-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi everyone,
My aim is to have consistent Active Directory Users/Groups to Unix UID/GID designations across several Linux machines joined to that domain. Ideally without explicitly setting these in the directory.
After failing to get Winbind with a RID backend to work as desired, a Samba user suggested that I try using SSSD instead.
For the last few hours I've been trying to get this to work; but without much luck.
Right now I'm hitting a problem whereby SSSD's unable to find valid users because none of my directory users have the attribute "dataExpireTimestamp" and this is part of the search filter.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): Search users with filter: (&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE xpireTimestamp<=1375226518)(!(lastLogin=*)))) (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x186bbc0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x186bce0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x186bce0 "ltdb_timeout" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x186bbc0 "ltdb_callback" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): No such entry
I've tried explicitly setting this without any luck. IT seems to be ignoring the following line.
ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
And here's what I mean about that attribute affecting the search. First using the filter that SSSD is using, second time using one that doesn't reference the "dataExpireTimestamp" attribute.
/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33 '(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))' - -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local # returned 0 records # 0 entries # 0 referrals
/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33 '(&(objectclass=user)(!(lastLogin=*)))' -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local [...] # returned 5 records # 5 entries # 0 referrals
I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my Domain Controller.
This is my current SSSD configuration (/etc/sssd/sssd.conf):
[sssd] domains = DEVDOM services = nss, pam config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] offline_credentials_expiration = 0 reconnection_retries = 3
[domain/DEVDOM] debug_level = 9
description = LDAP domain with AD server id_provider = ldap auth_provider = krb5 ;auth_provider = ldap ldap_default_bind_dn = cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local ldap_default_authtok_type = password ldap_default_authtok = XXX ;ldap_user_object_class = person ;ldap_user_name = msSFU30Name ;ldap_user_uid_number = msSFU30UidNumber ;ldap_user_gid_number = msSFU30GidNumber ;ldap_user_home_directory = msSFU30HomeDirectory ;ldap_user_shell = msSFU30LoginShell ;ldap_user_principal = userPrincipalName ;ldap_group_object_class = group ;ldap_group_name = msSFU30Name ;ldap_group_gid_number = msSFU30GidNumber
enumerate = TRUE ;cache_credentials = TRUE
chpass_provider = krb5
;tls_reqcert = demand ;ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_id_mapping = True ldap_idmap_default_domain_sid = S-1-5-21-2003857637-2616505931-2053645484 ldap_idmap_range_min = 70000 ldap_idmap_range_max = 7000000 ldap_schema = ad
;; kerberos config ;; auth_provider = krb5 krb5_server = hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL krb5_changepw_principle = kadmin/changepw krb5_ccachedir = /tmp krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout = 15 ;cache_credentials = True
;; https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html ;; ldap_referrals = False ;ldap_search_base = CN=users,DC=devdom,DC=orange,DC=local ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User) ;ldap_group_search_base = CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)
Any ideas as to what could help would be really appreciated.
Thanks for your time, - -- Chris Hayes
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/30/2013 07:58 PM, Chris Hayes wrote:
Hi everyone,
My aim is to have consistent Active Directory Users/Groups to Unix UID/GID designations across several Linux machines joined to that domain. Ideally without explicitly setting these in the directory.
After failing to get Winbind with a RID backend to work as desired, a Samba user suggested that I try using SSSD instead.
For the last few hours I've been trying to get this to work; but without much luck.
Right now I'm hitting a problem whereby SSSD's unable to find valid users because none of my directory users have the attribute "dataExpireTimestamp" and this is part of the search filter.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): Search users with filter: (&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE xpireTimestamp<=1375226518)(!(lastLogin=*))))
That's not an LDAP search (though it uses the same syntax). That's an internal search of our cache, which uses an LDAP-like database. The dataExpireTimestamp is an internal attribute we use to identify when a cached entry is expired and needs to be refreshed.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x186bbc0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x186bce0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x186bce0 "ltdb_timeout" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x186bbc0 "ltdb_callback" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): No such entry
What this is telling you is that the entry wasn't found in the cache. The next steps in the log *should* show it attempting to ask the LDAP server to refresh the cache. We need to see more to help debug the situation. If it's not going to LDAP here, it probably means that some earlier attempt to talk to LDAP put the SSSD into 'offline' mode. This may have been due to a misconfiguration, such as the server not allowing the bind user access.
