Hi,
I've built a large number of RHEL 6 servers across multiple AD domains with identical
SSSD/krb5 configurations.
SSSD authentication works fine for most of these servers, but every once in a while on
various servers it just seems to stop working. If users are cached they continue to work,
but non cached users are denied access.
If I login with a local account and restart the SSSD service it usually starts working
again.
Below are logs taken from an Oracle server on a management network, for which I have been
unable to get SSSD to work at all (local kinit and net ads join commands work ok – but
SSSD authentication fails).
I cleared my logs, cleared my cache, raised the SSSD log levels to 7, then started the
service & executed "getent passwd firstname.lastname" and then stopped SSSD
when it failed.
Firstly I'd like to work out why this server isn't working with SSSD, then work
out why SSSD appears to be flakey - any help would be greatly appreciated :)
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =
DOMAIN.SUBDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
[realms]
#
DOMAIN.SUBDOMAIN.COM = {
#kdc =
dc.domain.subdomain.com
#admin_server =
dc.domain.subdomain.com
#}
[domain_realm]
#.domain.subdomain.com =
DOMAIN.SUBDOMAIN.COM
#domain.subdomain.com =
DOMAIN.SUBDOMAIN.COM
/etc/sssd/sssd.conf
[sssd]
config_file_version = 2
debug_level = 1
domains =
domain.subdomain.com
services = nss, pam, ssh, sudo
[
domain/domain.subdomain.com]
debug_level = 1
id_provider = ad
access_provider = ad
auth_provider = ad
chpass_provider = ad
# Permits offline logins:
cache_credentials = true
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
ldap_schema = rfc2307bis
#Allows users to login without specifying FQDN
default_domain_suffix =
domain.subdomain.com
#performance related (+ avoids RHEL 6.6 bug)
ldap_referrals = false
#Don't use SELinux
selinux_provider = none
#Ignore root forest domain, and don't update DNS records dynamically.
subdomains_provider = none
dyndns_update = false
[ssh]
debug_level = 1
[nss]
debug_level = 1
[pam]
debug_level = 1
[sudo]
debug_level = 1
sssd_nss log -
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [server_setup] (0x0400): CONFDB:
/var/lib/sss/db/config.ldb
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [confdb_get_domain_internal] (0x0400): No
enumeration for [
domain.subdomain.com]!
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [confdb_get_domain_internal] (0x1000):
pwd_expiration_warning is -1
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sbus_init_connection] (0x0400): Adding connection
0x171fef0
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sbus_conn_add_interface] (0x1000): Will register
path /org/freedesktop/sssd/service without fallback
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [monitor_common_send_id] (0x0100): Sending ID:
(nss,1)
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_names_init_from_args] (0x0100): Using re
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^(a)\\]+)$))].
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_fqnames_init] (0x0100): Using fq format
[%1$s@%2$s].
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sbus_init_connection] (0x0400): Adding connection
0x171e980
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sbus_conn_add_interface] (0x1000): Will register
path /org/freedesktop/sssd/dataprovider without fallback
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [dp_common_send_id] (0x0100): Sending ID to DP:
(1,NSS)
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sysdb_domain_init_internal] (0x0200): DB File for
domain.subdomain.com: /var/lib/sss/db/cache_domain.subdomain.com.ldb
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [ldb] (0x0400): asq: Unable to register control
with rootdse!
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_process_init] (0x0400): Responder
Initialization complete
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'root' matched without domain, user is root
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using
default domain [
domain.subdomain.com]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding
[
NCE/USER/domain.subdomain.com/root] to negative cache permanently
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'root' matched without domain, user is root
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using
default domain [
domain.subdomain.com]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding
[
NCE/GROUP/domain.subdomain.com/root] to negative cache permanently
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell /bin/sh
in /etc/shells
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell
/bin/bash in /etc/shells
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell
/sbin/nologin in /etc/shells
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell
/bin/dash in /etc/shells
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found shell /bin/ksh
in /etc/shells
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [responder_set_fd_limit] (0x0100): Maximum file
descriptors set to [8192]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_names_init_from_args] (0x0100): Using re
[(?P<name>[^@]+)@?(?P<domain>[^@]*$)].
