -- Kees

3 7

sudo doesn't work with AD groups
by Nathanaël Blanchet 23 Nov '21

23 Nov '21

Hello, I'm running a 4.9 server. I added an AD as an external group in a sudo rule following: ipa sudorule-add-user "admins" --groups "admins du domaine(a)levant.abes.fr" I notice two kinds of comportment on the guests: * el8 with 4.9 client can successfully sudo * el7 with 4.6 client are not allowed to perform sudo (no rule matching in the logs) Now, if I use the old way to do, i.e: * create a non POSIX external group containing "admins du domaine(a)levant.abes.fr" * and add that group to a POSIX group ipa sudorule-add-user "admins" --groups ad_admins_external I can perform sudo in any case. My deduction is that there is something not backported in the el7 4.6 client that does exist int el8 4.9 client. I suppose there shouldn't be any restriction to make the 4.6 client work in this case. So is this a bug? Second question: I've been looking for a long time a way to get the el7 4.9 client, but it doesn't seem to exist (maybe compile from sources). Why is this client not packaged for el7 ? -- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet(a)abes.fr

2 1

Deleting this server is not allowed as it would leave your installation without a KRA.
by Jochen Kellner 23 Nov '21

23 Nov '21

Hi, I'm about to decomission one of my IPA replicas running on up to date fedora 35 (freeipa-server-common-4.9.7-4.fc35.noarch). On my CA renewal master (freeipa1.example.org) I try to remove freeipa4.example.org: [root@freeipa1 ~]# ipa server-del freeipa4.example.org Removing freeipa4.example.org from replication topology, please wait... ipa: ERROR: Server removal aborted: Deleting this server is not allowed as it would leave your installation without a KRA.. I think the message is wrong: [root@freeipa1 ~]# ipa server-role-find --role="KRA server" --status=enabled ---------------------- 4 server roles matched ---------------------- Server name: freeipa1.example.org Role name: KRA server Role status: enabled Server name: freeipa2.example.org Role name: KRA server Role status: enabled Server name: freeipa3.example.org Role name: KRA server Role status: enabled Server name: freeipa4.example.org Role name: KRA server Role status: enabled ---------------------------- Number of entries returned 4 ---------------------------- I had a took at plugins/server.py: 509 if self.api.Command.ca_is_enabled()['result']: 510 try: 511 roles = self.api.Command.server_role_find( 512 server_server=hostname, =====> Do we really need to search for the hostname here? We will always find out that there is only one server left... When I remove that parameter deletion would continue - but I didn't really run the rest of the deletion yet. ipa server-role-find --server=freeipa4.example.org --role="KRA server" really returns one entry. 513 role_servrole='KRA server', 514 status='enabled', 515 include_master=True, 516 )['result'] 517 except errors.NotFound: 518 roles = () 519 if len(roles) == 1 and roles[0]['server_server'] == hostname: 520 handler( 521 _("Deleting this server is not allowed as it would " 522 "leave your installation without a KRA."), 523 ignore_last_of_role) The commit that added the code was https://github.com/freeipa/freeipa/commit/10bd66dd1a14fc0bd39c489d0d0af76b0… and should fix https://pagure.io/freeipa/issue/8397 Do I miss something else? Jochen -- This space is intentionally left blank.

2 2

freeipa upgrade from CentOS7 -> CentOS8 results in SSSD backtrace (but still functional)
by Andrei Neagoe 22 Nov '21

