[SSSD-users] Re: AD parent child issues

Tristan Bouillon Wed, 02 Aug 2017 09:29:03 -0700

OK, tried to be clear but looks like I'm not :)
No big deal let's try again


Use case
I'm connected to a linux jumpbox (let's say jb.example.com) which is
in domain example.com.
I do: "$ kinit tbouillon" and get a working ticket. I can connect with
user tbouillon via ssh to all servers in example.com domain via SSSD.
Now I have this server which is in child.example.com, and I want to
connect from jb.example.com to server1.child.example.com

I do [email protected] $ ssh server1.child.example.com -l
'[email protected]'
I get this result: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Obvisouly I expected a shell like: [email protected]

So the ssh command doesn't work well also when on
server1.child.examplel.com I get
kinit [email protected]
Password for [email protected]:
kinit: KDC reply did not match expectations while getting initial credentials

Here is the sssd.conf, sshd.log from server1, sssd.log

On 2 August 2017 at 16:41, Michal Židek <[email protected]> wrote:
> Hi Tristan,
>
> I understand your topology from what you wrote, but I still
> do not know what is your problem. See question inline.
>
>
> On 08/02/2017 03:48 PM, Tristan Bouillon wrote:
>>
>> Hi Michal
>> Thanks for answering
>>
>> For the missing part :
>> OS : Centos 7.3 with latest updates
>> SSSD: 1.14.0 release 43
>>
>> So, I removed all traces of server1 (which is indeed a linux host)
>> from AD and tried to re join with the realm command.
>>
>> Good points:
>> The sssd.conf provided by the realm command was not far from the one I
>> had. I guess my understanding of how sssd and kerberos work together
>> wasn't that bad.
>> it added:
>>    realmd_tags = manages-system joined-with-samba
>>    ldap_id_mapping = True
>>
>> Now I have the same error basicly. Reminder, I want my server in
>> child.example.com but users are in parent domain example.com
>> My server1 has successfully joined domain child.example.com and has a
>> keytab
>> when trying to connect sssd succesffuly find the multiple AD servers
>> and SSSD ad backend is seen as online.
>>
>> [ad_get_client_site_done] (0x0400): Found forest: example.com
>> [ad_srv_plugin_site_done] (0x0400): About to discover primary and backup
>> servers
>> [fo_add_server_to_list] (0x0400): Inserted primary server
>> 'ff1pdc01.child.example.com:3268' to service 'AD_GC' # Domain
>> controller for child.example.com
>> [fo_add_server_to_list] (0x0400): Inserted primary server
>> 'ff1gdc01.example.com:3268' to service 'AD_GC'       # Domain
>> controller for example.com
>>
>> After that I have some sucessful ldap connection to different AD
>> servers and then it searches for my user. But it looks like the search
>> never goes to domain child.example.com
>> and after that it fails because the user doesn't exists in
>> child.example.com
>
>
> For what purpose is something searching for your user? Again... please
> tell me what is not working for you. Below you say that 'id' lookup is
> successful, that means SSSD's NSS responder is working. What command is
> not working for you (su, ssh, getent, id, etc.)?
>
> Sorry, I am simple person :)
>
> Please answer in format:
> I am doing this command: (for example) getent passwd [email protected]
>                          (or) ssh localhost -l [email protected]
> I get this result: ...
> I expected this result: ...
> Here is my sssd.conf:
> Logs from /var/log/sssd/ are in attachment.
>
>
>>
>> [sdap_save_user] (0x1000): Mapping user [[email protected]]
>> objectSID [S-1-5-21-481120694-805105173-3562786754-5671] to unix ID
>> [sdap_save_user] (0x0400): Original memberOf is not available for
>> [[email protected]].
>> [sdap_save_user] (0x0400): Adding user principal [[email protected]]
>> to attributes of [[email protected]].
>> [sdap_save_user] (0x0400): Storing info for user [email protected]
>> [sysdb_search_by_name] (0x0400): No such entry
>> [sysdb_store_user] (0x1000): User [email protected] does not exist.
>>
