Following up my own email after realizing my sssd debug info was better when I ran it via "# sssd -i -d 5" ...


Here are the relevant entries from sssd during a failed login attempt via SSH using AD credentials from usern...@nafta.company.com

-Chris


(Tue Nov 22 15:43:27 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Received client version [0].

(Tue Nov 22 15:43:27 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Offered version [0].

(Tue Nov 22 15:43:27 2016) [sssd[ssh]] [sss_parse_name_for_domains] (0x0200): name 't859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>' matched expression for domain 'NAFTA.COMPANY.ORG', user is t859531

(Tue Nov 22 15:43:27 2016) [sssd[be[company-idm.org]]] [be_get_account_info] (0x0200): Got request for [0x1][1][name=t859531]

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [sysdb_update_members_ex] (0x0020): Could not add member [t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>] to group [name=t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>,cn=groups,cn=NAFTA.COMPANY.ORG,cn=sysdb]. Skipping.

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [sysdb_update_members_ex] (0x0020): Could not add member [t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>] to group [name=t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>,cn=groups,cn=NAFTA.COMPANY.ORG,cn=sysdb]. Skipping.

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)

(Tue Nov 22 15:43:28 2016) [sssd[ssh]] [client_recv] (0x0200): Client disconnected!

(Tue Nov 22 15:43:28 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Received client version [0].

(Tue Nov 22 15:43:28 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Offered version [0].

(Tue Nov 22 15:43:28 2016) [sssd[ssh]] [sss_parse_name_for_domains] (0x0200): name 't859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>' matched expression for domain 'NAFTA.COMPANY.ORG', user is t859531

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [be_get_account_info] (0x0200): Got request for [0x1][1][name=t859531]

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]

(Tue Nov 22 15:43:28 2016) [sssd[be[company-idm.org]]] [sysdb_update_members_ex] (0x0020): Could not add member [t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>] to group [name=t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>,cn=groups,cn=NAFTA.COMPANY.ORG,cn=sysdb]. Skipping.

(Tue Nov 22 15:43:29 2016) [sssd[be[company-idm.org]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]

(Tue Nov 22 15:43:29 2016) [sssd[be[company-idm.org]]] [sysdb_update_members_ex] (0x0020): Could not add member [t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>] to group [name=t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>,cn=groups,cn=NAFTA.COMPANY.ORG,cn=sysdb]. Skipping.

(Tue Nov 22 15:43:29 2016) [sssd[be[company-idm.org]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)

(Tue Nov 22 15:43:29 2016) [sssd[ssh]] [client_recv] (0x0200): Client disconnected!

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 't859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>' matched expression for domain 'NAFTA.COMPANY.ORG', user is t859531

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_PREAUTH

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: NAFTA.COMPANY.ORG

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): user: t859531

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): service: sshd

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: usrelnu4239n3y2.NAFTA.COMPANY.ORG

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 4180

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [be_get_account_info] (0x0200): Got request for [0x3][1][name=t859531]

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [sysdb_update_members_ex] (0x0020): Could not add member [t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>] to group [name=t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>,cn=groups,cn=NAFTA.COMPANY.ORG,cn=sysdb]. Skipping.

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)]

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [sysdb_update_members_ex] (0x0020): Could not add member [t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>] to group [name=t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>,cn=groups,cn=NAFTA.COMPANY.ORG,cn=sysdb]. Skipping.

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>]

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_PREAUTH

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: NAFTA.COMPANY.ORG

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): user: t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): service: sshd

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: usrelnu4239n3y2.NAFTA.COMPANY.ORG

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 4180

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>

(Tue Nov 22 15:43:32 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [be_pam_handler] (0x0100): Got request with the following data

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): command: SSS_PAM_PREAUTH

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): domain: NAFTA.COMPANY.ORG

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): user: t859...@nafta.company.org <mailto:t859...@nafta.syngenta.org>

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): service: sshd

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): tty: ssh

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): ruser:

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): rhost: usrelnu4239n3y2.NAFTA.COMPANY.ORG

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): authtok type: 0

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): newauthtok type: 0

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): priv: 1

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): cli_pid: 4180

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [pam_print_data] (0x0100): logon name: not set

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved

(Tue Nov 22 15:43:32 2016) [sssd[be[company-idm.org]]] [be_resolve_server_process] (0x0200): Found address for server usaeilidmp001.company-idm.org: [10.127.64.11] TTL 1162

(Tue Nov 22 15:43:32 2016) [[sssd[krb5_child[4184]]]] [unpack_buffer] (0x0100): cmd [249] uid [1843770609] gid [1843770609] validate [true] enterprise principal [false] offline [false] UPN [t859...@syngenta.org <mailto:t859...@syngenta.org>]

(Tue Nov 22 15:43:32 2016) [[sssd[krb5_child[4184]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/usaeilvdip001.syngentaaws....@company-idm.org <mailto:usaeilvdip001.syngentaaws....@syngentaidm.org>]

(Tue Nov 22 15:43:32 2016) [[sssd[krb5_child[4184]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid.

(Tue Nov 22 15:43:32 2016) [sssd[pac]] [sss_cmd_get_version] (0x0200): Received client version [1].

(Tue Nov 22 15:43:32 2016) [sssd[pac]] [sss_cmd_get_version] (0x0200): Offered version [1].

(Tue Nov 22 15:43:32 2016) [[sssd[krb5_child[4184]]]] [become_user] (0x0200): Trying to become user [1843770609][1843770609].

(Tue Nov 22 15:43:32 2016) [[sssd[krb5_child[4184]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.

(Tue Nov 22 15:43:32 2016) [[sssd[krb5_child[4184]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.

(Tue Nov 22 15:43:32 2016) [[sssd[krb5_child[4184]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]

(Tue Nov 22 15:43:33 2016) [[sssd[krb5_child[4184]]]] [sss_krb5_prompter] (0x0020): Cannot handle password prompts.

(Tue Nov 22 15:43:33 2016) [[sssd[krb5_child[4184]]]] [k5c_send_data] (0x0200): Received error code 0

(Tue Nov 22 15:43:33 2016) [sssd[pac]] [client_recv] (0x0200): Client disconnected!

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [child_sig_handler] (0x0100): child [4184] finished successfully.

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'usaeilidmp001.company-idm.org' as 'working'

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [set_server_common_status] (0x0100): Marking server 'usaeilidmp001.company-idm.org' as 'working'

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [krb5_auth_store_creds] (0x0010): unsupported PAM command [249].

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [krb5_auth_store_creds] (0x0010): password not available, offline auth may not work.

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [be_pam_handler_callback] (0x0100): Sending result [0][NAFTA.COMPANY.ORG]

(Tue Nov 22 15:43:33 2016) [sssd[be[company-idm.org]]] [be_pam_handler_callback] (0x0100): Sent result [0][NAFTA.COMPANY.ORG]

(Tue Nov 22 15:43:33 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][NAFTA.COMPANY.ORG]

(Tue Nov 22 15:43:33 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.

(Tue Nov 22 15:43:33 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 35




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to