22 Nov '21

Hello, I'm in the middle of an upgrade from CentOS7 to CentOS8 of the existing FreeIPA master and replicas. I've added new replicas on CentOS8 and everything went seemingly find. Health checks don't report any issues, I can login to web interfaces and run ipa admin commands on them. However, I've noticed sssd backtraces that were not there before. I'm wondering where these are coming from and if this is an actual issue or not. I've included a full trace below for reference. Thanks a lot in advance! (2021-11-17 16:21:58): [be[redacted-domain.com]] [server_setup] (0x1f7c0): Starting with debug level = 0x0070 (2021-11-17 16:21:59): [be[redacted-domain.com]] [sysdb_range_create] (0x0040): [RID#1] Invalid range, skipping. Expected that either the secondary base RID or the SID of the trusted domain is set, but not both or none of them. ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_group_external_member has value ipaExternalMember * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_object_class has value ipaNisNetgroup * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_member has value member * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_of has value memberOf * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_user has value memberUser * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_host has value memberHost * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_member_ext_host has value externalHost * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_domain has value nisDomainName * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_netgroup_uuid has value ipaUniqueID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_host_object_class has value ipaHost * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_host_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_host_fqdn has value fqdn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_host_serverhostname has value serverHostname * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_host_member_of has value memberOf * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_host_ssh_public_key has value ipaSshPubKey * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_host_uuid has value ipaUniqueID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_hostgroup_objectclass has value ipaHostgroup * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_hostgroup_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_hostgroup_memberof has value memberOf * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_hostgroup_uuid has value ipaUniqueID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_service_object_class has value ipService * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_service_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_service_port has value ipServicePort * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_service_proto has value ipServiceProtocol * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_service_entry_usn has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_object_class has value ipaselinuxusermap * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_user has value memberUser * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_host has value memberHost * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_see_also has value seeAlso * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_selinux_user has value ipaSELinuxUser * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_enabled has value ipaEnabledFlag * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_user_category has value userCategory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_host_category has value hostCategory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_selinux_usermap_uuid has value ipaUniqueID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_view_class has value nsContainer * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_view_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_override_object_class has value ipaOverrideAnchor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_anchor_uuid has value ipaAnchorUUID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_user_override_object_class has value ipaUserOverride * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_group_override_object_class has value ipaGroupOverride * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_name has value uid * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_gid_number has value gidNumber * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_home_directory has value homeDirectory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_group_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_ssh_public_key has value ipaSshPubKey * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_user_certificate has value userCertificate;binary * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_update is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_update_per_family is TRUE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_refresh_interval has value 0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_iface has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_ttl has value 1200 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_update_ptr is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_force_tcp is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_auth has value gss-tsig * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_auth_ptr has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option dyndns_server has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_init_dyndns] (0x0100): Dynamic DNS updates are off. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_id_setup_tasks] (0x0400): Setting up enumeration for redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_create] (0x0400): Periodic task [Enumeration [id] of redacted-domain.com] was created * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_schedule] (0x0400): Task [Enumeration [id] of redacted-domain.com] scheduling task 10 seconds from now [1637166128] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to DNS * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_fo_set_srv_lookup_plugin] (0x0400): SRV lookup plugin is now DNS * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sysdb_get_certmap] (0x0400): No certificate maps found. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_setup_certmap] (0x4000): No certmap data, nothing to do. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_domain has value redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_server has value equator.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_backup_server has value alien.redacted-domain.com,bingo.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hostname has value etestvm1.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value cn=hbac,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_host_search_base has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value cn=selinux,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value cn=trusts,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has value cn=ad,cn=etc,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option krb5_realm has value REDACTED-DOMAIN.COM * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_selinux_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_automount_location has value default * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value cn=ranges,cn=etc,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_server_mode is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value cn=views,cn=accounts,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_search_base has value cn=desktop-profile,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_request_interval has value 60 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_server has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_backup_server has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_realm has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_ccachedir has value /tmp * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_ccname_template has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_auth_timeout has value 6 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_keytab has value /etc/krb5.keytab * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_validate is TRUE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_kpasswd has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_backup_kpasswd has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_store_password_if_offline is TRUE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_renewable_lifetime has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_lifetime has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_renew_interval has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_use_fast has value try * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_fast_principal has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_canonicalize is TRUE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_use_enterprise_principal is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_use_kdcinfo is TRUE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_kdcinfo_lookahead has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_map_user has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_get_options] (0x0400): Option krb5_use_subdomain_realm is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy option * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_get_auth_options] (0x0400): Option krb5_realm set to REDACTED-DOMAIN.COM * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_get_auth_options] (0x0100): Option krb5_fast_principal set to host/etestvm1.redacted-domain.com(a)REDACTED-DOMAIN.COM * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_get_auth_options] (0x0100): Option krb5_use_kdcinfo set to true * (2021-11-17 16:21:58): [be[redacted-domain.com]] [check_lifetime] (0x0200): No lifetime configured. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [check_lifetime] (0x0200): No lifetime configured. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sss_krb5_check_options] (0x0100): No KDC explicitly configured, using defaults. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sss_krb5_check_options] (0x0100): No kpasswd server explicitly configured, using the KDC or defaults. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [parse_krb5_map_user] (0x0100): krb5_map_user is empty! * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [id] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [auth] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [auth] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [access] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [access] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_domain has value redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_server has value equator.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_backup_server has value alien.redacted-domain.com,bingo.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hostname has value etestvm1.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value cn=hbac,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_host_search_base has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value cn=selinux,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value cn=trusts,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has value cn=ad,cn=etc,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option krb5_realm has value REDACTED-DOMAIN.COM * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_selinux_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_automount_location has value default * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value cn=ranges,cn=etc,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_server_mode is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value cn=views,cn=accounts,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_search_base has value cn=desktop-profile,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_request_interval has value 60 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [chpass] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [chpass] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [sudo] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [sudo] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sssm_ipa_sudo_init] (0x2000): Initializing IPA sudo handler * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_sudo_init] (0x2000): Initializing IPA sudo back end * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_sudo_choose_schema] (0x0400): Option ldap_sudo_search_base set to cn=sudo,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_sudo_init] (0x0400): Using IPA schema for sudo * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_object_class has value ipasudorule * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_uuid has value ipaUniqueID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_enabled_flag has value ipaEnabledFlag * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_option has value ipaSudoOpt * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_runasuser has value ipaSudoRunAs * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_runasgroup has value ipaSudoRunAsGroup * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_allowcmd has value memberAllowCmd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_denycmd has value memberDenyCmd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_host has value memberHost * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_user has value memberUser * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_notafter has value sudoNotAfter * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_notbefore has value sudoNotBefore * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_sudoorder has value sudoOrder * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_cmdcategory has value cmdCategory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_hostcategory has value hostCategory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_usercategory has value userCategory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_runasusercategory has value ipaSudoRunAsUserCategory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_runasgroupcategory has value ipaSudoRunAsGroupCategory * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_runasextuser has value ipaSudoRunAsExtUser * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_runasextgroup has value ipaSudoRunAsExtGroup * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_runasextusergroup has value ipaSudoRunAsExtUserGroup * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_externaluser has value externalUser * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudorule_entry_usn has value entryUSN * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmdgroup_object_class has value ipasudocmdgrp * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmdgroup_uuid has value ipaUniqueID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmdgroup_name has value cn * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmdgroup_member has value member * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmdgroup_entry_usn has value entryUSN * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmd_object_class has value ipasudocmd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmd_uuid has value ipaUniqueID * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmd_sudoCmd has value sudoCmd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ipa_sudocmd_memberof has value memberOf * (2021-11-17 16:21:58): [be[redacted-domain.com]] [common_parse_search_base] (0x0100): Search base added: [SUDO][cn=sudo,dc=redacted-domain,dc=com][SUBTREE][] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_create] (0x0400): Periodic task [SUDO Full Refresh] was created * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task 10 seconds from now [1637166128] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_create] (0x0400): Periodic task [SUDO Smart Refresh] was created * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_schedule] (0x0400): Task [SUDO Smart Refresh]: scheduling task 910 seconds from now [1637167028] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [autofs] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [autofs] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sssm_ipa_autofs_init] (0x2000): Initializing IPA autofs handler * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_autofs_init] (0x2000): Initializing autofs IPA back end * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_get_autofs_options] (0x1000): Option ldap_autofs_search_base set to cn=default,cn=automount,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][cn=default,cn=automount,dc=redacted-domain,dc=com][SUBTREE][] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_autofs_map_object_class has value automountMap * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_autofs_map_name has value automountMapName * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_object_class has value automount * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_key has value automountKey * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_map] (0x0400): Option ldap_autofs_entry_value has value automountInformation * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [selinux] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [selinux] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [hostid] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [hostid] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sssm_ipa_hostid_init] (0x2000): Initializing IPA host handler * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [subdomains] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [subdomains] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sssm_ipa_subdomains_init] (0x2000): Initializing IPA subdomains handler * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_create] (0x0400): Periodic task [Subdomains Refresh] was created * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_ptask_schedule] (0x0400): Task [Subdomains Refresh]: scheduling task 600 seconds from now [1637166718] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_subdom_reinit] (0x2000): Re-initializing domain redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sss_write_krb5_localauth_snippet] (0x0200): File for localauth plugin configuration is [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sss_write_krb5_libdefaults_snippet] (0x0200): File for KRB5 kibdefaults configuration is [/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sss_domain_get_state] (0x1000): Domain redacted-domain.com is Active * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sss_write_domain_mappings] (0x0200): Mapping file for domain [redacted-domain.com] is [/var/lib/sss/pubconf/krb5.include.d/domain_realm_redacted-domain.com] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [session] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_run_constructor] (0x0400): Executing target [session] constructor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_domain has value redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_server has value equator.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_backup_server has value alien.redacted-domain.com,bingo.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hostname has value etestvm1.redacted-domain.com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value cn=hbac,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_host_search_base has no value * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value cn=selinux,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value cn=trusts,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has value cn=ad,cn=etc,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option krb5_realm has value REDACTED-DOMAIN.COM * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_selinux_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_automount_location has value default * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value cn=ranges,cn=etc,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_server_mode is FALSE * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value cn=views,cn=accounts,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_search_base has value cn=desktop-profile,dc=redacted-domain,dc=com * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_refresh has value 5 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_copy_options_ex] (0x0400): Option ipa_deskprofile_request_interval has value 60 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0400): Initializing target [resolver] with module [ipa] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_load_module] (0x0400): Module [ipa] is already loaded. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_target_init] (0x0100): Target [resolver] is not supported by module [ipa]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface sssd.DataProvider.Client on path /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface sssd.DataProvider.Backend on path /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface sssd.DataProvider.Failover on path /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface sssd.DataProvider.AccessControl on path /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface sssd.dataprovider on path /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface sssd.DataProvider.Autofs on path /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dbus_connect_address] (0x0400): Connected to unix:path=/var/lib/sss/pipes/private/sbus-monitor bus as sssd.domain_redacted_2ddomain_2ecom * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_add] (0x2000): Created a disabled -/W watch on 19 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 19 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_listen] (0x0400): Registering signal listener org.freedesktop.DBus.NameOwnerChanged on path /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_listen] (0x0400): Registering signal listener org.freedesktop.DBus.NameAcquired on path /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface sssd.service on path /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [become_user] (0x0200): Trying to become user [0][0]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [become_user] (0x0200): Already user [0]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_initialized] (0x0400): Backend provider (redacted-domain.com) started! * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameAcquired on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameAcquired on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_acquired] (0x0400): D-Bus name acquired: :1.3 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameAcquired: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_acquired] (0x0400): D-Bus name acquired: sssd.domain_redacted_2ddomain_2ecom * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameAcquired: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.1: org.freedesktop.DBus.NameOwnerChanged * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.1: org.freedesktop.DBus.NameAcquired * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sss_monitor_service_init_done] (0x0100): Got id ack and version (1) from Monitor * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_new_connection] (0x0200): Adding connection 0x560bb57f62e0. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_add] (0x2000): Created a disabled -/W watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x560bb5783920] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 20 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.Hello on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_new_connection] (0x0200): Adding connection 0x560bb57f9c50. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_add] (0x2000): Created a disabled -/W watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x560bb57e3410] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_hello] (0x4000): Assigning unique name :1.2 to connection 0x560bb57ee950 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.Hello: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.2 has changed from [] to [:1.2] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.RequestName on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_request_name] (0x0400): Requesting name: sssd.sudo * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.RequestName: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 21 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_new_connection] (0x0200): Adding connection 0x560bb57ff920. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_add] (0x2000): Created a disabled -/W watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x560bb57e9a80] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.sudo has changed from [] to [sssd.sudo] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.2: org.freedesktop.DBus.NameOwnerChanged * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.2: org.freedesktop.DBus.NameAcquired * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_new_connection] (0x0200): Adding connection 0x560bb5805140. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_add] (0x2000): Created a disabled -/W watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x560bb58040c0] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.DataProvider.Client.Register on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.sudo] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_new_connection] (0x0200): Adding connection 0x560bb5809150. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path / * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path /* * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_add] (0x2000): Created a disabled -/W watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x560bb5803bd0] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.sudo] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_add] (0x2000): Inserting identity of sender [sssd.sudo]: 0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Added Frontend client [sudo] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x560bb5783920] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): sssd.DataProvider.Client.Register: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 23 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 24 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.Hello on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_hello] (0x4000): Assigning unique name :1.3 to connection 0x560bb5805500 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.Hello: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.Hello on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_hello] (0x4000): Assigning unique name :1.4 to connection 0x560bb58094b0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.Hello: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.3 has changed from [] to [:1.3] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.4 has changed from [] to [:1.4] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.RequestName on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_request_name] (0x0400): Requesting name: sssd.nss * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.RequestName: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.RequestName on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_request_name] (0x0400): Requesting name: sssd.ssh * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.RequestName: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.nss has changed from [] to [sssd.nss] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.ssh has changed from [] to [sssd.ssh] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.3: org.freedesktop.DBus.NameOwnerChanged * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.3: org.freedesktop.DBus.NameAcquired * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.DataProvider.Client.Register on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.nss] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 22 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.nss] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_add] (0x2000): Inserting identity of sender [sssd.nss]: 0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Added Frontend client [nss] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x560bb58040c0] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): sssd.DataProvider.Client.Register: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.Hello on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_hello] (0x4000): Assigning unique name :1.5 to connection 0x560bb57ffc80 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.Hello: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.5 has changed from [] to [:1.5] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.RequestName on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_request_name] (0x0400): Requesting name: sssd.pac * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.RequestName: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.Hello on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_hello] (0x4000): Assigning unique name :1.6 to connection 0x560bb57f9fe0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.Hello: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.pac has changed from [] to [sssd.pac] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.6 has changed from [] to [:1.6] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.5: org.freedesktop.DBus.NameOwnerChanged * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.5: org.freedesktop.DBus.NameAcquired * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.4 has changed from [] to [:1.4] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.sudo has changed from [] to [sssd.sudo] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.5 has changed from [] to [:1.5] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.DataProvider.Client.Register on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pac] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getDomains on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.sudo] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_attach_req] (0x0400): [RID#1] DP Request [Subdomains #1]: REQ_TRACE: New request. Flags [0000]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_attach_req] (0x0400): [RID#1] Number of active DP request: 1 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_id_op_connect_step] (0x4000): [RID#1] beginning to connect * (2021-11-17 16:21:58): [be[redacted-domain.com]] [fo_resolve_service_send] (0x0100): [RID#1] Trying to resolve service 'IPA' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [get_server_status] (0x1000): [RID#1] Status of server 'equator.redacted-domain.com' is 'name not resolved' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [get_port_status] (0x1000): [RID#1] Port status of port 0 for server 'equator.redacted-domain.com' is 'neutral' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [fo_resolve_service_activate_timeout] (0x2000): [RID#1] Resolve timeout [dns_resolver_timeout] set to 6 seconds * (2021-11-17 16:21:58): [be[redacted-domain.com]] [get_server_status] (0x1000): [RID#1] Status of server 'equator.redacted-domain.com' is 'name not resolved' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_is_address] (0x4000): [RID#1] [equator.redacted-domain.com] does not look like an IP address * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_step] (0x2000): [RID#1] Querying files * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_files_send] (0x0100): [RID#1] Trying to resolve A record of 'equator.redacted-domain.com' in files * (2021-11-17 16:21:58): [be[redacted-domain.com]] [set_server_common_status] (0x0100): [RID#1] Marking server 'equator.redacted-domain.com' as 'resolving name' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_step] (0x2000): [RID#1] Querying files * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_files_send] (0x0100): [RID#1] Trying to resolve AAAA record of 'equator.redacted-domain.com' in files * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_next] (0x0200): [RID#1] No more address families to retry * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_step] (0x2000): [RID#1] Querying DNS * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_dns_query] (0x0100): [RID#1] Trying to resolve A record of 'equator.redacted-domain.com' in DNS * (2021-11-17 16:21:58): [be[redacted-domain.com]] [schedule_request_timeout] (0x2000): [RID#1] Scheduling a timeout of 3 seconds * (2021-11-17 16:21:58): [be[redacted-domain.com]] [schedule_timeout_watcher] (0x2000): [RID#1] Scheduling DNS timeout watcher * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.RequestName on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_server_bus_request_name] (0x0400): Requesting name: sssd.pam * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.RequestName: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pac] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_add] (0x2000): Inserting identity of sender [sssd.pac]: 0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Added Frontend client [pac] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x560bb57e9a80] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): sssd.DataProvider.Client.Register: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [unschedule_timeout_watcher] (0x4000): [RID#1] Unscheduling DNS timeout watcher * (2021-11-17 16:21:58): [be[redacted-domain.com]] [resolv_gethostbyname_dns_parse] (0x1000): [RID#1] Parsing an A reply * (2021-11-17 16:21:58): [be[redacted-domain.com]] [request_watch_destructor] (0x0400): [RID#1] Deleting request watch * (2021-11-17 16:21:58): [be[redacted-domain.com]] [set_server_common_status] (0x0100): [RID#1] Marking server 'equator.redacted-domain.com' as 'name resolved' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_resolve_server_process] (0x1000): [RID#1] Saving the first resolved server * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_resolve_server_process] (0x0200): [RID#1] Found address for server equator.redacted-domain.com: [10.10.0.37] TTL 71 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [ipa_resolve_callback] (0x0400): [RID#1] Constructed uri 'ldap://equator.redacted-domain.com' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [unique_filename_destructor] (0x2000): [RID#1] Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_b3vuow] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [unlink_dbg] (0x2000): [RID#1] File already removed: [/var/lib/sss/pubconf/.krb5info_dummy_b3vuow] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sssd_async_socket_init_send] (0x4000): [RID#1] Using file descriptor [25] for the connection. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sssd_async_socket_init_send] (0x0400): [RID#1] Setting 6 seconds timeout [ldap_network_timeout] for connecting * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.pam has changed from [] to [sssd.pam] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.6: org.freedesktop.DBus.NameOwnerChanged * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.6: org.freedesktop.DBus.NameAcquired * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_ldap_connect_callback_add] (0x4000): [RID#1] New connection to [ldap://equator.redacted-domain.com:389/??base] with fd [25] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_rootdse_send] (0x4000): [RID#1] Getting rootdse * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_print_server] (0x2000): [RID#1] Searching 10.10.0.37:389 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with [(objectclass=*)][]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [*] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [altServer] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [namingContexts] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [supportedControl] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [supportedExtension] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [supportedFeatures] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [supportedLDAPVersion] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [supportedSASLMechanisms] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [domainControllerFunctionality] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [defaultNamingContext] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [lastUSN] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [highestCommittedUSN] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x2000): [RID#1] ldap_search_ext called, msgid = 1 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_op_add] (0x2000): [RID#1] New operation 1 timeout 6 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.pac has changed from [] to [sssd.pac] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.DataProvider.Client.Register on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pam] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getDomains on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pac] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_requests_add] (0x4000): Chaining request: 0:0:sssd.dataprovider.getDomains:/sssd: * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.4: org.freedesktop.DBus.NameOwnerChanged * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.4: org.freedesktop.DBus.NameAcquired * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.6 has changed from [] to [:1.6] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pam] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_add] (0x2000): Inserting identity of sender [sssd.pam]: 0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.DataProvider.Client.Register on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.ssh] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Added Frontend client [pam] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x560bb57e3410] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): sssd.DataProvider.Client.Register: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: sh[0x560bb57ed2b0], connected[1], ops[0x560bb5813d60], ldap[0x560bb581c170] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_entry] (0x1000): [RID#1] OriginalDN: []. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [objectClass] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [vendorName] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [vendorVersion] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [dataversion] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [netscapemdsuffix] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [changeLog] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [firstchangenumber] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [lastchangenumber] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipatopologypluginversion] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipatopologyismanaged] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaDomainLevel] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [namingContexts] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [supportedControl] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [supportedExtension] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [supportedFeatures] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [supportedLDAPVersion] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [supportedSASLMechanisms] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [defaultNamingContext] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [lastUSN] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: sh[0x560bb57ed2b0], connected[1], ops[0x560bb5813d60], ldap[0x560bb581c170] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_op_destructor] (0x2000): [RID#1] Operation 1 finished * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_rootdse_done] (0x2000): [RID#1] Got rootdse * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_rootdse_done] (0x2000): [RID#1] Skipping auto-detection of match rule * (2021-11-17 16:21:58): [be[redacted-domain.com]] [get_naming_context] (0x0200): [RID#1] Using value from [defaultNamingContext] as naming context. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_set_search_base] (0x0100): [RID#1] Setting option [ldap_sudo_search_base] to [dc=redacted-domain,dc=com]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [common_parse_search_base] (0x0100): [RID#1] Search base added: [SUDO][dc=redacted-domain,dc=com][SUBTREE][] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_set_search_base] (0x0100): [RID#1] Setting option [ldap_iphost_search_base] to [dc=redacted-domain,dc=com]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [common_parse_search_base] (0x0100): [RID#1] Search base added: [IPHOST][dc=redacted-domain,dc=com][SUBTREE][] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_set_search_base] (0x0100): [RID#1] Setting option [ldap_ipnetwork_search_base] to [dc=redacted-domain,dc=com]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [common_parse_search_base] (0x0100): [RID#1] Search base added: [IPNETWORK][dc=redacted-domain,dc=com][SUBTREE][] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_server_opts_from_rootdse] (0x4000): [RID#1] USN value: 9804 (int: 9804) * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_kinit_send] (0x0400): [RID#1] Attempting kinit (default, host/etestvm1.redacted-domain.com, REDACTED-DOMAIN.COM, 86400) * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_kinit_next_kdc] (0x1000): [RID#1] Resolving next KDC for service IPA * (2021-11-17 16:21:58): [be[redacted-domain.com]] [fo_resolve_service_send] (0x0100): [RID#1] Trying to resolve service 'IPA' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [get_server_status] (0x1000): [RID#1] Status of server 'equator.redacted-domain.com' is 'name resolved' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [fo_resolve_service_activate_timeout] (0x2000): [RID#1] Resolve timeout [dns_resolver_timeout] set to 6 seconds * (2021-11-17 16:21:58): [be[redacted-domain.com]] [get_server_status] (0x1000): [RID#1] Status of server 'equator.redacted-domain.com' is 'name resolved' * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_resolve_server_process] (0x1000): [RID#1] Saving the first resolved server * (2021-11-17 16:21:58): [be[redacted-domain.com]] [be_resolve_server_process] (0x0200): [RID#1] Found address for server equator.redacted-domain.com: [10.10.0.37] TTL 71 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_kinit_kdc_resolved] (0x1000): [RID#1] KDC resolved, attempting to get TGT... * (2021-11-17 16:21:58): [be[redacted-domain.com]] [create_tgt_req_send_buffer] (0x0400): [RID#1] buffer size: 66 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [child_handler_setup] (0x2000): [RID#1] Setting up signal handler up for pid [94991] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [child_handler_setup] (0x2000): [RID#1] Signal handler set up for pid [94991] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [set_tgt_child_timeout] (0x0400): [RID#1] Setting 8 seconds timeout for TGT child * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: sh[0x560bb57ed2b0], connected[1], ops[(nil)], ldap[0x560bb581c170] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [write_pipe_handler] (0x0400): [RID#1] All data has been sent! * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.ssh] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_add] (0x2000): Inserting identity of sender [sssd.ssh]: 0 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Added Frontend client [ssh] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x560bb5803bd0] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): sssd.DataProvider.Client.Register: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.7 has changed from [] to [:1.7] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.pam has changed from [] to [sssd.pam] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.ssh has changed from [] to [sssd.ssh] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getDomains on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pam] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_requests_add] (0x4000): Chaining request: 0:0:sssd.dataprovider.getDomains:/sssd: * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getDomains on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.ssh] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_requests_add] (0x4000): Chaining request: 0:0:sssd.dataprovider.getDomains:/sssd: * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner :1.8 has changed from [] to [:1.8] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.nss has changed from [] to [sssd.nss] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_dispatch] (0x4000): Dispatching. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getDomains on /sssd * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.nss] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sbus_requests_add] (0x4000): Chaining request: 0:0:sssd.dataprovider.getDomains:/sssd: * (2021-11-17 16:21:58): [be[redacted-domain.com]] [child_sig_handler] (0x1000): [RID#1] Waiting for child [94991]. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [child_sig_handler] (0x0100): [RID#1] child [94991] finished successfully. * (2021-11-17 16:21:58): [be[redacted-domain.com]] [read_pipe_handler] (0x0400): [RID#1] EOF received, client finished * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_get_tgt_recv] (0x0400): [RID#1] Child responded: 0 [FILE:/var/lib/sss/db/ccache_REDACTED-DOMAIN.COM] expired on [1637252518] * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_cli_auth_step] (0x0100): [RID#1] expire timeout is 900 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sdap_cli_auth_step] (0x1000): [RID#1] the connection will expire at 1637167018 * (2021-11-17 16:21:58): [be[redacted-domain.com]] [sasl_bind_send] (0x0100): [RID#1] Executing sasl bind mech: GSSAPI, user: host/etestvm1.redacted-domain.com * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_cli_connect_recv] (0x0400): [RID#1] Connection established. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [_be_fo_set_port_status] (0x8000): [RID#1] Setting status: PORT_WORKING. Called from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv: 2145 * (2021-11-17 16:21:59): [be[redacted-domain.com]] [fo_set_port_status] (0x0100): [RID#1] Marking port 0 of server 'equator.redacted-domain.com' as 'working' * (2021-11-17 16:21:59): [be[redacted-domain.com]] [set_server_common_status] (0x0100): [RID#1] Marking server 'equator.redacted-domain.com' as 'working' * (2021-11-17 16:21:59): [be[redacted-domain.com]] [fo_set_port_status] (0x0400): [RID#1] Marking port 0 of duplicate server 'equator.redacted-domain.com' as 'working' * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_id_op_connect_done] (0x4000): [RID#1] notify connected to op #1 * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_search_bases_ex_next_base] (0x0400): [RID#1] Issuing LDAP lookup with base [cn=ranges,cn=etc,dc=redacted-domain,dc=com] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_print_server] (0x2000): [RID#1] Searching 10.10.0.37:389 * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=redacted-domain,dc=com]. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [objectClass] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [cn] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaBaseID] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaBaseRID] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaSecondaryBaseRID] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaIDRangeSize] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTTrustedDomainSID] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaRangeType] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaAutoPrivateGroups] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_ext_step] (0x2000): [RID#1] ldap_search_ext called, msgid = 5 * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_op_add] (0x2000): [RID#1] New operation 5 timeout 6 * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_id_op_connect_done] (0x4000): [RID#1] caching successful connection after 1 notifies * (2021-11-17 16:21:59): [be[redacted-domain.com]] [be_run_unconditional_online_cb] (0x4000): [RID#1] List of unconditional online callbacks is empty, nothing to do. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [be_run_online_cb] (0x0080): [RID#1] Going online. Running callbacks. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: sh[0x560bb57ed2b0], connected[1], ops[0x560bb5838b90], ldap[0x560bb581c170] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_entry] (0x1000): [RID#1] OriginalDN: [cn=REDACTED-DOMAIN.COM_id_range,cn=ranges,cn=etc,dc=redacted-domain,dc=com]. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [objectClass] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [cn] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaBaseID] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaIDRangeSize] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaRangeType] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: sh[0x560bb57ed2b0], connected[1], ops[0x560bb5838b90], ldap[0x560bb581c170] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: sh[0x560bb57ed2b0], connected[1], ops[0x560bb5838b90], ldap[0x560bb581c170] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_entry] (0x1000): [RID#1] OriginalDN: [cn=REDACTED-DOMAIN.COM_new_range,cn=ranges,cn=etc,dc=redacted-domain,dc=com]. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [objectClass] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [cn] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaBaseID] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaIDRangeSize] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaRangeType] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_result] (0x2000): Trace: sh[0x560bb57ed2b0], connected[1], ops[0x560bb5838b90], ldap[0x560bb581c170] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_op_destructor] (0x2000): [RID#1] Operation 5 finished * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sdap_search_bases_ex_done] (0x0400): [RID#1] Receiving data from base [cn=ranges,cn=etc,dc=redacted-domain,dc=com] * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sysdb_update_ranges] (0x0400): [RID#1] Adding range [REDACTED-DOMAIN.COM_id_range]. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sysdb_range_create] (0x0040): [RID#1] Invalid range, skipping. Expected that either the secondary base RID or the SID of the trusted domain is set, but not both or none of them. ********************** BACKTRACE DUMP ENDS HERE ********************************* (2021-11-17 16:21:59): [be[redacted-domain.com]] [sysdb_range_create] (0x0040): [RID#1] Invalid range, skipping. Expected that either the secondary base RID or the SID of the trusted domain is set, but not both or none of them. ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sysdb_update_ranges] (0x0400): [RID#1] Adding range [REDACTED-DOMAIN.COM_new_range]. * (2021-11-17 16:21:59): [be[redacted-domain.com]] [sysdb_range_create] (0x0040): [RID#1] Invalid range, skipping. Expected that either the secondary base RID or the SID of the trusted domain is set, but not both or none of them. ********************** BACKTRACE DUMP ENDS HERE *********************************