>> On a classical shell if I do: "$ id user1.example.com" I have a correct
>> answer.
>>
>> On 2 August 2017 at 13:19, Michal Židek <[email protected]> wrote:
>>>
>>> Hi,
>>>
>>> You did not mention what SSSD version and what OS you are using.
>>> I have few questions, see inline.
>>>
>>> On 08/02/2017 10:59 AM, Tristan Bouillon wrote:
>>>>
>>>>
>>>> Hi
>>>>
>>>> I have this case I'm working on and it's driving me crazy. I try to
>>>> setup something like this:
>>>>
>>>> AD setup is like this with be-directional approbation:
>>>> - example.com
>>>> \-- chlld.example.com >
>>>> Have users registered in example.com => [email protected]
>>>> computers are registered in child.eample.com =>
>>>> [email protected]
>>>>
>>>> I want to connect with  user1 to server1 with ssh and sssd.
>>>
>>>
>>>
>>> So, server1 is a Linux host, right? You can add it to the
>>> child.example.com domain using 'realm join CHILD.EXAMPLE.COM'. It
>>> will automatically add server1 to the child.example.com
>>> domain (so it did not have to be there before).
>>>
>>>> Before any debug process I want to make sure this is possible because
>>>> i'm running in circle.
>>>>
>>>> When setting up sssd et krb5 confs with child.example.com:
>>>
>>>
>>>
>>> IF you set up SSSD manually there is a lot of room for errors,
>>> I recommend using realm join and then just tweak the sssd.conf
>>> in case something does not work the way you want.
>>>
>>>> -- sssd nss says: example.com is created as a subdomain of
>>>> child.example.com
>>>
>>>
>>>
>>> This is OK. The 'subdomain' may be a little bit confusing, because this
>>> refers to an internal C code structure that represents a trusted domain,
>>> not an actual subdomain in the DNS sense. IIRC we changed the message
>>> recently to be less confusing.
>>>
>>>> -- but AD backend is online for child.example.com and i can query it
>>>
>>>
>>>
>>> You mean SSSD AD backend is running on the Linux host server1, right?
>>>
>>>> -- the query for [email protected] works great but the AD server in
>>>> child.example.com does not know the user and can't query his master AD
>>>> server.
>>>
>>>
>>>
>>> I do not understand what you mean here. So, on the Linux host (server1),
>>> if you query the [email protected], user info is returned. So what
>>> operation on the Linux host is not working? (getent, su, ssh ... copy
>>> paste the problematic commands and see our troubleshooting page).
>>>
>>>>
>>>> When setting up sssd et krb5 confs with example.com
>>>
>>>
>>>
>>> Again, realm join should set up everything for you. If you join the
>>> EXAMPLE.COM realm then the server1 host will be added to the example.com
>>> domain (you said you wanted them in the child.example.com, so I am
>>> not sure if this what you want to do, but you can try it if it works
>>> for you).
>>>
>>>> -- it attempts kinit with   host/server1.child.example.com and fails
>>>> to get a tgt. AD is set to offline and it cannot query it.
>>>>
>>>> When trying to mix up theses solutions I find something similar to the
>>>> cases above.
>>>> If it is possible can someone point me towards the configuration I'm
>>>> suppose to make.
>>>
>>>
>>>
>>> Try using the realm join command from the Linux host to avoid hand
>>> crafting the configuration. Note that the AD domain controller for
>>> the domain you are joining to must be DNS resolvable from the Linux
>>> host.
>>>
>>>>
>>>> Don't know if it's the place but GG for the debugging options provides
>>>> with SSSD, it is clear and powerful.
>>>> _______________________________________________
>>>> sssd-users mailing list -- [email protected]
>>>> To unsubscribe send an email to [email protected]
>>>>
>>> _______________________________________________
>>> sssd-users mailing list -- [email protected]
>>> To unsubscribe send an email to [email protected]
>>
>> _______________________________________________
>> sssd-users mailing list -- [email protected]
>> To unsubscribe send an email to [email protected]
>>
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]

