(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_initgr_next_base] (0x0400): Searching for users with base
[DC=abc,DC=com]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_print_server]
(0x2000): Searching x.x.161.251
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(sAMAccountName=018843)(objectclass=user)(objectSID=*))][DC=abc,DC=com].
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_op_add] (0x2000):
New operation 5 timeout 6
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x7fa8ee618840], connected[1], ops[0x7fa8ee60d3a0],
ldap[0x7fa8ee61a020]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_entry]
(0x1000): OriginalDN: [CN=Sonia G,OU=Employees,OU=User
Accounts,DC=abc,DC=com].
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [whenChanged]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [uSNChanged]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [name]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectGUID]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [userAccountControl]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [primaryGroupID]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectSid]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [sAMAccountName]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [userPrincipalName]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x7fa8ee618840], connected[1], ops[0x7fa8ee60d3a0],
ldap[0x7fa8ee61a020]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_entry]
(0x1000): OriginalDN: [CN=Sonia G,OU=Employees,OU=User
Accounts,DC=a,DC=abc,DC=com].
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectClass]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [whenChanged]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [memberOf]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [uSNChanged]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [name]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectGUID]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [userAccountControl]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [primaryGroupID]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [objectSid]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [sAMAccountName]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_parse_range]
(0x2000): No sub-attributes for [userPrincipalName]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x7fa8ee618840], connected[1], ops[0x7fa8ee60d3a0],
ldap[0x7fa8ee61a020]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_op_destructor]
(0x2000): Operation 5 finished
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_get_initgr_user]
(0x0040): Expected one user entry and got 2
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_get_initgr_user]
(0x0040): No matching DN found.
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sbus_add_timeout]
(0x2000): 0x7fa8ef626070
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x7fa8ee618840], connected[1], ops[(nil)],
ldap[0x7fa8ee61a020]
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [sbus_remove_timeout]
(0x2000): 0x7fa8ef626070
(Fri Jan 27 15:53:36 2017) [sssd[be[abc.com]]] [acctinfo_callback]
(0x0100): Request processed. Returned 3,22,Init group lookup failed
This also looks like a problem, a search with sAMAccountName=018843 is
returning two objects but then matching to an expected base DN fails:
CN=Sonia G,OU=Employees,OU=User Accounts,DC=a,DC=abc,DC=com
and
CN=Sonia G,OU=Employees,OU=User Accounts,DC=abc,DC=com
I see the following on my SSSD 1.13 system:
(Mon Jan 30 14:24:41 2017) [sssd[be[jstephen.local]]]
[sdap_get_initgr_user] (0x4000): Receiving info for the user
(Mon Jan 30 14:24:41 2017) [sssd[be[jstephen.local]]]
[sdap_get_initgr_user] (0x0040): Expected one user entry and got 2
(Mon Jan 30 14:24:41 2017) [sssd[be[jstephen.local]]]
[sdap_get_initgr_user] (0x4000): Expected BaseDN is
[cn=users,dc=jstephen,dc=local].
(Mon Jan 30 14:24:41 2017) [sssd[be[jstephen.local]]]
[sdap_get_initgr_user] (0x4000): Found matching dn
[CN=sssduser,CN=Users,DC=jstephen,DC=local].
Kind regards,
Justin Stephenson
On 01/28/2017 04:57 AM, Jakub Hrozek wrote:
> On Fri, Jan 27, 2017 at 11:28:30PM -0000, sonia.gilbert(a)hawaiianair.com wrote:
>> Okay, Thank you for helping!
>>
>> krb5_child.log
>>
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [main] (0x0400): krb5_child
started.
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [unpack_buffer] (0x1000):
total buffer size: [225]
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [unpack_buffer] (0x0100):
cmd [241] uid [1213401232] gid [1213400513] validate [true] enterprise principal [true]
offline [false] UPN [018843(a)ABC.COM]
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [unpack_buffer] (0x0100):
ccname: [KEYRING:persistent:1213401232] old_ccname: [KEYRING:persistent:1213401232]
keytab: [/etc/krb5.keytab]
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [check_use_fast] (0x0100):
Not using FAST.
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [switch_creds] (0x0200):
Switch user to [1213401232][1213400513].
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [sss_krb5_cc_verify_ccache]
(0x2000): TGT not found or expired.
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [switch_creds] (0x0200):
Switch user to [0][0].
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [privileged_krb5_setup]
(0x0080): Cannot open the PAC responder socket
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [become_user] (0x0200):
Trying to become user [1213401232][1213400513].
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [main] (0x2000): Running as
[1213401232][1213400513].
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [k5c_setup] (0x2000):
Running as [1213401232][1213400513].
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [set_lifetime_options]
(0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [set_lifetime_options]
(0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [set_canonicalize_option]
(0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [main] (0x0400): Will
perform online auth
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [tgt_req_child] (0x1000):
Attempting to get a TGT
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [
ABC.COM]
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [get_and_save_tgt]
(0x0020): 1234: [-1765328360][Preauthentication failed]
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [map_krb5_error] (0x0020):
1303: [-1765328360][Preauthentication failed]
>
> This really sounds like a wrong password was entered...
>
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [k5c_send_data] (0x0200):
Received error code 1432158215
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [pack_response_packet]
(0x2000): response packet size: [4]
>> (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530]]]] [main] (0x0400): krb5_child
completed successfully
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>