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_fqnames_init] (0x0100): Using fq format
[%1$s@%2$s].
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [nss_process_init] (0x0400): NSS Initialization
complete
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x41e260:domains@domain.subdomain.com]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get
domains request for [domain.subdomain.com][]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x41e260:domains@domain.subdomain.com]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [dp_id_callback] (0x0100): Got id ack and version
(1) from DP
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data
Provider - DP error code: 3 errno: 19 error message: Subdomains back end target is not
configured
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'root' matched without domain, user is root
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using
default domain [
domain.subdomain.com]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding
[
NCE/USER/domain.subdomain.com/root] to negative cache permanently
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'root' matched without domain, user is root
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using
default domain [
domain.subdomain.com]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding
[
NCE/GROUP/domain.subdomain.com/root] to negative cache permanently
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x41e260:domains@domain.subdomain.com]
(Wed Apr 6 14:51:22 2016) [sssd[nss]] [id_callback] (0x0100): Got id ack and version (1)
from Monitor
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client
version [1].
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version
[1].
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17]
with input [firstname.lastname].
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'firstname.lastname' matched without domain, user is firstname.lastname
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using
default domain [
domain.subdomain.com]
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for
[firstname.lastname] from [
domain.subdomain.com]
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info
for [firstname.lastname(a)domain.subdomain.com]
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x41c490:1:firstname.lastname@domain.subdomain.com]
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request
for [domain.subdomain.com][4097][1][name=firstname.lastname]
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x41c490:1:firstname.lastname@domain.subdomain.com]
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data
Provider - DP error code: 3 errno: 0 error message: Success
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get
information from Data Provider
Error: 3, 0, Success
Will try to return what we have in cache
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x41c490:1:firstname.lastname@domain.subdomain.com]
(Wed Apr 6 14:51:29 2016) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
(Wed Apr 6 14:51:34 2016) [sssd[nss]] [sss_responder_ctx_destructor] (0x0400): Responder
is being shut down
sssd_domain.subdomain.com log -
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [server_setup] (0x0400):
CONFDB: /var/lib/sss/db/config.ldb
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option lookup_family_order has value ipv4_first
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dns_resolver_timeout has value 6
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dns_resolver_op_timeout has value 6
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dns_discovery_domain has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_res_get_opts] (0x0100):
Lookup order: ipv4_first
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [recreate_ares_channel]
(0x0100): Initializing new c-ares channel
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [fo_context_init] (0x0400):
Created new fail over context, retry timeout is 30
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [confdb_get_domain_internal]
(0x0400): No enumeration for [
domain.subdomain.com]!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [confdb_get_domain_internal]
(0x1000): pwd_expiration_warning is -1
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sysdb_domain_init_internal]
(0x0200): DB File for
domain.subdomain.com:
/var/lib/sss/db/cache_domain.subdomain.com.ldb
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ldb] (0x0400): asq: Unable to
register control with rootdse!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_init_connection]
(0x0400): Adding connection 0x2118c20
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_conn_add_interface]
(0x1000): Will register path /org/freedesktop/sssd/service without fallback
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [monitor_common_send_id]
(0x0100): Sending ID: (%BE_domain.subdomain.com,1)
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sss_names_init_from_args]
(0x0100): Using re
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^(a)\\]+)$))].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sss_fqnames_init] (0x0100):
Using fq format [%1$s@%2$s].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [create_socket_symlink]
(0x1000): Symlinking the dbus path
/var/lib/sss/pipes/private/sbus-dp_domain.subdomain.com.6919 to a link
/var/lib/sss/pipes/private/sbus-dp_domain.subdomain.com
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_new_server] (0x0400):
D-BUS Server listening on
unix:path=/var/lib/sss/pipes/private/sbus-dp_domain.subdomain.com.6919,guid=73da7711dc5e23cd8f4ac14100002db8
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x1000): Loading backend [ad] with path [/usr/lib64/sssd/libsss_ad.so].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_domain has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_backup_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_hostname has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_keytab has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_realm has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_enable_dns_sites is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_access_filter has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_enable_gc is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_access_control has value permissive
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_cache_timeout has value 5
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_map_interactive has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_map_remote_interactive has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_map_network has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_map_batch has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_map_service has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_map_permit has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_map_deny has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_gpo_default_right has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ad_site has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_get_common_options]
(0x0100): No AD server set, will use service discovery!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_get_common_options]
(0x0100): Setting ad_hostname to [
computername.domain.subdomain.com].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_get_common_options]
(0x0100): Setting domain option case_sensitive to [false]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [fo_new_service] (0x0400):
Creating new service 'AD'
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [fo_new_service] (0x0400):