(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[dp_get_account_info_handler] (0x0200): Got request for 
[0x1][BE_REQ_USER][1][[email protected]]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_attach_req] 
(0x0400): DP Request [Account #1]: New request. Flags [0x0001].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_attach_req] 
(0x0400): Number of active DP request: 1
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_idmap_add_domain] (0x1000): Adding domain 
[S-1-5-21-295434276-257986190-2813935219] as slice [3747]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sysdb_idmap_store_mapping] (0x0100): Adding new ID mapping 
[child.example.com][S-1-5-21-295434276-257986190-2813935219][3747]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [get_port_status] 
(0x1000): Port status of port 0 for server '(no name)' is 'neutral'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolve_srv_send] 
(0x0200): The status of SRV lookup is neutral
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [ad_srv_plugin_send] 
(0x0400): About to find domain controllers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[ad_get_dc_servers_send] (0x0400): Looking up domain controllers in domain 
child.example.com
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. 
Will use DNS discovery domain 'child.example.com'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolv_getsrv_send] 
(0x0100): Trying to resolve SRV record of '_ldap._tcp.child.example.com'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolv_getsrv_done] 
(0x1000): Using TTL [600]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[request_watch_destructor] (0x0400): Deleting request watch
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_discover_srv_done] 
(0x0400): Got answer. Processing...
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_discover_srv_done] 
(0x0400): Got 2 servers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[ad_get_dc_servers_done] (0x0400): Found 2 domain controllers in domain 
child.example.com
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[ad_srv_plugin_dcs_done] (0x0400): About to locate suitable site
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_connect_host_send] (0x0400): Resolving host ff1pdc02.child.example.com
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 
'ff1pdc02.child.example.com' in files
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 
'ff1pdc02.child.example.com' in files
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_next] (0x0200): No more address families to retry
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 
'ff1pdc02.child.example.com' in DNS
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[request_watch_destructor] (0x0400): Deleting request watch
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_connect_host_resolv_done] (0x0400): Connecting to 
ldap://ff1pdc02.child.example.com:389
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to 
[ldap://ff1pdc02.child.example.com:389/??base] with fd [30].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_connect_host_done] (0x0400): Successful connection to 
ldap://ff1pdc02.child.example.com:389
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(DnsDomain=child.example.com)(NtVer=\14\00\00\00))][].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [netlogon]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_parse_entry] 
(0x1000): OriginalDN: [].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[ad_get_client_site_done] (0x0400): Found site: EuropeFF1
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[ad_get_client_site_done] (0x0400): Found forest: example.com
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[ad_srv_plugin_site_done] (0x0400): About to discover primary and backup servers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_discover_servers_send] (0x0400): Looking up primary servers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'gc'. 
Will use DNS discovery domain 'EuropeFF1._sites.example.com'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolv_getsrv_send] 
(0x0100): Trying to resolve SRV record of 
'_gc._tcp.EuropeFF1._sites.example.com'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolv_getsrv_done] 
(0x1000): Using TTL [600]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[request_watch_destructor] (0x0400): Deleting request watch
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_discover_srv_done] 
(0x0400): Got answer. Processing...
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_discover_srv_done] 
(0x0400): Got 7 servers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_discover_servers_primary_done] (0x0400): Looking up backup servers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'gc'. 
Will use DNS discovery domain 'example.com'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolv_getsrv_send] 
(0x0100): Trying to resolve SRV record of '_gc._tcp.example.com'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolv_getsrv_done] 
(0x1000): Using TTL [600]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[request_watch_destructor] (0x0400): Deleting request watch
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_discover_srv_done] 
(0x0400): Got answer. Processing...
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_discover_srv_done] 
(0x0400): Got 6 servers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[ad_srv_plugin_servers_done] (0x0400): Got 7 primary and 6 backup servers
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted primary server 
'ff1pdc01.child.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted primary server 
'ff1pdc02.child.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted primary server 
'ff1prdc02.child.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted primary server 
'ff1prdc01.child.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted primary server 
