[SSSD-users] Unable to get ldap_tls_reqcert to work

Jeff White Mon, 02 Oct 2017 11:02:28 -0700

I'm attempting to enable LDAP server TLS certificate validation with"ldap_tls_reqcert = demand". However, when I set that value to anythingother than "never", sssd does not work. By that I mean sssd will startas normal but no ID lookups are successful and I see "Input/outputerror" in the log. This occurs regardless of what CA certificate chainI give it (via ldap_tls_cacert). I have even tried using a knownworking chain that I use to access yum repos which uses TLS certificatesfrom the same CA as our Active Directory.


Any ideas?


libsss_sudo-1.14.0-43.el7_3.11.x86_64
libsss_autofs-1.14.0-43.el7_3.11.x86_64
sssd-proxy-1.14.0-43.el7_3.11.x86_64
sssd-ad-1.14.0-43.el7_3.11.x86_64
sssd-1.14.0-43.el7_3.11.x86_64
libsss_nss_idmap-1.14.0-43.el7_3.11.x86_64
sssd-krb5-common-1.14.0-43.el7_3.11.x86_64
sssd-ldap-1.14.0-43.el7_3.11.x86_64
libsss_idmap-1.14.0-43.el7_3.11.x86_64
python-sssdconfig-1.14.0-43.el7_3.11.noarch
sssd-client-1.14.0-43.el7_3.11.x86_64
sssd-common-pac-1.14.0-43.el7_3.11.x86_64
sssd-krb5-1.14.0-43.el7_3.11.x86_64
sssd-ipa-1.14.0-43.el7_3.11.x86_64
sssd-common-1.14.0-43.el7_3.11.x86_64

--
Jeff White
HPC Systems Engineer
Information Technology Services - WSU

[domain/default]


[sssd]
domains = ad.example.com
config_file_version = 2
services = nss, pam, autofs


[domain/ad.example.com]
debug_level = 9
ad_domain = ad.example.com
cache_credentials = True
auth_provider = krb5
id_provider = ldap
default_shell = /bin/bash
fallback_homedir = /home/%u
override_homedir = /home/%u
access_provider = simple
simple_allow_groups = whatever
chpass_provider = none

krb5_realm = AD.EXAMPLE.COM
krb5_server = auth.example.com
krb5_store_password_if_offline = False

ldap_uri = ldaps://auth.example.com:636
ldap_id_use_start_tls = false
#ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_tls_cacert = /etc/pki/ca-trust/source/anchors/incommon-ssl.pem
ldap_tls_reqcert = demand
#ldap_tls_reqcert = never
ldap_search_base = DC=ad,DC=example,DC=com
ldap_default_bind_dn = CN=somedude,OU=Accounts,DC=ad,DC=example,DC=com
ldap_default_authtok = blah
ldap_netgroup_search_base = OU=Groups,DC=ad,DC=example,DC=com
ldap_group_search_base = OU=Groups,DC=ad,DC=example,DC=come
ldap_id_mapping = False
ldap_schema = AD
ldap_search_timeout = 60
ldap_opt_timeout = 60
ldap_network_timeout = 60
ldap_connection_expire_timeout = 3600
ldap_enumeration_search_timeout = 180
ldap_user_name = cn
ldap_user_object_class = user
ldap_group_object_class = group
ldap_group_member = member
ldap_group_nesting_level = 5