I've tried explicitly setting this without any luck. IT seems to be ignoring the following line.
ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
And here's what I mean about that attribute affecting the search. First using the filter that SSSD is using, second time using one that doesn't reference the "dataExpireTimestamp" attribute.
/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33 '(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))'
- -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local
# returned 0 records # 0 entries # 0 referrals
/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33 '(&(objectclass=user)(!(lastLogin=*)))' -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local [...] # returned 5 records # 5 entries # 0 referrals
As I said above, you're confusing an internal cache lookup against our LDB database with an LDAP search.
I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my Domain Controller.
I *strongly* encourage you to try SSSD 1.9.x (available in Fedora, RHEL 6.4+ and many other distributions; you didn't say which OS you were running). Among other things, it's *much* easier to configure for AD (especially if you use realmd or adcli to set up the keytab)
This is my current SSSD configuration (/etc/sssd/sssd.conf):
[sssd] domains = DEVDOM services = nss, pam config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] offline_credentials_expiration = 0 reconnection_retries = 3
[domain/DEVDOM] debug_level = 9
description = LDAP domain with AD server id_provider = ldap auth_provider = krb5 ;auth_provider = ldap ldap_default_bind_dn = cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local ldap_default_authtok_type = password ldap_default_authtok = XXX
Not related, but you almost certainly don't want to be using password-auth for the bind DN if you're not encrypting the communication channel with LDAPS, LDAP+TLS or LDAP+SASL. The LDAP protocol puts the password on the wire in plaintext for all to intercept.
The best solution would be to set SSSD (1.9.x+) up with adcli to join the realm and create a keytab that you could use for SSSD's authentication to the server.
;ldap_user_object_class = person ;ldap_user_name = msSFU30Name ;ldap_user_uid_number = msSFU30UidNumber ;ldap_user_gid_number = msSFU30GidNumber ;ldap_user_home_directory = msSFU30HomeDirectory ;ldap_user_shell = msSFU30LoginShell ;ldap_user_principal = userPrincipalName ;ldap_group_object_class = group ;ldap_group_name = msSFU30Name ;ldap_group_gid_number = msSFU30GidNumber
enumerate = TRUE ;cache_credentials = TRUE
chpass_provider = krb5
;tls_reqcert = demand ;ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_id_mapping = True ldap_idmap_default_domain_sid = S-1-5-21-2003857637-2616505931-2053645484 ldap_idmap_range_min = 70000 ldap_idmap_range_max = 7000000 ldap_schema = ad
;; kerberos config ;; auth_provider = krb5 krb5_server = hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL krb5_changepw_principle = kadmin/changepw krb5_ccachedir = /tmp krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout = 15 ;cache_credentials = True
;;
https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html
;;
ldap_referrals = False ;ldap_search_base = CN=users,DC=devdom,DC=orange,DC=local ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
;ldap_group_search_base =
CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)
Any ideas as to what could help would be really appreciated.
Thanks for your time,
As I said above, we really need more logs (at level 6 or above) to help you figure out where things went wrong. I notice that you're using 'enumerate = True', so there's a very real possibility that the initial enumeration run that occurs when you start SSSD is detecting an error and marking the SSSD offline. While you're testing right now, I'd recommend setting that to False and using 'getent passwd <username>' to test whether IDs are coming back. If that works, but it doesn't when you turn enumerate back on, it probably means that one or more of the entries in LDAP is invalid or contradictory, and you'll need to check the enumerate logs for the reason.