Creating new service 'AD_GC'
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_failover_init] (0x0100):
No primary servers defined, using service discovery
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [fo_add_srv_server] (0x0400):
Adding new SRV server to service 'AD_GC' using 'tcp'.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [fo_add_srv_server] (0x0400):
Adding new SRV server to service 'AD' using 'tcp'.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [_ad_servers_init] (0x0100):
Added service discovery for AD
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dyndns_update is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dyndns_refresh_interval has value 86400
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dyndns_iface has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dyndns_ttl has value 3600
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dyndns_update_ptr is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dyndns_force_tcp is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option dyndns_auth has value gss-tsig
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_dyndns_init] (0x0100):
Dynamic DNS updates not set
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_uri has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_backup_uri has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_search_base has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_default_bind_dn has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_default_authtok_type has value password
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_default_authtok has no binary value.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_search_timeout has value 6
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_network_timeout has value 6
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_opt_timeout has value 6
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_tls_reqcert has value hard
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_user_search_base has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_user_search_scope has value sub
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_user_search_filter has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_user_extra_attrs has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_group_search_base has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_group_search_scope has value sub
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_group_search_filter has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_service_search_base has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_search_base has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_full_refresh_interval has value 21600
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_smart_refresh_interval has value 900
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_use_host_filter is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_hostnames has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_ip has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_include_netgroups is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sudo_include_regexp is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_autofs_search_base has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_autofs_map_master_name has value auto.master
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_schema has value rfc2307bis
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_offline_timeout has value 60
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_force_upper_case_realm is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_enumeration_refresh_timeout has value 300
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_purge_cache_timeout has value 10800
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_tls_cacert has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_tls_cacertdir has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_tls_cert has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_tls_key has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_tls_cipher_suite has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_id_use_start_tls is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_id_mapping is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sasl_mech has value gssapi
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sasl_authid has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sasl_realm has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sasl_minssf has value -1
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_krb5_keytab has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_krb5_init_creds is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_backup_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_realm has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_canonicalize is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_use_kdcinfo is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_pwd_policy has value none
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_referrals is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option account_cache_expiration has value 0
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_dns_service_name has value ldap
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_krb5_ticket_lifetime has value 86400
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_access_filter has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_netgroup_search_base has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_group_nesting_level has value 2
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_deref has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_account_expire_policy has value ad
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_access_order has value filter
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_chpass_uri has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_chpass_backup_uri has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_chpass_dns_service_name has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_chpass_update_last_change is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_enumeration_search_timeout has value 60
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_auth_disable_tls_never_use_in_production is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_page_size has value 1000
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_deref_threshold has value 10
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_sasl_canonicalize is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_connection_expire_timeout has value 900
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_disable_paging is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_idmap_range_min has value 200000
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_idmap_range_max has value 2000200000
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_idmap_range_size has value 200000
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_idmap_autorid_compat is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_idmap_default_domain has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_idmap_default_domain_sid has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_groups_use_matching_rule_in_chain is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_initgroups_use_matching_rule_in_chain is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_use_tokengroups is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_rfc2307_fallback_to_local_users is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_disable_range_retrieval is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_min_id has value 0
