Bug#859445: sssd: Offline authentication : Access denied for user : 4 (System error)

[Thomas Sillard]

Package: sssd
Version: 1.15.0-3
Severity: important

Dear Maintainer,

We are testing SSO with Debian 9 / sssd / realmd to authenticate users on 
Active directory from Linux laptops.
All works fine when the computer is connected to the network, but not in 
offline mode.

Here is what we do : 

apt-get install -y krb5-user adcli packagekit realmd libpam-sss libnss-sss sssd 
sssd-tools samba-common-bin

realm join --verbose my.local.domain

-> Edit /etc/sssd/sssd.conf

[sssd]
domains = mydomain.local.lan
config_file_version = 2
services = nss, pam

[domain/mydomain.local.lan]
ad_domain = mydomain.local.lan
krb5_realm = MYDOMAIN.LOCAL.LAN
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = false
fallback_homedir = /home/%d/%u
access_provider = ad
enumerate = true

-> Restarting sssd

service sssd restart

-> Creating file /usr/share/pam-configs/mkhomedir :

echo "Name: Create home directory during login" > 
/usr/share/pam-configs/mkhomedir
echo "Default: yes" >> /usr/share/pam-configs/mkhomedir
echo "Priority: 900" >> /usr/share/pam-configs/mkhomedir
echo "Session-Type: Additional" >> /usr/share/pam-configs/mkhomedir
echo "Session: required pam_mkhomedir.so umask=0022 skel=/etc/skel" >> 
/usr/share/pam-configs/mkhomedir

-> Updating pam config with all options checked

pam-auth-update -> "check all"

-> Adding sudo and polkit permissions for the "Domain admins" AD group

echo "%domain\ admins ALL=(ALL:ALL) ALL" > /etc/sudoers.d/domain_admins

echo "[Configuration]" > 
/etc/polkit-1/localauthority.conf.d/52-realmd-admin.conf
echo "AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:domain 
admins" >> /etc/polkit-1/localauthority.conf.d/52-realmd-admin.conf

-> Reboot

With this setup, we are able to open a session on the computer with an AD user 
account with no problems, /var/log/auth.log looks like :

Apr  3 14:58:44 pc-tsillard-2 login[6775]: pam_unix(login:auth): authentication 
failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost=  user=tsillard
Apr  3 14:58:45 pc-tsillard-2 login[6775]: pam_sss(login:auth): authentication 
success; logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost= user=tsillard
Apr  3 14:58:45 pc-tsillard-2 login[6775]: pam_unix(login:session): session 
opened for user tsillard by LOGIN(uid=0)
Apr  3 14:58:45 pc-tsillard-2 systemd-logind[744]: New session 18 of user 
tsillard.

If we go in "offline" mode (i.e With network cable unplugged), authentication 
fails with :

Apr  3 14:59:54 pc-tsillard-2 login[7036]: pam_unix(login:auth): authentication 
failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost=  user=tsillard
Apr  3 15:00:00 pc-tsillard-2 login[7036]: pam_sss(login:auth): authentication 
success; logname=LOGIN uid=0 euid=0 tty=/dev/tty2 ruser= rhost= user=tsillard
Apr  3 15:00:00 pc-tsillard-2 login[7036]: pam_sss(login:account): Access 
denied for user tsillard: 4 (System error)
Apr  3 15:00:00 pc-tsillard-2 login[7036]: System error

I have reproduced on different 2 computers.
The same setup works fine with stable Debian 8.