Good enough to start with? You may also want to review https://fedorahosted.org/sssd/wiki/FAQ#Troubleshooting for some more tricks (though some are outdated; we support the 'ad' ldap_schema now as well. I'll fix later; right now the Fedora Infrastructure is having a planned patch outage)
OK, try this sssd.conf:
[sssd] domains = DEVDOM services = nss, pam config_file_version = 2
[nss]
[pam]
[domain/DEVDOM] debug_level = 9 description = LDAP domain with AD server cache_credentials = True enumerate = TRUE id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap
krb5_server = hirst.devdom.orange.local krb5_kpasswd = hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName
ldap_group_object_class = group ldap_group_name = sAMAccountName
This is based on my working conf file, but you need to have in the clients smb.conf, this:
[global] workgroup = DEVDOM client signing = yes client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/%m.log password server = HIRST.DEVDOM.ORANGE.LOCAL realm = DEVDOM.ORANGE.LOCAL security = ads
Also the computer needs to be joined to the domain.
Rowland
On 31 July 2013 00:58, Chris Hayes chris.hayes@proporta.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi everyone,
My aim is to have consistent Active Directory Users/Groups to Unix UID/GID designations across several Linux machines joined to that domain. Ideally without explicitly setting these in the directory.
After failing to get Winbind with a RID backend to work as desired, a Samba user suggested that I try using SSSD instead.
For the last few hours I've been trying to get this to work; but without much luck.
Right now I'm hitting a problem whereby SSSD's unable to find valid users because none of my directory users have the attribute "dataExpireTimestamp" and this is part of the search filter.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): Search users with filter: (&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE xpireTimestamp<=1375226518)(!(lastLogin=*)))) (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x186bbc0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x186bce0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x186bce0 "ltdb_timeout" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x186bbc0 "ltdb_callback" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): No such entry
I've tried explicitly setting this without any luck. IT seems to be ignoring the following line.
ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
And here's what I mean about that attribute affecting the search. First using the filter that SSSD is using, second time using one that doesn't reference the "dataExpireTimestamp" attribute.
/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33
'(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))'
- -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local
# returned 0 records # 0 entries # 0 referrals
/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33 '(&(objectclass=user)(!(lastLogin=*)))' -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local [...] # returned 5 records # 5 entries # 0 referrals
I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my Domain Controller.
This is my current SSSD configuration (/etc/sssd/sssd.conf):
[sssd] domains = DEVDOM services = nss, pam config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] offline_credentials_expiration = 0 reconnection_retries = 3
[domain/DEVDOM] debug_level = 9
description = LDAP domain with AD server id_provider = ldap auth_provider = krb5 ;auth_provider = ldap ldap_default_bind_dn = cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local ldap_default_authtok_type = password ldap_default_authtok = XXX ;ldap_user_object_class = person ;ldap_user_name = msSFU30Name ;ldap_user_uid_number = msSFU30UidNumber ;ldap_user_gid_number = msSFU30GidNumber ;ldap_user_home_directory = msSFU30HomeDirectory ;ldap_user_shell = msSFU30LoginShell ;ldap_user_principal = userPrincipalName ;ldap_group_object_class = group ;ldap_group_name = msSFU30Name ;ldap_group_gid_number = msSFU30GidNumber
enumerate = TRUE ;cache_credentials = TRUE
chpass_provider = krb5
;tls_reqcert = demand ;ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_id_mapping = True ldap_idmap_default_domain_sid = S-1-5-21-2003857637-2616505931-2053645484 ldap_idmap_range_min = 70000 ldap_idmap_range_max = 7000000 ldap_schema = ad
;; kerberos config ;; auth_provider = krb5 krb5_server = hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL krb5_changepw_principle = kadmin/changepw krb5_ccachedir = /tmp krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout = 15 ;cache_credentials = True
;; https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html ;; ldap_referrals = False ;ldap_search_base = CN=users,DC=devdom,DC=orange,DC=local ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User) ;ldap_group_search_base = CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)
Any ideas as to what could help would be really appreciated.
Thanks for your time,
Chris Hayes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJR+FM5AAoJELgO0A8EguAKbF0IAKIjfYwO2zFpuhmk97TgsV21 T/nFBTpMPbkv7qsELkI5E+s+E4xo66nowrVG2GYuO9DBQ1MxCjNamR8Py/8Qa9de 0CIcWzCKe1/SYLNmQ30AOcNxc1S0n3Z7rMTtXDUU/O7gj/v/qbb174lFnn+7+l9R B8MJ1YFmZUrgcJrs33X+antsIqcIfbQptXt1Z6CUH/qSFEmJ58fhE5fXeQJIw07n 9UxokKmE3HN19bIBwQQ1QHBskcg0oGqrRO/oHE9Jqb3y1CKZlvjsLFJlsi/9aUr2 lppZB9OECXSJyovQNj4R0QboU+AKkO6QNefrUyekUxws/OZNeU7PWCCQ8/HtdlY= =LP+G -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi Rowland,
Thanks for your advice. I've implemented the configuration that you suggested, changing it to match my domain.
Still not having any luck though; here's the log (tailing it in the background) for when I run the following getent command.
Any thoughts would be really appreciated. I'm still on version 1.8.4 and ideally I'd like stick with that as it's what Debian provides.
root@blipp:~# getent passwd "DEVDOM\MURHPY" MURPHY "DEVDOM+MURPHY" (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): dbus conn: 16CE7F0 (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=DEVDOM\MURHPY] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_id_op_connect_step] (0x4000): beginning to connect (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'neutral' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_srv_send] (0x0400): The status of SRV lookup is neutral (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_get_domain_send] (0x1000): Host name is: blipp (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_is_address] (0x4000): [blipp] does not look like an IP address (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_step] (0x2000): Querying files (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'blipp' in files (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_get_domain_done] (0x1000): The full FQDN is: blipp.devdom.orange.local (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_srv_cont] (0x0100): Searching for servers via SRV query '_ldap._tcp.devdom.orange.local' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.devdom.orange.local' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [request_watch_destructor] (0x0400): Deleting request watch (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolve_srv_done] (0x0400): Inserted server 'hirst.devdom.orange.local:389' for service LDAP (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'LDAP' as 'resolved' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_server_status] (0x1000): Status of server 'hirst.devdom.orange.local' is 'name not resolved' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_is_address] (0x4000): [hirst.devdom.orange.local] does not look like an IP address (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_step] (0x2000): Querying files (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'hirst.devdom.orange.local' in files (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [set_server_common_status] (0x0100): Marking server 'hirst.devdom.orange.local' as 'resolving name' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_step] (0x2000): Querying files (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'hirst.devdom.orange.local' in files (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'hirst.devdom.orange.local' in DNS (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [request_watch_destructor] (0x0400): Deleting request watch (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [set_server_common_status] (0x0100): Marking server 'hirst.devdom.orange.local' as 'name resolved' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done] (0x1000): Saving the first resolved server (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done] (0x0200): Found address for server hirst.devdom.orange.local: [192.168.1.33] TTL 900 (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_uri_callback] (0x0400): Constructed uri 'ldap://hirst.devdom.orange.local:389' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sss_ldap_init_send] (0x4000): Using file descriptor [23] for LDAP connection. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://hirst.devdom.orange.local:389/??base] with fd [23]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1 (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e4340], ldap[0x16a9f40] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_parse_entry] (0x4000): OriginalDN: []. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e4340], ldap[0x16a9f40] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_rootdse_done] (0x4000): Got rootdse (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_naming_context] (0x0200): Using value from [defaultNamingContext] as naming context. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base] (0x0100): Setting option [ldap_search_base] to [DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][DC=devdom,DC=orange,DC=local][SUBTREE][] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base] (0x0100): Setting option [ldap_user_search_base] to [DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [common_parse_search_base] (0x0100): Search base added: [USER][DC=devdom,DC=orange,DC=local][SUBTREE][] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base] (0x0100): Setting option [ldap_group_search_base] to [DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][DC=devdom,DC=orange,DC=local][SUBTREE][] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base] (0x0100): Setting option [ldap_netgroup_search_base] to [DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][DC=devdom,DC=orange,DC=local][SUBTREE][] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base] (0x0100): Setting option [ldap_sudo_search_base] to [DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][DC=devdom,DC=orange,DC=local][SUBTREE][] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base] (0x0100): Setting option [ldap_service_search_base] to [DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][DC=devdom,DC=orange,DC=local][SUBTREE][] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_set_search_base] (0x0100): Setting option [ldap_autofs_search_base] to [DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][DC=devdom,DC=orange,DC=local][SUBTREE][] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 