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_max_id has value 0
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option ldap_pwdlockout_dn has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_entry_usn has value uSNChanged
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_rootdse_last_usn has value highestCommittedUSN
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_object_class has value user
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_name has value sAMAccountName
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_pwd has value unixUserPassword
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_uid_number has value uidNumber
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_gid_number has value gidNumber
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_gecos has value gecos
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_home_directory has value unixHomeDirectory
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shell has value loginShell
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_principal has value userPrincipalName
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_fullname has value name
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_member_of has value memberOf
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_uuid has value objectGUID
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_objectsid has value objectSID
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_primary_group has value primaryGroupID
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_modify_timestamp has value whenChanged
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_entry_usn has value uSNChanged
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shadow_last_change has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shadow_min has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shadow_max has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shadow_warning has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shadow_inactive has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shadow_expire has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_shadow_flag has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_krb_last_pwd_change has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_krb_password_expiration has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_pwd_attribute has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_authorized_service has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_ad_account_expires has value accountExpires
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_ad_user_account_control has value userAccountControl
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_ns_account_lock has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_authorized_host has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_nds_login_disabled has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_nds_login_expiration_time has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_nds_login_allowed_time_map has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_ssh_public_key has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_user_auth_type has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_object_class has value group
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_object_class_alt has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_name has value name
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_pwd has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_gid_number has value gidNumber
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_member has value member
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_uuid has value objectGUID
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_objectsid has value objectSID
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_modify_timestamp has value whenChanged
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_entry_usn has value uSNChanged
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_group_type has value groupType
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_netgroup_object_class has value nisNetgroup
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_netgroup_name has value cn
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_netgroup_member has value memberNisNetgroup
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_netgroup_triple has value nisNetgroupTriple
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_netgroup_modify_timestamp has value modifyTimestamp
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_service_object_class has value ipService
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_service_name has value cn
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_service_port has value ipServicePort
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_service_proto has value ipServiceProtocol
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_map] (0x0400):
Option ldap_service_entry_usn has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_set_ad_id_options]
(0x0100): Option krb5_realm set to
DOMAIN.SUBDOMAIN.COM
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_sasl_options]
(0x0100): Will look for computername.domain.subdomain.com(a)DOMAIN.SUBDOMAIN.COM in default
keytab
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [select_principal_from_keytab]
(0x0200): trying to select the most appropriate principal from keytab
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [find_principal_in_keytab]
(0x0400): No principal matching computername.domain.subdomain.com(a)DOMAIN.SUBDOMAIN.COM
found in keytab.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [match_principal] (0x1000):
Principal matched to the sample (COMPUTERNAME$(a)DOMAIN.SUBDOMAIN.COM).
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [select_principal_from_keytab]
(0x0200): Selected primary: COMPUTERNAME$
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [select_principal_from_keytab]
(0x0200): Selected realm:
DOMAIN.SUBDOMAIN.COM
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_sasl_options]
(0x0100): Option ldap_sasl_authid set to COMPUTERNAME$
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_sasl_options]
(0x0100): Option ldap_sasl_realm set to
DOMAIN.SUBDOMAIN.COM
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_set_search_bases]
(0x0100): Search base not set. SSSD will attempt to discover it later, when connecting to
the LDAP server.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sdap_id_setup_tasks]
(0x0400): Setting up cleanup task for
domain.subdomain.com
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_ptask_create] (0x0400):
Periodic task [Cleanup of
domain.subdomain.com] was created
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_ptask_schedule] (0x0400):
Task [Cleanup of
domain.subdomain.com]: scheduling task 10 seconds from now [1459918292]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sysdb_idmap_get_mappings]
(0x0080): Could not locate ID mappings: [No such file or directory]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_fo_set_srv_lookup_plugin]
(0x0400): Trying to set SRV lookup plugin to AD
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_fo_set_srv_lookup_plugin]
(0x0400): SRV lookup plugin is now AD
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x1000): Backend [ad] already loaded.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_backup_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_realm has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_ccachedir has value /tmp