/var/log/sssd/sssd_pam.log with debug_level = 8 in [pam] section : 

(Fri Mar 31 18:09:03 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:09:42 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:13:25 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:14:14 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:14:54 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:33:29 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:48:44 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:53:54 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Fri Mar 31 18:56:53 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Mon Apr  3 12:35:18 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Mon Apr  3 14:53:26 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [server_setup] (0x0400): CONFDB: 
/var/lib/sss/db/config.ldb
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [confdb_get_domain_internal] (0x1000): 
pwd_expiration_warning is -1
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_init_connection] (0x0400): Adding 
connection 0x55a8b4bdd210
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 
0x55a8b4bdeb70/0x55a8b4bd7160 (13), -/W (enabled)
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): 
Registering interface org.freedesktop.sssd.service with path 
/org/freedesktop/sssd/service
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_conn_register_path] (0x0400): 
Registering object path /org/freedesktop/sssd/service with D-Bus connection
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): 
Registering interface org.freedesktop.DBus.Properties with path 
/org/freedesktop/sssd/service
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): 
Registering interface org.freedesktop.DBus.Introspectable with path 
/org/freedesktop/sssd/service
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [monitor_common_send_id] (0x0100): 
Sending ID: (pam,1)
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4bdbac0
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_names_init_from_args] (0x0100): 
Using re 
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq 
format [%1$s@%2$s].
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_init_connection] (0x0400): Adding 
connection 0x55a8b4be0220
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 
0x55a8b4be10e0/0x55a8b4bdfdd0 (14), -/W (enabled)
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [rdp_message_send_internal] (0x0400): DP 
Request: /org/freedesktop/sssd/dataprovider 
org.freedesktop.sssd.DataProvider.Client.Register
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be18d0
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sysdb_domain_init_internal] (0x0200): 
DB File for mydomain.local.lan: /var/lib/sss/db/cache_mydomain.local.lan.ldb
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sysdb_domain_init_internal] (0x0200): 
Timestamp file for mydomain.local.lan: 
/var/lib/sss/db/timestamps_mydomain.local.lan.ldb
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [ldb] (0x0400): asq: Unable to register 
control with rootdse!
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_names_init_from_args] (0x0100): 
Using re 
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq 
format [%1$s@%2$s].
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_process_init] (0x0400): Responder 
initialization complete (explicitly configured)
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [get_trusted_uids] (0x0400): All UIDs 
are allowed.
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'root' matched without domain, user is root
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding 
[NCE/USER/mydomain.local.lan/r...@mydomain.local.lan] to negative cache 
permanently
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'root' matched without domain, user is root
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding 
[NCE/GROUP/mydomain.local.lan/r...@mydomain.local.lan] to negative cache 
permanently
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [responder_set_fd_limit] (0x0100): 
Maximum file descriptors set to [8192]
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x55a8b36623b0:doma...@mydomain.local.lan]
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_dp_get_domains_msg] (0x0400): 
Sending get domains request for [mydomain.local.lan][]
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4bdb1b0
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): 
Entering request [0x55a8b36623b0:doma...@mydomain.local.lan]
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4bdbac0
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [id_callback] (0x0100): Got id ack and 
version (1) from Monitor
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be18d0
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [rdp_process_pending_call] (0x0400): DP 
Success
(Mon Apr  3 14:58:02 2017) [sssd[pam]] [rdp_register_client_done] (0x0400): 
Client is registered with DP
(Mon Apr  3 14:58:03 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4bdb1b0
(Mon Apr  3 14:58:03 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply 
from Data Provider - DP error code: 0 errno: 0 error message: Success
(Mon Apr  3 14:58:03 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'root' matched without domain, user is root
(Mon Apr  3 14:58:03 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding 
[NCE/USER/mydomain.local.lan/r...@mydomain.local.lan] to negative cache 
permanently
(Mon Apr  3 14:58:03 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'root' matched without domain, user is root
(Mon Apr  3 14:58:03 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding 
[NCE/GROUP/mydomain.local.lan/r...@mydomain.local.lan] to negative cache 
permanently
(Mon Apr  3 14:58:03 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x55a8b36623b0:doma...@mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [get_client_cred] (0x0080): The 
following failure is expected to happen in case SELinux is disabled:
SELINUX_getpeercon failed [92][Protocole non disponible].
Please, consider enabling SELinux in your system.
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client 
connected to privileged pipe!
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received 
client version [3].
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered 
version [3].
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): 
entering pam_cmd_authenticate
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'tsillard' matched without domain, user is tsillard
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_AUTHENTICATE
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): user: tsillard
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 
1