3813 (int: 3813) (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, (null), DEVDOM.ORANGE.LOCAL, 86400) (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service KERBEROS (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_server_status] (0x1000): Status of server 'hirst.devdom.orange.local' is 'name resolved' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_port_status] (0x1000): Port status of port 0 for server 'hirst.devdom.orange.local' is 'neutral' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [get_server_status] (0x1000): Status of server 'hirst.devdom.orange.local' is 'name resolved' (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done] (0x1000): Saving the first resolved server (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [be_resolve_server_done] (0x0200): Found address for server hirst.devdom.orange.local: [192.168.1.33] TTL 900 (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT... (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [create_tgt_req_send_buffer] (0x1000): buffer size: 37 (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [12990] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [child_handler_setup] (0x2000): Signal handler set up for pid [12990] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[(nil)], ldap[0x16a9f40] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [write_pipe_handler] (0x0400): All data has been sent! (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [read_pipe_handler] (0x0400): EOF received, client finished (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_DEVDOM.ORANGE.LOCAL], expired on [1375336895] (Wed Jul 31 21:01:35 2013) [sssd[be[DEVDOM]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: (null)
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [child_sig_handler] (0x1000): Waiting for child [12990]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [child_sig_handler] (0x0100): child [12990] finished successfully. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sss_child_handler] (0x2000): waitpid failed [10]: No child processes (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'hirst.devdom.orange.local' as 'working' (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [set_server_common_status] (0x0100): Marking server 'hirst.devdom.orange.local' as 'working' (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_connect_done] (0x4000): notify connected to op #1 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [DC=devdom,DC=orange,DC=local] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=DEVDOM\5cMURHPY)(objectclass=user))][DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_connect_done] (0x4000): caching successful connection after 1 notifies (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [DC=devdom,DC=orange,DC=local] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=user)(sAMAccountName=*)(uidNumber=*)(gidNumber=*))][DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 6 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): dbus conn: 16ABD10 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): dbus conn: 16ABD10 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): dbus conn: 16ABD10 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done] (0x4000): releasing operation connection (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x16e6310
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x16e5600
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x16e5600 "ltdb_timeout"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x16e6310 "ltdb_callback"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_user_by_name] (0x0400): No such entry (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e6910], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): dbus conn: 16CE7F0 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=MURPHY] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [DC=devdom,DC=orange,DC=local] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=MURPHY)(objectclass=user))][DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 7 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16c8930], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [DC=devdom,DC=orange,DC=local] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=group)(sAMAccountName=*)(&(gidNumber=*)(!(gidNumber=0))))][DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_parse_entry] (0x4000): OriginalDN: [CN=murphy,CN=Users,DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process] (0x0400): Search for users, returned 1 results. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_user] (0x4000): Save user (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_user] (0x0020): no uid provided for [murphy] in domain [DEVDOM]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_user] (0x0040): Failed to save user [murphy] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_users] (0x0040): Failed to store user 0. Ignoring. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_check_aliases] (0x2000): Could not get UID (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_save_users] (0x0040): Failed to check aliases for user 0. Ignoring. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process] (0x4000): Saving 1 Users - Done (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done] (0x4000): releasing operation connection (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e5bb0], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): dbus conn: 16CE7F0 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=DEVDOM+MURPHY] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_next_base] (0x0400): Searching for users with base [DC=devdom,DC=orange,DC=local] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=DEVDOM+MURPHY)(objectclass=user))][DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16ecd60], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 0 results. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_services_next_base] (0x0400): Searching for services with base [DC=devdom,DC=orange,DC=local] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*))][DC=devdom,DC=orange,DC=local]. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServicePort] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServiceProtocol] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_users_process] (0x0400): Search for users, returned 0 results. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done] (0x4000): releasing operation connection (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x16e8180