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_ccname_template has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_auth_timeout has value 6
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_keytab has value /etc/krb5.keytab
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_validate is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_kpasswd has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_backup_kpasswd has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_store_password_if_offline is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_renewable_lifetime has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_lifetime has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_renew_interval has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_use_fast has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_fast_principal has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_canonicalize is FALSE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_use_enterprise_principal is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_get_options] (0x0400):
Option krb5_use_kdcinfo is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_get_auth_options]
(0x0100): Option krb5_server set to (null)
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_get_auth_options]
(0x0100): Option krb5_realm set to
DOMAIN.SUBDOMAIN.COM
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [ad_get_auth_options]
(0x0100): Option krb5_use_kdcinfo set to true
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [check_and_export_lifetime]
(0x0200): No lifetime configured.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [check_and_export_lifetime]
(0x0200): No lifetime configured.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [check_and_export_options]
(0x0100): No KDC explicitly configured, using defaults.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [check_and_export_options]
(0x0100): No kpasswd server explicitly configured, using the KDC or defaults.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [check_and_export_options]
(0x0100): ccache is of type FILE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x1000): Backend [ad] already loaded.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_domain has value
domain.subdomain.com
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_backup_server has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_hostname has value
computername.domain.subdomain.com
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option krb5_keytab has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option krb5_realm has value
DOMAIN.SUBDOMAIN.COM
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_enable_dns_sites is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_access_filter has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_enable_gc is TRUE
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_access_control has value permissive
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_cache_timeout has value 5
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_map_interactive has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_map_remote_interactive has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_map_network has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_map_batch has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_map_service has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_map_permit has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_map_deny has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_gpo_default_right has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option ad_site has no value
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [dp_copy_options_ex] (0x0400):
Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x1000): Backend [ad] already loaded.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_process_init_sudo]
(0x0400): SUDO is not listed in services, disabling SUDO module.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_process_init] (0x0080): No
SUDO module provided for [
domain.subdomain.com] !!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x0200): no module name found in confdb, using [ad].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x1000): Backend [ad] already loaded.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_process_init] (0x0080): No
autofs module provided for [
domain.subdomain.com] !!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_process_init] (0x0020): No
selinux module provided for [
domain.subdomain.com] !!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x0200): no module name found in confdb, using [ad].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [load_backend_module]
(0x1000): Backend [ad] already loaded.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_process_init] (0x0020): No
host info module provided for [
domain.subdomain.com] !!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_process_init] (0x0020):
Subdomains are not supported for [
domain.subdomain.com] !!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [become_user] (0x0200): Trying
to become user [0][0].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [become_user] (0x0200):
Already user [0].
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [main] (0x0400): Backend
provider (
domain.subdomain.com) started!
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [id_callback] (0x0100): Got id
ack and version (1) from Monitor
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Entering.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Adding connection 0x212fa20.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_init_connection]
(0x0400): Adding connection 0x212fa20
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_client_init] (0x0100):
Set-up Backend ID timeout [0x2116060]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_conn_add_interface]
(0x1000): Will register path /org/freedesktop/sssd/dataprovider without fallback
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Entering.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Adding connection 0x2131ed0.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_init_connection]
(0x0400): Adding connection 0x2131ed0
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_client_init] (0x0100):
Set-up Backend ID timeout [0x21326a0]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_conn_add_interface]
(0x1000): Will register path /org/freedesktop/sssd/dataprovider without fallback
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Entering.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Adding connection 0x2134f80.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_init_connection]
(0x0400): Adding connection 0x2134f80
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_client_init] (0x0100):
Set-up Backend ID timeout [0x21358a0]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_conn_add_interface]
(0x1000): Will register path /org/freedesktop/sssd/dataprovider without fallback
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Cancel DP ID timeout [0x2116060]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Added Frontend client [SSH]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Cancel DP ID timeout [0x21326a0]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Added Frontend client [PAM]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Entering.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Adding connection 0x21370c0.
