On (09/08/13 10:57), Chris Hartman wrote:
On Fri, Aug 9, 2013 at 9:42 AM, Lukas Slebodnik
<lslebodn(a)redhat.com> wrote:
> And then try to get some information about problematic group.
> getent group -s sss 1596003661
>
Output from that command:
> USER@smarty:~$ getent group -s sss 1596003661
> certificate service dcom access:*:1596003661:
Performed again with another phantom group:
> USER@smarty:/etc/puppet/modules/sssd$ getent group -s sss 1596003662
> users:*:1596003662:aspnet
I've got debug output but it contains some relatively private information
(first and last names, usernames, possibly other directory information).
It's also rather large (11K lines). Could I share this offlist if necessary?
As it is, here are some relevant lines. In this case, the reported bad
group was 1596003663.
... snip ...
> (0x4000): Received SBUS method [getAccountInfo]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [be_get_account_info]
> (0x0100): Got request for [4098][1][idnumber=1596003663]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_groups_next_base] (0x0400): Searching for groups with base
> [DC=TESTDOMAIN,DC=local]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>
[(&(objectSID=S-1-5-21-1779125721-235263668-3792523542-3663)(objectclass=group)(name=*))][DC=TESTDOMAIN,DC=local].
^^^^^^^
This is the 1st interesting part.
Could you try to do same query with ldapsearch? (the first part is filster and
the second one is search base.
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 104
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_result]
> (0x2000): Trace: sh[0x9543678], connected[1], ops[0x958c300],
> ldap[0x9537030]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_result]
> (0x2000): Trace: sh[0x9543678], connected[1], ops[0x958c300],
> ldap[0x9537030]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_result]
> (0x2000): Trace: sh[0x9543678], connected[1], ops[0x958c300],
> ldap[0x9537030]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_result]
> (0x2000): Trace: sh[0x9543678], connected[1], ops[0x958c300],
> ldap[0x9537030]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]] [sdap_process_message]
> (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg
> set
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
> [sdap_get_groups_process] (0x0400): Search for groups, returned 0 results.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Group was not found.
> (Fri Aug 9 10:46:01 2013) [sssd[be[TESTDOMAIN]]]
[sdap_id_op_done]
> (0x4000): releasing operation connection
> <output ommitted>
> ==> sssd_nss.log <==
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000):
> 0x96579e8
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
> conn: 964B150
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got
> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100):
> Requesting info for [1596003663@TESTDOMAIN]
^^^^^^^^
Here is begin of request in sssd_nss
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [ldb] (0x4000): tevent:
Added timed
> event "ltdb_callback": 0x965a8f0
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [ldb] (0x4000): tevent: Added timed
> event "ltdb_timeout": 0x96575c0
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [ldb] (0x4000): tevent: Destroying
> timer event 0x96575c0 "ltdb_timeout"
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [ldb] (0x4000): tevent: Ending
> timer event 0x965a8f0 "ltdb_callback"
> (Fri Aug 9 10:46:02 2013) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0040):
> No matching domain found for [1596003663], fail!
^^^^^^^^^^^^^^^^^^^^^^^^^^^
I don't know why this message is here. I would expect:
a) No results for getgrgid call
b) Returning info for gid .....
Maybe someone else will help you.
LS