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x16eee70
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x16eee70 "ltdb_timeout"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x16e8180 "ltdb_callback"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_user_by_name] (0x0400): No such entry (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! root@blipp:~# (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] root@blipp:~# (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): root@blipp:~# Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[0x16e8470], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_generic_ext_done] (0x1000): Total count [0] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_get_services_process] (0x0400): Search for services, returned 0 results. (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_id_op_done] (0x4000): releasing operation connection (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [cleanup_users] (0x4000): Cache expiration is set to 0 days (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): Search users with filter: (&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375300913)(!(lastLogin=*)))) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x16f1d80
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x16e81f0
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x16e81f0 "ltdb_timeout"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x16f1d80 "ltdb_callback"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): No such entry (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_groups] (0x0400): Search groups with filter: (&(objectclass=group)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375300913))) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x16eef10
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x16e3850
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x16e3850 "ltdb_timeout"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x16eef10 "ltdb_callback"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sysdb_search_groups] (0x0400): No such entry (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x16d9a10
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x16e73e0
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x16e73e0 "ltdb_timeout"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x16d9a10 "ltdb_callback"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): start ldb transaction (nesting: 0) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x16e8580
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x16e8630
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x16e8630 "ltdb_timeout"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x16e8580 "ltdb_callback"
(Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [ldap_id_enumerate_set_timer] (0x0400): Scheduling next enumeration at 1375301213.820256 (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: sh[0x16da620], connected[1], ops[(nil)], ldap[0x16a9f40] (Wed Jul 31 21:01:53 2013) [sssd[be[DEVDOM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Wed Jul 31 21:01:59 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): dbus conn: 16ABD10 (Wed Jul 31 21:01:59 2013) [sssd[be[DEVDOM]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Jul 31 21:01:59 2013) [sssd[be[DEVDOM]]] [sbus_message_handler] (0x4000): Received SBUS method [ping]
root@blipp:~#
On 2013-07-31 10:03, Rowland Penny wrote:
OK, try this sssd.conf:
[sssd] domains = DEVDOM services = nss, pam config_file_version = 2
[nss]
[pam]
[domain/DEVDOM] debug_level = 9 description = LDAP domain with AD server cache_credentials = True enumerate = TRUE id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap
krb5_server = hirst.devdom.orange.local krb5_kpasswd = hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName
ldap_group_object_class = group ldap_group_name = sAMAccountName
This is based on my working conf file, but you need to have in the clients smb.conf, this:
[global] workgroup = DEVDOM client signing = yes client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/%m.log password server = HIRST.DEVDOM.ORANGE.LOCAL realm = DEVDOM.ORANGE.LOCAL security = ads
Also the computer needs to be joined to the domain.
Rowland
On 31 July 2013 00:58, Chris Hayes <chris.hayes@proporta.com mailto:chris.hayes@proporta.com> wrote:
Hi everyone,
My aim is to have consistent Active Directory Users/Groups to Unix UID/GID designations across several Linux machines joined to that domain. Ideally without explicitly setting these in the directory.
After failing to get Winbind with a RID backend to work as desired, a Samba user suggested that I try using SSSD instead.
For the last few hours I've been trying to get this to work; but without much luck.
Right now I'm hitting a problem whereby SSSD's unable to find valid users because none of my directory users have the attribute "dataExpireTimestamp" and this is part of the search filter.
(Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): Search users with filter: (&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataE xpireTimestamp<=1375226518)(!(lastLogin=*)))) (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x186bbc0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x186bce0 (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Destroying timer event 0x186bce0 "ltdb_timeout" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [ldb] (0x4000): tevent: Ending timer event 0x186bbc0 "ltdb_callback" (Wed Jul 31 00:21:58 2013) [sssd[be[DEVDOM]]] [sysdb_search_users] (0x0400): No such entry
I've tried explicitly setting this without any luck. IT seems to be ignoring the following line.
ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
And here's what I mean about that attribute affecting the search. First using the filter that SSSD is using, second time using one that doesn't reference the "dataExpireTimestamp" attribute.