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_init_connection]
(0x0400): Adding connection 0x21370c0
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]]
[sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [be_client_init] (0x0100):
Set-up Backend ID timeout [0x2137e80]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [sbus_conn_add_interface]
(0x1000): Will register path /org/freedesktop/sssd/dataprovider without fallback
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Cancel DP ID timeout [0x2137e80]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Added Frontend client [PAC]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Cancel DP ID timeout [0x21358a0]
(Wed Apr 6 14:51:22 2016) [sssd[be[domain.subdomain.com]]] [client_registration]
(0x0100): Added Frontend client [NSS]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [be_get_account_info]
(0x0200): Got request for [0x1001][1][name=firstname.lastname]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [be_req_set_domain] (0x0400):
Changing request domain from [
domain.subdomain.com] to [
domain.subdomain.com]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from
[(null)]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from
[(null)]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [get_port_status] (0x1000):
Port status of port 0 for server '(no name)' is 'neutral'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolve_srv_send] (0x0200):
The status of SRV lookup is neutral
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_srv_plugin_send] (0x0400):
About to find domain controllers
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_get_dc_servers_send]
(0x0400): Looking up domain controllers in domain
domain.subdomain.com
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will
use DNS discovery domain 'domain.subdomain.com'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolv_getsrv_send] (0x0100):
Trying to resolve SRV record of '_ldap._tcp.domain.subdomain.com'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolv_getsrv_done] (0x1000):
Using TTL [600]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [request_watch_destructor]
(0x0400): Deleting request watch
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_discover_srv_done]
(0x0400): Got answer. Processing...
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_discover_srv_done]
(0x0400): Got 8 servers
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_get_dc_servers_done]
(0x0400): Found 8 domain controllers in domain
domain.subdomain.com
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_srv_plugin_dcs_done]
(0x0400): About to locate suitable site
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_connect_host_send]
(0x0400): Resolving host
domaincontrollerA0102.domain.subdomain.com
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'domaincontrollerA0102.domain.subdomain.com' in files
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of
'domaincontrollerA0102.domain.subdomain.com' in files
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolv_gethostbyname_next]
(0x0200): No more address families to retry
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
'domaincontrollerA0102.domain.subdomain.com' in DNS
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [request_watch_destructor]
(0x0400): Deleting request watch
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[sdap_connect_host_resolv_done] (0x0400): Connecting to
ldap://domaincontrollerA0102.domain.subdomain.com:389
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sss_ldap_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://domaincontrollerA0102.domain.subdomain.com:389/??base] with fd [24].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_connect_host_done]
(0x0400): Successful connection to ldap://domaincontrollerA0102.domain.subdomain.com:389
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x0400): calling ldap_search_ext with
[(&(DnsDomain=domain.subdomain.com)(NtVer=\14\00\00\00))][].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [netlogon]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_parse_entry] (0x1000):
OriginalDN: [].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_op_finished]
(0x0400): Search result: Success(0), no errmsg set
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_get_client_site_done]
(0x0040): Unable to retrieve site name [2]: No such file or directory
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_srv_plugin_site_done]
(0x0400): About to discover primary and backup servers
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_discover_servers_send]
(0x0400): Looking up primary servers
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will
use DNS discovery domain 'domain.subdomain.com'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolv_getsrv_send] (0x0100):
Trying to resolve SRV record of '_ldap._tcp.domain.subdomain.com'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolv_getsrv_done] (0x1000):
Using TTL [600]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [request_watch_destructor]
(0x0400): Deleting request watch
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_discover_srv_done]
(0x0400): Got answer. Processing...