'ff1gdc01.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted primary server 
'ff1ldc02.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted primary server 
'ff1gdc02.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Server 'ff1pdc01.child.example.com:3268' for 
service 'AD_GC' is already present
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Server 'ff1pdc02.child.example.com:3268' for 
service 'AD_GC' is already present
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Server 'ff1ldc02.example.com:3268' for 
service 'AD_GC' is already present
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Inserted backup server 
'ff1ldc01.example.com:3268' to service 'AD_GC'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Server 'ff1gdc01.example.com:3268' for 
service 'AD_GC' is already present
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_add_server_to_list] (0x0400): Server 'ff1gdc02.example.com:3268' for 
service 'AD_GC' is already present
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [set_srv_data_status] 
(0x0100): Marking SRV lookup of service 'AD_GC' as 'resolved'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [get_server_status] 
(0x1000): Status of server 'ff1pdc01.child.example.com' is 'name not resolved'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 
'ff1pdc01.child.example.com' in files
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[set_server_common_status] (0x0100): Marking server 
'ff1pdc01.child.example.com' as 'resolving name'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 
'ff1pdc01.child.example.com' in files
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_next] (0x0200): No more address families to retry
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 
'ff1pdc01.child.example.com' in DNS
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[request_watch_destructor] (0x0400): Deleting request watch
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[set_server_common_status] (0x0100): Marking server 
'ff1pdc01.child.example.com' as 'name resolved'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[be_resolve_server_process] (0x0200): Found address for server 
ff1pdc01.child.example.com: [10.189.1.161] TTL 3600
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [ad_resolve_callback] 
(0x0100): Constructed uri 'ldap://ff1pdc01.child.example.com'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [ad_resolve_callback] 
(0x0100): Constructed GC uri 'ldap://ff1pdc01.child.example.com:3268'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sssd_async_socket_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to 
[ldap://ff1pdc01.child.example.com:3268/??base] with fd [29].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(objectclass=*)][].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[supportedSASLMechanisms]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[domainControllerFunctionality]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_parse_entry] 
(0x1000): OriginalDN: [].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to 
[5]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_kinit_send] 
(0x0400): Attempting kinit (default, FF1PSPS01$, child.example.com, 86400)
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_kinit_next_kdc] 
(0x1000): Resolving next KDC for service AD
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [get_server_status] 
(0x1000): Status of server 'ff1pdc02.child.example.com' is 'working'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [get_port_status] 
(0x1000): Port status of port 389 for server 'ff1pdc02.child.example.com' is 
'working'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [resolve_srv_send] 
(0x0200): The status of SRV lookup is resolved
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [get_server_status] 
(0x1000): Status of server 'ff1pdc02.child.example.com' is 'working'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[be_resolve_server_process] (0x0200): Found address for server 
ff1pdc02.child.example.com: [10.189.1.165] TTL 3600
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_kinit_kdc_resolved] (0x1000): KDC resolved, attempting to get TGT...
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[create_tgt_req_send_buffer] (0x0400): buffer size: 48
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [write_pipe_handler] 
(0x0400): All data has been sent!
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [child_sig_handler] 
(0x1000): Waiting for child [7403].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [child_sig_handler] 
(0x0100): child [7403] finished successfully.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [read_pipe_handler] 
(0x0400): EOF received, client finished
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_get_tgt_recv] 
(0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_child.example.com], 
expired on [1501724799]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_cli_auth_step] 
(0x0100): expire timeout is 900
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_cli_auth_step] 
(0x1000): the connection will expire at 1501689699
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sasl_bind_send] 
(0x0100): Executing sasl bind mech: gssapi, user: FF1PSPS01$
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_cli_connect_recv] (0x0400): Connection established.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_set_port_status] 
(0x0100): Marking port 3268 of server 'ff1pdc01.child.example.com' as 'working'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[set_server_common_status] (0x0100): Marking server 
'ff1pdc01.child.example.com' as 'working'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [fo_set_port_status] 
(0x0400): Marking port 3268 of duplicate server 'ff1pdc01.child.example.com' as 
'working'