/usr/local/samba/bin/ldbsearch -H ldaps://192.168.1.33 http://192.168.1.33 '(&(objectclass=user)(&(!(dataExpireTimestamp=0))(dataExpireTimestamp<=1375224572))))'
-UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local
# returned 0 records # 0 entries # 0 referrals
/usr/local/samba/bin/ldbsearch -s sub -H ldaps://192.168.1.33 http://192.168.1.33 '(&(objectclass=user)(!(lastLogin=*)))' -UAdministrator%XXX -b CN=Users,DC=devdom,DC=orange,DC=local [...] # returned 5 records # 5 entries # 0 referrals
I'm running SSSD version 1.8.4, and Samba4 version 4.0.6 as my Domain Controller.
This is my current SSSD configuration (/etc/sssd/sssd.conf):
[sssd] domains = DEVDOM services = nss, pam config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] offline_credentials_expiration = 0 reconnection_retries = 3
[domain/DEVDOM] debug_level = 9
description = LDAP domain with AD server id_provider = ldap auth_provider = krb5 ;auth_provider = ldap ldap_default_bind_dn = cn=Administrator,cn=Users,DC=devdom,DC=orange,DC=local ldap_default_authtok_type = password ldap_default_authtok = XXX ;ldap_user_object_class = person ;ldap_user_name = msSFU30Name ;ldap_user_uid_number = msSFU30UidNumber ;ldap_user_gid_number = msSFU30GidNumber ;ldap_user_home_directory = msSFU30HomeDirectory ;ldap_user_shell = msSFU30LoginShell ;ldap_user_principal = userPrincipalName ;ldap_group_object_class = group ;ldap_group_name = msSFU30Name ;ldap_group_gid_number = msSFU30GidNumber
enumerate = TRUE ;cache_credentials = TRUE
chpass_provider = krb5
;tls_reqcert = demand ;ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_id_mapping = True ldap_idmap_default_domain_sid = S-1-5-21-2003857637-2616505931-2053645484 ldap_idmap_range_min = 70000 ldap_idmap_range_max = 7000000 ldap_schema = ad
;; kerberos config ;; auth_provider = krb5 krb5_server = hirst.devdom.orange.local krb5_realm = DEVDOM.ORANGE.LOCAL krb5_changepw_principle = kadmin/changepw krb5_ccachedir = /tmp krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout = 15 ;cache_credentials = True
;; https://lists.fedorahosted.org/pipermail/sssd-devel/2012-May/009677.html
;;
ldap_referrals = False ;ldap_search_base = CN=users,DC=devdom,DC=orange,DC=local ldap_user_search_base = CN=Users,DC=devdom,DC=orange,DC=local?subtree?(objectCategory=User)
;ldap_group_search_base =
CN=Users,DC=devdom,DC=orange,DC=local??(objectCategory=User)
Any ideas as to what could help would be really appreciated.
Thanks for your time, _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org mailto:sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, Jul 31, 2013 at 09:30:42PM +0100, Chris Hayes wrote:
Hi Rowland,
Thanks for your advice. I've implemented the configuration that you suggested, changing it to match my domain.
Still not having any luck though; here's the log (tailing it in the background) for when I run the following getent command.
Hi Chris,
The AD provider (that is capable of mapping SIDs onto POSIX IDs) was only introduced in 1.9. The versions before 1.9 rely on the presence of POSIX attributes (UID, GID, shell etc). Based on your first e-mail I assume you were interested in ID-mapping, right?
Are the POSIX attributes currently populated on the AD side? The logs indicate that the searches are being issued, just nothing comes back..
On 31 July 2013 21:30, Chris Hayes chris.hayes@proporta.com wrote:
Hi Rowland,
Thanks for your advice. I've implemented the configuration that you suggested, changing it to match my domain.
Still not having any luck though; here's the log (tailing it in the background) for when I run the following getent command.
Any thoughts would be really appreciated. I'm still on version 1.8.4 and ideally I'd like stick with that as it's what Debian provides.
Are you set on using Debian? if so, then you could use the sssd package from sid, but I cannot help you there, because I do not use Debian, I use Ubuntu 12.04 LTS server and a ppa and if you are prepared to try it out, I will help you all that I can.
Rowland
sssd-users@lists.fedorahosted.org