On Fri, Feb 12, 2021 at 10:43:18PM -0000, Mike Conner via FreeIPA-users wrote:
More logs. This is from another broken client during an attempt to
login as an AD user:
****
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] (0x1000):
Domain
domain.edu is Active
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_id_op_connect_step] (0x4000):
reusing cached connection
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_get_acct_info_send]
(0x0400): Sending request_type: [REQ_FULL_WITH_MEMBERS] for trust user
[S-1-5-21-71189414-1642862984-1097818727-22197] to IPA server
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_send] (0x0400):
Executing extended operation
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_send] (0x2000):
ldap_extended_operation sent, msgid = 16
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_op_add] (0x2000): New
operation 16 timeout 6
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] (0x2000):
Trace: sh[0x55eb482586a0], connected[1], ops[0x55eb482c6f10], ldap[0x55eb48274a50]
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] (0x2000):
Trace: end of ldap_result list
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] (0x2000):
Trace: sh[0x55eb482586a0], connected[1], ops[0x55eb482c6f10], ldap[0x55eb48274a50]
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_message] (0x4000):
Message type: [LDAP_RES_EXTENDED]
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_done] (0x0040):
ldap_extended_operation result: Operations error(1), Failed to split fully qualified
name.
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_done] (0x0040):
ldap_extended_operation failed, server logs might contain more details.
Hi,
the client sends a lookup request for the SID
S-1-5-21-71189414-1642862984-1097818727-22197 to the server but on the
server side a user or a group which are processed during this request do
not have an '@' character in the name. Did you modify sssd.conf on the
server to return only short names? If that's not the case do you know if
the AD object with SID S-1-5-21-71189414-1642862984-1097818727-22197 has
some '@' characters in the name? And which version of IPA are you using
on the IPA servers?
bye,
Sumit
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]]
[sdap_op_destructor] (0x2000): Operation 16 finished
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_get_user_done] (0x0040):
s2n exop request failed.
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_id_op_done] (0x4000):
releasing operation connection
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_subdomain_account_done]
(0x0040): ipa_get_*_acct request failed: [1432158229]: Network I/O Error.
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_id_op_destroy] (0x4000):
releasing operation connection
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_done] (0x0400): DP Request
[Account #1]: Request handler finished [0]: Success
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [_dp_req_recv] (0x0400): DP Request
[Account #1]: Receiving request data.
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_reply_list_success]
(0x0400): DP Request [Account #1]: Finished. Success.
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_reply_std] (0x1000): DP
Request [Account #1]: Returning [Internal Error]: 3,1432158229,Network I/O Error
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_table_value_destructor]
(0x0400): Removing [0:1:0x0001:1:V:domain.edu:name=connerms@domain.edu] from reply table
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_destructor] (0x0400): DP
Request [Account #1]: Request removed.
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_destructor] (0x0400):
Number of active DP request: 0
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] (0x2000):
Trace: sh[0x55eb482586a0], connected[1], ops[(nil)], ldap[0x55eb48274a50]
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] (0x2000):
Trace: end of ldap_result list
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] (0x4000): dbus
conn: 0x55eb482d0940
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] (0x4000):
Dispatching.
(Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
****
The `Returning [Internal Error]: 3,1432158229,Network I/O Error` part sticks out.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure