On Thu, Jan 02, 2014 at 08:06:31PM +0000, Andrew Holway wrote:
> /var/log/sssd/*
> this is using bob@host (prattle.com is the windows domain)
> https://gist.github.com/anonymous/ff817a251948ff58bdb1
> this is using b...@prattle.com@host (prattle.com is the windows domain)

Thanks, these logs have somewhat more info than those in the other

It seems that Winbind on the IPA server has trouble talking to the AD

(Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [fo_set_port_status]
(0x0100): Marking port 0 of server 'ipa.wibble.com' as 'working'
(Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]]
[set_server_common_status] (0x0100): Marking server 'ipa.wibble.com' as
(Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [ipa_s2n_get_user_done]
(0x0040): s2n exop request failed.

(The s2n exop does a special LDAP call to IPA which in turn calls
winbind on the server).

To generate the winbind logs on the server, can you do 'smbcontrol winbindd
debug 100', then request the trusted user. The winbind logs would be at

I'd advise to restart SSSD on the client before the test to get rid of
the negative cache and make sure the request actually hits the server.

Freeipa-users mailing list

Reply via email to