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_discover_srv_done]
(0x0400): Got 8 servers
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[fo_discover_servers_primary_done] (0x0400): No backup domain specified
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_srv_plugin_servers_done]
(0x0400): Got 8 primary and 0 backup servers
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerB0103.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerA0101.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerC0102.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerC0101.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerA0102.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerB0101.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerB0104.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_add_server_to_list]
(0x0400): Inserted primary server 'domaincontrollerB0102.domain.subdomain.com:389'
to service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [set_srv_data_status]
(0x0100): Marking SRV lookup of service 'AD' as 'resolved'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [get_server_status] (0x1000):
Status of server 'domaincontrollerB0103.domain.subdomain.com' is 'name not
resolved'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'domaincontrollerB0103.domain.subdomain.com' in files
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [set_server_common_status]
(0x0100): Marking server 'domaincontrollerB0103.domain.subdomain.com' as
'resolving name'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of
'domaincontrollerB0103.domain.subdomain.com' in files
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolv_gethostbyname_next]
(0x0200): No more address families to retry
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
'domaincontrollerB0103.domain.subdomain.com' in DNS
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [request_watch_destructor]
(0x0400): Deleting request watch
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [set_server_common_status]
(0x0100): Marking server 'domaincontrollerB0103.domain.subdomain.com' as 'name
resolved'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [be_resolve_server_process]
(0x1000): Saving the first resolved server
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [be_resolve_server_process]
(0x0200): Found address for server
domaincontrollerB0103.domain.subdomain.com:
[192.168.1.26] TTL 3600
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_resolve_callback]
(0x0100): Constructed uri 'ldap://domaincontrollerB0103.domain.subdomain.com'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_resolve_callback]
(0x0100): Constructed GC uri 'ldap://domaincontrollerB0103.domain.subdomain.com'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sss_ldap_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://domaincontrollerB0103.domain.subdomain.com:389/??base] with fd [24].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [*]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [altServer]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [namingContexts]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [supportedControl]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [supportedExtension]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [supportedFeatures]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [supportedLDAPVersion]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [supportedSASLMechanisms]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [domainControllerFunctionality]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [defaultNamingContext]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [lastUSN]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [highestCommittedUSN]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_parse_entry] (0x1000):
OriginalDN: [].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_op_finished]
(0x0400): Search result: Success(0), no errmsg set
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [get_naming_context] (0x0200):
Using value from [defaultNamingContext] as naming context.
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_search_base] to [DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [common_parse_search_base]
(0x0100): Search base added: [DEFAULT][DC=DOMAIN,DC=SUBDOMAIN,DC=COM][SUBTREE][]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_user_search_base] to [DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [common_parse_search_base]
(0x0100): Search base added: [USER][DC=DOMAIN,DC=SUBDOMAIN,DC=COM][SUBTREE][]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_group_search_base] to [DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [common_parse_search_base]
(0x0100): Search base added: [GROUP][DC=DOMAIN,DC=SUBDOMAIN,DC=COM][SUBTREE][]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_netgroup_search_base] to [DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [common_parse_search_base]
(0x0100): Search base added: [NETGROUP][DC=DOMAIN,DC=SUBDOMAIN,DC=COM][SUBTREE][]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_sudo_search_base] to [DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [common_parse_search_base]
(0x0100): Search base added: [SUDO][DC=DOMAIN,DC=SUBDOMAIN,DC=COM][SUBTREE][]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_service_search_base] to [DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [common_parse_search_base]
(0x0100): Search base added: [SERVICE][DC=DOMAIN,DC=SUBDOMAIN,DC=COM][SUBTREE][]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_set_search_base]
(0x0100): Setting option [ldap_autofs_search_base] to [DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [common_parse_search_base]
(0x0100): Search base added: [AUTOFS][DC=DOMAIN,DC=SUBDOMAIN,DC=COM][SUBTREE][]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]]
[sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [6]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_kinit_send] (0x0400):
Attempting kinit (default, COMPUTERNAME$,
DOMAIN.SUBDOMAIN.COM, 86400)
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_kinit_next_kdc]
(0x1000): Resolving next KDC for service AD
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'AD'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [get_server_status] (0x1000):
Status of server 'domaincontrollerB0103.domain.subdomain.com' is 'name
resolved'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [resolve_srv_send] (0x0200):
The status of SRV lookup is resolved
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [get_server_status] (0x1000):
Status of server 'domaincontrollerB0103.domain.subdomain.com' is 'name
resolved'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [be_resolve_server_process]
(0x1000): Saving the first resolved server
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [be_resolve_server_process]
(0x0200): Found address for server
domaincontrollerB0103.domain.subdomain.com:
[192.168.1.26] TTL 3600
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_kinit_kdc_resolved]
(0x1000): KDC resolved, attempting to get TGT...
