On 06/25/2015 02:10 PM, Sumit Bose wrote: > On Thu, Jun 25, 2015 at 01:06:22PM +0200, Giorgio Biacchi wrote: >> On 06/25/2015 12:56 PM, Sumit Bose wrote: >>> On Thu, Jun 25, 2015 at 12:22:16PM +0200, Giorgio Biacchi wrote: >>>> On 06/24/2015 06:45 PM, Sumit Bose wrote: >>>>> On Wed, Jun 24, 2015 at 05:11:07PM +0200, Giorgio Biacchi wrote: >>>>>> Hi everybody, >>>>>> I established a bidirectional trust between an IPA server (version 4.1.0 >>>>>> on >>>>>> CentOS 7.1), ipa.mydomain.local and an AD (Windows 2012 r2), >>>>>> mydomain.local. >>>>>> Everything is working fine, and I'm able to authenticate and logon on a >>>>>> linux >>>>>> host joined to IPA server using AD credentials ([email protected]). >>>>>> But active directory is configured with two more UPN suffixes >>>>>> (otherdomain.com >>>>>> and sub.otherdomain.com), and I cannot logon with credentials using >>>>>> alternative >>>>>> UPN (example: [email protected]). >>>>>> >>>>>> How can I make this possible? Another trust (ipa trust-add) with the >>>>>> same AD? >>>>>> Manual configuration of krb5 and/or sssd? >>>>> >>>>> Have you tried to login to an IPA client or the server? Please try with >>>>> an IPA server first. If this does not work it would be nice if you can >>>>> send the SSSD log files from the IPA server which are generated during >>>>> the logon attempt. Please call 'sss_cache -E' before to invalidate all >>>>> cached entries so that the logs will contain all needed calls to AD. >>>>> >>>>> Using UPN suffixes were added to the AD provider some time ago and the >>>>> code is available in the IPA provider as well, but I guess no one has >>>>> actually tried this before. >>>>> >>>>> bye, >>>>> Sumit >>>> >>>> First of all let me say that i feel like I'm missing some config >>>> somewhere.. >>>> Changes tried in krb5.conf to support UPN suffixes didn't helped. >>>> I can only access the server vi ssh so I've attached the logs for a >>>> successful >>>> login for [email protected] and an unsuccessful login for >>>> [email protected] done via ssh. >>>> >>>> Bye and thanks for your help >>>> >>> >>> It looks like the request is not properly propagated to sub-domains (the >>> trusted AD domain) but only send to the IPA domain. >>> >>> Would it be possible for you to run a test build of SSSD which might fix >>> this? If yes, which version of SSSD are you currently using? Then I can >>> prepare a test build with the patch on top of this version. >>> >>> bye, >>> Sumit >>> >> >> Hi, >> I'm using sssd 1.12.2 (sssd --version) on CentOS 7.1.1503 and I'm available >> for >> any test. >> >> Here's the packages version for sssd: >> >> sssd-common-1.12.2-58.el7_1.6.x86_64 >> sssd-krb5-1.12.2-58.el7_1.6.x86_64 >> python-sssdconfig-1.12.2-58.el7_1.6.noarch >> sssd-krb5-common-1.12.2-58.el7_1.6.x86_64 >> sssd-ipa-1.12.2-58.el7_1.6.x86_64 >> sssd-1.12.2-58.el7_1.6.x86_64 >> sssd-libwbclient-1.12.2-58.el7_1.6.x86_64 >> sssd-ad-1.12.2-58.el7_1.6.x86_64 >> sssd-ldap-1.12.2-58.el7_1.6.x86_64 >> sssd-common-pac-1.12.2-58.el7_1.6.x86_64 >> sssd-proxy-1.12.2-58.el7_1.6.x86_64 >> sssd-client-1.12.2-58.el7_1.6.x86_64 > > Please try the packages at > http://koji.fedoraproject.org/koji/taskinfo?taskID=10210844 . > > bye, > Sumit
Hi, I've installed the new RPMs, now if I run on the server: id [email protected] id [email protected] id [email protected] all the users are found but I'm still unable to log in via ssh with the accounts @otherdomain.com and @sub.otherdomain.com. In attachment the logs for unsuccessful login for user [email protected]. Bye -- gb PGP Key: http://pgp.mit.edu/ Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
(Thu Jun 25 16:18:54 2015) [sssd[nss]] [nss_clear_memcache] (0x0400): Clearing memory caches. (Thu Jun 25 16:18:54 2015) [sssd[nss]] [nss_orphan_netgroups] (0x0400): Removing netgroups from memory cache. (Thu Jun 25 16:18:58 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [[email protected]]. (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]@ipa.mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [[email protected]] found. (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fd3aa075e40:1:[email protected]:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa.mydomain.local][4097][1][[email protected]:U] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fd3aa075e40:1:[email protected]:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 0, Account info lookup failed Will try to return what we have in cache (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]@ipa.mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [[email protected]] found. (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/ipa.mydomain.local/[email protected]] to negative cache (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]@mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fd3aa075e40:1:[email protected]:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [mydomain.local][4097][1][[email protected]:U] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fd3aa075e40:1:[email protected]:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fd3aa075e40:1:[email protected]:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]@mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [[email protected]@mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fd3aa075e40:1:[email protected]:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [38] with input [nobody]. (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'nobody' matched