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/mydomain.local.lan/tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): 
Creating request for 
[mydomain.local.lan][0x3][BE_REQ_INITGROUPS][name=tsill...@mydomain.local.lan:-]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be21a0
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): 
Entering request 
[0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be21a0
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply 
from Data Provider - DP error code: 0 errno: 0 error message: Success
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is tsill...@mydomain.local.lan
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[tsillard] added to PAM initgroup cache
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_AUTHENTICATE
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
mydomain.local.lan
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
tsill...@mydomain.local.lan
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 
1
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Succès)][mydomain.local.lan]
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Succès.
(Mon Apr  3 14:58:44 2017) [sssd[pam]] [sysdb_ldb_msg_difference] (0x2000): 
Replaced/extended attr [lastOnlineAuth] of entry 
[name=tsill...@mydomain.local.lan,cn=users,cn=mydomain.local.lan,cn=sysdb]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sysdb_set_entry_attr] (0x0200): Entry 
[name=tsill...@mydomain.local.lan,cn=users,cn=mydomain.local.lan,cn=sysdb] has 
set [cache, ts_cache] attrs.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Succès.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [filter_responses] (0x0100): 
[pam_response_filter] not available, not fatal.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 83
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering 
pam_cmd_acct_mgmt
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'tsillard' matched without domain, user is tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_ACCT_MGMT
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): user: tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/mydomain.local.lan/tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): 
User [tsillard] found in PAM cache.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is tsill...@mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_ACCT_MGMT
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
tsill...@mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Succès)][mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Succès.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [filter_responses] (0x0100): 
[pam_response_filter] not available, not fatal.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 30
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): 
entering pam_cmd_open_session
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'tsillard' matched without domain, user is tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_OPEN_SESSION
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): user: tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/mydomain.local.lan/tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): 
User [tsillard] found in PAM cache.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is tsill...@mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_OPEN_SESSION
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
tsill...@mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Succès)][mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Succès.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [filter_responses] (0x0100): 
[pam_response_filter] not available, not fatal.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 30
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering 
pam_cmd_setcred
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'tsillard' matched without domain, user is tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_SETCRED
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): user: tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/mydomain.local.lan/tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): 
User [tsillard] found in PAM cache.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [tsill...@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is tsill...@mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_SETCRED
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
tsill...@mydomain.local.lan
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Succès)][mydomain.local.lan]
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Succès.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [filter_responses] (0x0100): 
[pam_response_filter] not available, not fatal.
(Mon Apr  3 14:58:45 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 30
(Mon Apr  3 14:58:49 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): 
[tsillard] removed from PAM initgroup cache
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100): 
entering pam_cmd_close_session
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'tsillard' matched without domain, user is tsillard
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_CLOSE_SESSION
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): user: tsillard
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/mydomain.local.lan/tsill...@mydomain.local.lan]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): 
Creating request for 
[mydomain.local.lan][0x3][BE_REQ_INITGROUPS][name=tsill...@mydomain.local.lan:-]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): 
Entering request 
[0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply 
from Data Provider - DP error code: 0 errno: 0 error message: Success
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [tsill...@mydomain.local.lan]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is tsill...@mydomain.local.lan
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[tsillard] added to PAM initgroup cache
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_CLOSE_SESSION
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
mydomain.local.lan
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
tsill...@mydomain.local.lan
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6775
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be1b00
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be1b00
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Succès)][mydomain.local.lan]
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Succès.
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [filter_responses] (0x0100): 
[pam_response_filter] not available, not fatal.
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 30
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [client_recv] (0x0200): Client 
disconnected!