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [create_tgt_req_send_buffer]
(0x0400): buffer size: 59
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [set_tgt_child_timeout]
(0x0400): Setting 6 seconds timeout for tgt child
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [write_pipe_handler] (0x0400):
All data has been sent!
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [child_sig_handler] (0x1000):
Waiting for child [6926].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [child_sig_handler] (0x0100):
child [6926] finished successfully.
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [read_pipe_handler] (0x0400):
EOF received, client finished
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_tgt_recv] (0x0400):
Child responded: 0 [
FILE:/var/lib/sss/db/ccache_DOMAIN.SUBDOMAIN.COM], expired on
[1459954289]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_cli_auth_step] (0x0100):
expire timeout is 900
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_cli_auth_step] (0x1000):
the connection will expire at 1459919189
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sasl_bind_send] (0x0100):
Executing sasl bind mech: gssapi, user: COMPUTERNAME$
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_set_port_status] (0x0100):
Marking port 389 of server 'domaincontrollerB0103.domain.subdomain.com' as
'working'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [set_server_common_status]
(0x0100): Marking server 'domaincontrollerB0103.domain.subdomain.com' as
'working'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [fo_set_port_status] (0x0400):
Marking port 389 of duplicate server 'domaincontrollerB0103.domain.subdomain.com'
as 'working'
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_user_data_cmp] (0x1000):
Comparing LDAP with LDAP
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_posix_check_next]
(0x0400): Searching for POSIX attributes with base [DC=DOMAIN,DC=SUBDOMAIN,DC=COM]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x0400): calling ldap_search_ext with
[(|(&(uidNumber=*)(objectclass=user))(&(gidNumber=*)(objectclass=group)))][DC=DOMAIN,DC=SUBDOMAIN,DC=COM].
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [objectclass]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [uidNumber]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [gidNumber]
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [be_run_online_cb] (0x0080):
Going online. Running callbacks.
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_get_generic_op_finished]
(0x0400): Search result: Success(0), no errmsg set
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [sdap_posix_check_done]
(0x1000): Cycled through all bases
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [disable_gc] (0x0040): POSIX
attributes were requested but are not present on the server side. Global Catalog lookups
will be disabled
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [acctinfo_callback] (0x0100):
Request processed. Returned 3,0,Success
(Wed Apr 6 14:51:29 2016) [sssd[be[domain.subdomain.com]]] [ad_online_cb] (0x0400): The
AD provider is online
(Wed Apr 6 14:51:32 2016) [sssd[be[domain.subdomain.com]]] [be_ptask_execute] (0x0400):
Task [Cleanup of
domain.subdomain.com]: executing task, timeout 10800 seconds
(Wed Apr 6 14:51:32 2016) [sssd[be[domain.subdomain.com]]] [cleanup_users] (0x0200):
Found 0 expired user entries!
(Wed Apr 6 14:51:32 2016) [sssd[be[domain.subdomain.com]]] [cleanup_groups] (0x0200):
Found 0 expired group entries!
(Wed Apr 6 14:51:32 2016) [sssd[be[domain.subdomain.com]]] [be_ptask_done] (0x0400): Task
[Cleanup of
domain.subdomain.com]: finished successfully
(Wed Apr 6 14:51:32 2016) [sssd[be[domain.subdomain.com]]] [be_ptask_schedule] (0x0400):
Task [Cleanup of
domain.subdomain.com]: scheduling task 10800 seconds from last execution
time [1459929092]
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [be_client_destructor]
(0x0400): Removed PAC client
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [be_client_destructor]
(0x0400): Removed SSH client
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [be_client_destructor]
(0x0400): Removed PAM client
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [sbus_dispatch] (0x0080):
Connection is not open for dispatching.
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [be_client_destructor]
(0x0400): Removed NSS client
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [remove_krb5_info_files]
(0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.DOMAIN.SUBDOMAIN.COM], [2][No
such file or directory]
(Wed Apr 6 14:51:34 2016) [sssd[be[domain.subdomain.com]]] [be_ptask_destructor]
(0x0400): Terminating periodic task [Cleanup of
domain.subdomain.com]