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_search_user_next_base] (0x0400): Searching for users with base 
[dc=example,dc=com]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(sAMAccountName=tbouillon)(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=example,dc=com].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [be_run_online_cb] 
(0x0080): Going online. Running callbacks.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_parse_entry] 
(0x1000): OriginalDN: [CN=Tristan 
Bouillon,OU=Users,OU=Europe,OU=Sites,dc=example,dc=com].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_search_user_process] (0x0400): Search for users, returned 1 results.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Save user
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_primary_name] (0x0400): Processing object tbouillon
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Processing user [email protected]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x1000): Mapping user [[email protected]] objectSID 
[S-1-5-21-481120694-805105173-3562786754-5671] to unix ID
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Original memberOf is not available for [[email protected]].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Adding user principal [[email protected]] to attributes of 
[[email protected]].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Storing info for user [email protected]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sysdb_search_by_name] 
(0x0400): No such entry
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sysdb_store_user] 
(0x1000): User [email protected] does not exist.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sysdb_search_by_name] 
(0x0400): No such entry
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sysdb_search_user_by_uid] (0x0400): No such entry
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_req_done] 
(0x0400): DP Request [Account #1]: Request handler finished [0]: Success
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [_dp_req_recv] 
(0x0400): DP Request [Account #1]: Receiving request data.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[dp_req_reply_list_success] (0x0400): DP Request [Account #1]: Finished. 
Success.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_req_reply_std] 
(0x1000): DP Request [Account #1]: Returning [Success]: 0,0,Success
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[dp_table_value_destructor] (0x0400): Removing 
[0:1:0x0001:1:1::example.com:[email protected]] from reply table
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_req_destructor] 
(0x0400): DP Request [Account #1]: Request removed.
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_req_destructor] 
(0x0400): Number of active DP request: 0
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [ad_online_cb] 
(0x0400): The AD provider is online
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[dp_get_account_info_handler] (0x0200): Got request for 
[0x3][BE_REQ_INITGROUPS][1][[email protected]]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_attach_req] 
(0x0400): DP Request [Initgroups #2]: New request. Flags [0x0001].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [dp_attach_req] 
(0x0400): Number of active DP request: 1
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_initgr_next_base] (0x0400): Searching for users with base 
[dc=example,dc=com]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(sAMAccountName=tbouillon)(objectclass=user)(objectSID=*))][dc=example,dc=com].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCertificate;binary]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_parse_entry] 
(0x1000): OriginalDN: [CN=Tristan 
Bouillon,OU=Users,OU=Europe,OU=Sites,dc=example,dc=com].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Save user
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_primary_name] (0x0400): Processing object tbouillon
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Processing user [email protected]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x1000): Mapping user [[email protected]] objectSID 
[S-1-5-21-481120694-805105173-3562786754-5671] to unix ID
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Original memberOf is not available for [[email protected]].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Adding user principal [[email protected]] to attributes of 
[[email protected]].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_save_user] 
(0x0400): Storing info for user [email protected]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no 
filter][CN=Tristan Bouillon,OU=Users,OU=Europe,OU=Sites,dc=example,dc=com].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [tokenGroups]
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] [sdap_parse_entry] 
(0x1000): OriginalDN: [CN=Tristan 
Bouillon,OU=Users,OU=Europe,OU=Sites,dc=example,dc=com].
(Wed Aug  2 15:46:39 2017) [sssd[be[child.example.com]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
---
(Wed Aug  2 15:46:40 2017) [sssd[be[child.example.com]]] [dp_req_initgr_pp] 
(0x0400): Ordering NSS responder to update memory cache
(Wed Aug  2 15:46:40 2017) [sssd[be[child.example.com]]] 
[dp_req_reply_list_success] (0x0400): DP Request [Initgroups #2]: Finished. 
Success.
(Wed Aug  2 15:46:40 2017) [sssd[be[child.example.com]]] [dp_req_reply_std] 
(0x1000): DP Request [Initgroups #2]: Returning [Success]: 0,0,Success
(Wed Aug  2 15:46:40 2017) [sssd[be[child.example.com]]] 
[dp_table_value_destructor] (0x0400): Removing 
[0:1:0x0001:3:1::example.com:[email protected]] from reply table
(Wed Aug  2 15:46:40 2017) [sssd[be[child.example.com]]] [dp_req_destructor] 
(0x0400): DP Request [Initgroups #2]: Request removed.
(Wed Aug  2 15:46:40 2017) [sssd[be[child.example.com]]] [dp_req_destructor] 
(0x0400): Number of active DP request: 0