(Mon Apr  3 14:59:35 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated 
client [0x55a8b4be5c40][19]
(Mon Apr  3 14:59:40 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): 
[tsillard] removed from PAM initgroup cache
(Mon Apr  3 14:59:49 2017) [sssd[pam]] [sbus_message_handler] (0x2000): 
Received SBUS method org.freedesktop.sssd.service.resInit on path 
/org/freedesktop/sssd/service
(Mon Apr  3 14:59:49 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not 
a sysbus message, quit
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [get_client_cred] (0x0080): The 
following failure is expected to happen in case SELinux is disabled:
SELINUX_getpeercon failed [92][Protocole non disponible].
Please, consider enabling SELinux in your system.
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client 
connected to privileged pipe!
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received 
client version [3].
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered 
version [3].
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): 
entering pam_cmd_authenticate
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'tsillard' matched without domain, user is tsillard
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_AUTHENTICATE
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): user: tsillard
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 
1
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7036
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/mydomain.local.lan/tsill...@mydomain.local.lan]
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): 
Creating request for 
[mydomain.local.lan][0x3][BE_REQ_INITGROUPS][name=tsill...@mydomain.local.lan:-]
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 14:59:54 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): 
Entering request 
[0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be41b0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply 
from Data Provider - DP error code: 1 errno: 11 error message: Init group 
lookup failed
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): 
Unable to get information from Data Provider
Error: 1, 11, Init group lookup failed
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [tsill...@mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is tsill...@mydomain.local.lan
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[tsillard] added to PAM initgroup cache
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_AUTHENTICATE
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
mydomain.local.lan
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
tsill...@mydomain.local.lan
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 
1
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7036
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be3640
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x55a8b3660aa0:3:tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be3640
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [9 (Le service d'authentification n'a pas pu récupérer les 
informations d'authentification)][mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [9]: Le service d'authentification n'a pas pu récupérer les 
informations d'authentification.
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sysdb_cache_auth] (0x0100): Hashes do 
match!
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sysdb_ldb_msg_difference] (0x2000): 
Replaced/extended attr [lastLogin] of entry 
[name=tsill...@mydomain.local.lan,cn=users,cn=mydomain.local.lan,cn=sysdb]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sysdb_set_entry_attr] (0x0200): Entry 
[name=tsill...@mydomain.local.lan,cn=users,cn=mydomain.local.lan,cn=sysdb] has 
set [cache, ts_cache] attrs.
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Succès.
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [filter_responses] (0x0100): 
[pam_response_filter] not available, not fatal.
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 83
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering 
pam_cmd_acct_mgmt
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'tsillard' matched without domain, user is tsillard
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_ACCT_MGMT
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): user: tsillard
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7036
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/mydomain.local.lan/tsill...@mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): 
User [tsillard] found in PAM cache.
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [tsill...@mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [tsill...@mydomain.local.lan@mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is tsill...@mydomain.local.lan
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_ACCT_MGMT
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
mydomain.local.lan
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
tsill...@mydomain.local.lan
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): service: login
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty2
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 7036
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
tsillard
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x55a8b4be1b00
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x55a8b4be1b00
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [4 (Erreur système)][mydomain.local.lan]
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [4]: Erreur système.
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [filter_responses] (0x0100): 
[pam_response_filter] not available, not fatal.
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 30
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [client_recv] (0x0200): Client 
disconnected!
(Mon Apr  3 15:00:00 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated 
client [0x55a8b4be5c40][19]
(Mon Apr  3 15:00:05 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): 
[tsillard] removed from PAM initgroup cache
(Mon Apr  3 15:00:35 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Mon Apr  3 15:00:35 2017) [sssd[pam]] [sss_responder_ctx_destructor] (0x0400): 
Responder is being shut down
(Mon Apr  3 15:12:31 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children
(Mon Apr  3 15:14:16 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: 
killing children


Regards, 

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sssd depends on:
ii  python-sss   1.15.0-3
ii  sssd-ad      1.15.0-3
ii  sssd-common  1.15.0-3
ii  sssd-ipa     1.15.0-3
ii  sssd-krb5    1.15.0-3
ii  sssd-ldap    1.15.0-3
ii  sssd-proxy   1.15.0-3

sssd recommends no packages.

sssd suggests no packages.

-- no debconf information