3 9

Unable to find certificates
by Tania Hagan 22 Nov '21

22 Nov '21

Hi FreeIPA-users, I am running the following: os: CentOs Linux 8.4.2105 ipa version: 4.9.2 pki-server: 10.10.5-3.module_el8.4.0+816+beb6e9a3 When searching for certificates in the command line (ipa cert-find) I see: ipa ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (500) and in the web GUI i see: IPA Error 4301: CertificateOperationError/ Certificate operation cannot be completed: Unable to communicate with CMS (500) If I run ipa cert-show 1 I see my cert does not expire until after 2037 and if I run getcert list the status is MONITORING and certs do not expire until 2023. If I look in /var/log/pki/pki-tomcat/ca/debug.log I see the following: at com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754) at com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110) at org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at sun.reflect.GeneratedMethodAccessor40.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at sun.reflect.GeneratedMethodAccessor39.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:428) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) at com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:610) at com.netscape.cmscore.dbs.DBVirtualList.getPage(DBVirtualList.java:602) at com.netscape.cmscore.dbs.DBVirtualList.getElementAt(DBVirtualList.java:754) at com.netscape.cmscore.dbs.CertRecordList.getCertRecord(CertRecordList.java:110) at org.dogtagpki.server.ca.rest.CertService.searchCerts(CertService.java:474) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at sun.reflect.GeneratedMethodAccessor40.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at sun.reflect.GeneratedMethodAccessor39.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:428) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.ClassCastException: netscape.ldap.LDAPException cannot be cast to netscape.ldap.LDAPEntry at com.netscape.cmscore.dbs.DBVirtualList.getEntries(DBVirtualList.java:477) ... 68 more How might I go about solving the Unknown Source? Many Thanks, Tania

3 6

freeipa upgrade from CentOS7 -> CentOS8 one replica is missing certificate SAN for ipa-ca
by Andrei Neagoe 22 Nov '21

22 Nov '21

I've migrated from a FreeIPA 4.6 environment running on CentOS7 to CentOS8, mostly without issues. Still running check and everything, I've noticed that one replica fails ipa-healthcheck with an interesting error. Checking the error, it seems that the replica certificate is missing the SAN for ipa-ca.redacted-domain.com. How can I regenerate the certificate to include it? [root@mentor ~]# ipa-healthcheck [ { "source": "ipahealthcheck.ipa.certs", "check": "IPACertDNSSAN", "result": "ERROR", "uuid": "943cd592-8e52-43a7-a527-6ce8ed9a3b4b", "when": "20211118161556Z", "duration": "0.605858", "kw": { "key": "20211116143827", "hostname": "ipa-ca.redacted-domain.com", "san": [ "mentor.redacted-domain.com" ], "ca": "IPA", "profile": "caIPAserviceCert", "msg": "Certificate request id {key} with profile {profile} for CA {ca} does not have a DNS SAN {san} matching name {hostname}" } }, { "source": "ipahealthcheck.ipa.dna", "check": "IPADNARangeCheck", "result": "WARNING", "uuid": "b2e587ac-870d-464b-9140-1de9c736a258", "when": "20211118161559Z", "duration": "0.269301", "kw": { "range_start": 0, "range_max": 0, "next_start": 0, "next_max": 0, "msg": "No DNA range defined. If no masters define a range then users and groups cannot be created." } } ] [root@mentor ~]# ipa config-show Maximum username length: 32 Maximum hostname length: 64 Home directory base: /home Default shell: /bin/sh Default users group: ipausers Default e-mail domain: redacted-domain.com Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=REDACTED-DOMAIN.COM Password Expiration Notification (days): 14 Password plugin features: AllowNThash, KDC:Disable Last Success SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: unconfined_u:s0-s0:c0.c1023 Default PAC types: MS-PAC, nfs:NONE IPA masters: alien.redacted-domain.com, bingo.redacted-domain.com, equator.redacted-domain.com, mentor.redacted-domain.com IPA master capable of PKINIT: alien.redacted-domain.com, bingo.redacted-domain.com, equator.redacted-domain.com, mentor.redacted-domain.com IPA CA servers: alien.redacted-domain.com, bingo.redacted-domain.com, equator.redacted-domain.com, mentor.redacted-domain.com IPA CA renewal master: equator.redacted-domain.com [root@mentor ~]# for cahost in `ipa config-show | grep 'IPA CA servers:' | awk -F: '{print $2}' | tr -d ','`; do openssl s_client -connect $cahost:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:; done DNS:alien.redacted-domain.com, DNS:ipa-ca.redacted-domain.com, othername:<unsupported>, othername:<unsupported> DNS:bingo.redacted-domain.com, DNS:ipa-ca.redacted-domain.com, othername:<unsupported>, othername:<unsupported> DNS:equator.redacted-domain.com, DNS:ipa-ca.redacted-domain.com, othername:<unsupported>, othername:<unsupported> DNS:mentor.redacted-domain.com, othername:<unsupported>, othername:<unsupported> Thanks in advance, Andrei

