On Fri, Feb 12, 2021 at 10:43:18PM -0000, Mike Conner via FreeIPA-users wrote: > More logs. This is from another broken client during an attempt to login as > an AD user: > **** > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] > (0x1000): Domain domain.edu is Active > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] > [sdap_id_op_connect_step] (0x4000): reusing cached connection > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] > [ipa_s2n_get_acct_info_send] (0x0400): Sending request_type: > [REQ_FULL_WITH_MEMBERS] for trust user > [S-1-5-21-71189414-1642862984-1097818727-22197] to IPA server > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_send] > (0x0400): Executing extended operation > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_send] > (0x2000): ldap_extended_operation sent, msgid = 16 > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_op_add] (0x2000): > New operation 16 timeout 6 > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] > (0x2000): Trace: sh[0x55eb482586a0], connected[1], ops[0x55eb482c6f10], > ldap[0x55eb48274a50] > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] > (0x2000): Trace: end of ldap_result list > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] > (0x2000): Trace: sh[0x55eb482586a0], connected[1], ops[0x55eb482c6f10], > ldap[0x55eb48274a50] > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_message] > (0x4000): Message type: [LDAP_RES_EXTENDED] > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_done] > (0x0040): ldap_extended_operation result: Operations error(1), Failed to > split fully qualified name. > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_exop_done] > (0x0040): ldap_extended_operation failed, server logs might contain more > details.
Hi, the client sends a lookup request for the SID S-1-5-21-71189414-1642862984-1097818727-22197 to the server but on the server side a user or a group which are processed during this request do not have an '@' character in the name. Did you modify sssd.conf on the server to return only short names? If that's not the case do you know if the AD object with SID S-1-5-21-71189414-1642862984-1097818727-22197 has some '@' characters in the name? And which version of IPA are you using on the IPA servers? bye, Sumit > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_op_destructor] > (0x2000): Operation 16 finished > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [ipa_s2n_get_user_done] > (0x0040): s2n exop request failed. > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_id_op_done] > (0x4000): releasing operation connection > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] > [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: > [1432158229]: Network I/O Error. > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_id_op_destroy] > (0x4000): releasing operation connection > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_done] (0x0400): > DP Request [Account #1]: Request handler finished [0]: Success > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [_dp_req_recv] > (0x0400): DP Request [Account #1]: Receiving request data. > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] > [dp_req_reply_list_success] (0x0400): DP Request [Account #1]: Finished. > Success. > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_reply_std] > (0x1000): DP Request [Account #1]: Returning [Internal Error]: > 3,1432158229,Network I/O Error > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] > [dp_table_value_destructor] (0x0400): Removing > [0:1:0x0001:1:V:domain.edu:[email protected]] from reply table > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_destructor] > (0x0400): DP Request [Account #1]: Request removed. > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [dp_req_destructor] > (0x0400): Number of active DP request: 0 > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] > (0x2000): Trace: sh[0x55eb482586a0], connected[1], ops[(nil)], > ldap[0x55eb48274a50] > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sdap_process_result] > (0x2000): Trace: end of ldap_result list > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): dbus conn: 0x55eb482d0940 > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sbus_dispatch] > (0x4000): Dispatching. > (Fri Feb 12 16:35:20 2021) [sssd[be[ipa.domain.edu]]] [sbus_message_handler] > (0x2000): Received SBUS method > org.freedesktop.sssd.dataprovider.getAccountInfo on path > /org/freedesktop/sssd/dataprovider > **** > > The `Returning [Internal Error]: 3,1432158229,Network I/O Error` part sticks > out. > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