sssd.conf
Description: Binary data

Aug 02 15:10:08 server1 sshd[6110]: debug1: Forked child 6111.                  
                                                                                
                                        [29/9740]
Aug 02 15:10:08 server1 sshd[6111]: Set /proc/self/oom_score_adj to 0
Aug 02 15:10:08 server1 sshd[6111]: debug1: rexec start in 5 out 5 newsock 5 
pipe 7 sock 8
Aug 02 15:10:08 server1 sshd[6111]: rexec line 79: Unsupported option 
KerberosGetAFSToken
Aug 02 15:10:08 server1 sshd[6111]: debug1: inetd sockets after dupping: 3, 3
Aug 02 15:10:08 server1 sshd[6111]: Connection from 10.189.2.153 port 55752 on 
10.189.1.159 port 22
Aug 02 15:10:08 server1 sshd[6111]: debug1: Client protocol version 2.0; client 
software version OpenSSH_6.6.1
Aug 02 15:10:08 server1 sshd[6111]: debug1: match: OpenSSH_6.6.1 pat 
OpenSSH_6.6.1* compat 0x04000000
Aug 02 15:10:08 server1 sshd[6111]: debug1: Enabling compatibility mode for 
protocol 2.0
Aug 02 15:10:08 server1 sshd[6111]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1
Aug 02 15:10:08 server1 sshd[6111]: debug1: SELinux support disabled [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: permanently_set_uid: 74/74 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: list_hostkey_types: ssh-rsa 
[preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: SSH2_MSG_KEXINIT received [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: kex: client->server aes128-ctr 
[email protected] none [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: kex: server->client aes128-ctr 
[email protected] none [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: kex: [email protected] 
need=16 dh_need=16 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: kex: [email protected] 
need=16 dh_need=16 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT 
[preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: KEX done [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: userauth-request for user 
[email protected] service ssh-connection method none [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: attempt 0 failures 0 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: PAM: initializing for 
"[email protected]"
Aug 02 15:10:08 server1 sshd[6111]: debug1: PAM: setting PAM_RHOST to 
"ff1glgw03.example.com"
Aug 02 15:10:08 server1 sshd[6111]: debug1: PAM: setting PAM_TTY to "ssh"
Aug 02 15:10:08 server1 sshd[6111]: debug1: userauth-request for user 
[email protected] service ssh-connection method gssapi-with-mic [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: attempt 1 failures 0 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: Postponed gssapi-with-mic for 
[email protected] from 10.189.2.153 port 55752 ssh2 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: Received some client credentials
Aug 02 15:10:08 server1 sshd[6111]: debug1: ssh_gssapi_k5login_exists: Checking 
existence of file /home/[email protected]/.k5login
Aug 02 15:10:08 server1 sshd[6111]: Failed gssapi-with-mic for 
[email protected] from 10.189.2.153 port 55752 ssh2
Aug 02 15:10:08 server1 sshd[6111]: debug1: userauth-request for user 
[email protected] service ssh-connection method gssapi-with-mic [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: attempt 2 failures 1 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: userauth-request for user 
[email protected] service ssh-connection method publickey [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: attempt 3 failures 1 [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: test whether pkalg/pkblob are 
acceptable [preauth]
Aug 02 15:10:08 server1 sshd[6111]: debug1: temporarily_use_uid: 
1204005671/1204005671 (e=0/0)
Aug 02 15:10:08 server1 sshd[6111]: debug1: trying public key file 
/home/[email protected]/.ssh/authorized_keys

_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[SSSD-users] Re: AD parent child issues

Reply via email to