2 2

locale de_DE.UTF-8 and internel error
by Jochen Kellner 21 Nov '21

21 Nov '21

Hi, I tried removing a replica and got an internal error: jochen@freeipa1:~$ ipa server-del freeipa4.example.org Removing freeipa4.example.org from replication topology, please wait... ipa: ERROR: Ein interner Fehler ist aufgetreten I'm running with LANG=de_DE.UTF-8. Using en_US.UTF-8 would be ok. In the httpd error_log: ] ipa: ERROR: non-public: TypeError: unhashable type: 'Gettext' ] Traceback (most recent call last): ] File "/usr/lib/python3.10/site-packags/ipaserver/rpcserver.py", line 407, in wsgi_execute ] result = command(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipalib/frontend.py", line 471, in __call__ ] return self.__do_call(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipalib/frontend.py", line 499, in __do_call ] ret = self.run(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipalib/frontend.py", line 821, in run ] return self.execute(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/baseldap.py", line 1686, in execute ] delete_entry(pkey) ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/baseldap.py", line 1637, in delete_entry ] dn = callback(self, ldap, dn, *nkeys, **options) ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/server.py", line 755, in pre_callback ] self._ensure_last_of_role( ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/server.py", line 520, in _ensure_last_of_role ] handler( ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/server.py", line 482, in handler ] raise errors.ServerRemovalError(reason=_(msg)) ] File "/usr/lib/python3.10/site-packages/ipalib/errors.py", line 269, in __init__ ] messages.process_message_arguments(self, format, message, **kw) ] File "/usr/lib/python3.10/site-packages/ipalib/messages.py", line 55, in process_message_arguments ] kw[key] = unicode(value) ] File "/usr/lib/python3.10/site-packages/ipalib/text.py", line 296, in __str__ ] return unicode(self.as_unicode()) ] File "/usr/lib/python3.10/site-packages/ipalib/text.py", line 293, in as_unicode ] return t.gettext(self.msg) ] File "/usr/lib64/python3.10/gettext.py", line 498, in gettext ] tmsg = self._catalog.get(message, missing) ] TypeError: unhashable type: 'Gettext' ] ipa: INFO: [jsonserver_session] admin(a)EXAMPLE.ORG: server_del/1(['freeipa4.example.org'], version='2.245'): InternalError Other commands like "ipa server-role-find --server=freeipa4.example.org" work ok and display translated messaged. Any ideas? Jochen -- This space is intentionally left blank.

2 3

ipa-healthcheck mentions/complains about a non-existent master - ?
by lejeczek 21 Nov '21

21 Nov '21

Hi guys. A domain seemingly healthy except for this one 'weir' thing: -> $ ipa-healthcheck keyctl_search: Required key not available Enter password for Internal Key Storage Token: Internal server error HTTPSConnectionPool(host='sucker.priv.mine', port=443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f888355c278>: Failed to establish a new connection: [Errno 111] Connection refused',)) ... This master has not been part of the domain for long time and does not appear anywhere else in the tools - how to safely 'clean it up'? many thanks, L

3 9

Client systems and retired replica servers
by Stephen Berg, Code 7309 18 Nov '21

18 Nov '21

I'm trying to migrate to new replica servers and have run into a glitch. From some of the clients I can get a ticket but any ipa command results in an error: [root@host ~]# ipa user-show user1 ipa: ERROR: cannot connect to 'any of the configured servers': https://iparep1.examle.com/ipa/json, https://iparep2.example.com/ipa/json, https://iparep3.example.com/ipa/json, https://iparep4.example.com/ipa/json All the servers listed in the error have been retired. The ipa_server config in /etc/sssd/sssd.conf has been updated to point to the new servers and sssd has been restarted. I tried to tweak sssd.conf on one client to only have one of the new replica servers listed, stopped sssd, cleared out /var/lib/sss/db/* and then restarted sssd. It still gets the same error above. The new servers are all running ipa-server-4.9.6-6 on Rocky Linux 8.5. There is one of previous replicas still running. I will be retiring that one as well but not until I figure out the current problems. I've configured topology segments in a mesh so any of the servers can replicate with any of the others. -- Stephen Berg, IT Specialist, Ocean Sciences Division, Code 7309 Naval Research Laboratory W: (228) 688-5738 <- (Preferred contact) DSN: (312) 823-5738 C: (228) 365-0162 Flank Speed: stephen.p.berg.civ(a)us.navy.mil

1 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-users November 2021