without domain, user is nobody (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [nobody] from [<ALL>] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fd3aa075e40:3:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ipa.mydomain.local][4099][1][name=nobody] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fd3aa075e40:3:[email protected]] (Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 0, Account info lookup failed Will try to return what we have in cache (Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fd3aa075e40:3:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [[email protected]]. (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [[email protected]] does not exist in [ipa.mydomain.local]! (negative cache) (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [[email protected]], fail! (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [[email protected]]. (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [[email protected]] does not exist in [ipa.mydomain.local]! (negative cache) (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [[email protected]], fail! (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [[email protected]]. (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ipa.mydomain.local][otherdomain.com] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [[email protected]] does not exist in [ipa.mydomain.local]! (negative cache) (Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [[email protected]], fail! (Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fd3aa0776b0:[email protected]] (Thu Jun 25 16:19:05 2015) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_run_unconditional_online_cb] (0x0400): Running unconditional online callbacks. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [ipa_subdom_get_forest] (0x0400): 4th component is not 'trust', nothing to do. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][[email protected]:U] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [ipa.mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa,dc=mydomain,dc=local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&([email protected])(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_users_done] (0x0040): Failed to retrieve users (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][[email protected]:U] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)([email protected]))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [dc=mydomain,dc=local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&([email protected])(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 1 results. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Save user (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_primary_name] (0x0400): Processing object [email protected] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Processing user [email protected] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Original memberOf is not available for [[email protected]]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Adding user principal [[email protected]] to attributes of [[email protected]]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Storing info for user [email protected] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [ipa_get_ad_acct_ad_part_done] (0x0080): Object not found, ending request (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1003][1][name=nobody] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [ipa.mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=accounts,dc=ipa,dc=mydomain,dc=local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=nobody)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_search_by_name] (0x0400): No such entry (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] (0x0200): Got request for [0x1][1][name=account2] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] (0x0400): Changing request domain from [ipa.mydomain.local] to [mydomain.local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=account2))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [dc=mydomain,dc=local] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=account2)(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 1 results. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Save user (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_primary_name] (0x0400): Processing object [email protected] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Processing user [email protected] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Original memberOf is not available for [[email protected]]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Adding user principal [[email protected]] to attributes of [[email protected]]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] (0x0400): Storing info for user [email protected] (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-1710311407-3537505305-1030735119-11202))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectClass=ipaexternalgroup][dc=ipa,dc=mydomain,dc=local]. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [ipa_get_ext_groups_done] (0x0400): [0] external groups found. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [find_ipa_ext_memberships] (0x0400): No external groupmemberships found. (Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success] (Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] (0x0400): Got get subdomains [otherdomain.com] (Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