(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x7f4fbef1d770
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sbus_dispatch] (0x4000): Dispatching.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][[email protected]]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_attach_req] (0x0400): DP Request [Account #3]: New request. Flags [0x0001].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_connect_step] (0x4000): beginning to connect
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [get_server_status] (0x1000): Status of server 'authenticate.example.com' is 'name not resolved'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [get_port_status] (0x1000): Port status of port 636 for server 'authenticate.example.com' is 'neutral'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [get_server_status] (0x1000): Status of server 'authenticate.example.com' is 'name not resolved'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_is_address] (0x4000): [authenticate.example.com] does not look like an IP address
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_step] (0x2000): Querying files
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'authenticate.example.com' in files
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [set_server_common_status] (0x0100): Marking server 'authenticate.example.com' as 'resolving name'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_step] (0x2000): Querying files
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'authenticate.example.com' in files
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_step] (0x2000): Querying DNS
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'authenticate.example.com' in DNS
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [request_watch_destructor] (0x0400): Deleting request watch
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [set_server_common_status] (0x0100): Marking server 'authenticate.example.com' as 'name resolved'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_resolve_server_process] (0x1000): Saving the first resolved server
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_resolve_server_process] (0x0200): Found address for server authenticate.example.com: [134.121.137.45] TTL 600
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_uri_callback] (0x0400): Constructed uri 'ldaps://authenticate.example.com:636'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sssd_async_socket_init_send] (0x4000): Using file descriptor [25] for the connection.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sssd_async_socket_init_send] (0x0400): Setting 60 seconds timeout for connecting
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldaps://authenticate.example.com:636/??base] with fd [25].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_print_server] (0x2000): Searching 134.121.137.45:636
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [domainControllerFunctionality]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_op_add] (0x2000): New operation 1 timeout 60
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf103fe0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf103fe0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf103fe0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf103fe0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf103fe0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf103fe0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_entry] (0x1000): OriginalDN: [].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [currentTime]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [subschemaSubentry]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [dsServiceName]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [namingContexts]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [defaultNamingContext]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [schemaNamingContext]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [configurationNamingContext]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [rootDomainNamingContext]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPPolicies]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [highestCommittedUSN]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedSASLMechanisms]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [dnsHostName]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [ldapServiceName]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [serverName]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedCapabilities]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [isSynchronized]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [isGlobalCatalogReady]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [supportedExtension]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainFunctionality]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [forestFunctionality]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [domainControllerFunctionality]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf103fe0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_op_destructor] (0x2000): Operation 1 finished
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_rootdse_done] (0x2000): Got rootdse
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [get_naming_context] (0x0200): Using value from [defaultNamingContext] as naming context.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_set_search_base] (0x0100): Setting option [ldap_sudo_search_base] to [DC=ad,DC=example,DC=come].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][DC=ad,DC=example,DC=come][SUBTREE][]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 348365040 (int: 348365040)
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [7]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_cli_auth_step] (0x0100): expire timeout is 3600
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_cli_auth_step] (0x1000): the connection will expire at 1506550460
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [simple_bind_send] (0x0100): Executing simple bind as: CN=somedude,OU=Accounts,DC=ad,DC=example,DC=come
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_op_add] (0x2000): New operation 2 timeout 60
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf448500], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf448500], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_BIND]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [simple_bind_done] (0x1000): Server returned no controls.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_op_destructor] (0x2000): Operation 2 finished
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_cli_connect_recv] (0x0400): Connection established.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv: 2067
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [fo_set_port_status] (0x0100): Marking port 636 of server 'authenticate.example.com' as 'working'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [set_server_common_status] (0x0100): Marking server 'authenticate.example.com' as 'working'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [fo_set_port_status] (0x0400): Marking port 636 of duplicate server 'authenticate.example.com' as 'working'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_connect_done] (0x4000): notify connected to op #1
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_posix_check_next] (0x0400): Searching for POSIX attributes with base [DC=ad,DC=example,DC=come]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_print_server] (0x2000): Searching 134.121.137.45:636
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(|(&(uidNumber=*)(objectclass=user))(&(gidNumber=*)(objectclass=group)))][DC=ad,DC=example,DC=come].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 3
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_op_add] (0x2000): New operation 3 timeout 60
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_connect_done] (0x4000): caching successful connection after 1 notifies
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_run_unconditional_online_cb] (0x4000): List of unconditional online callbacks is empty, nothing to do.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_posix_check_parse] (0x1000): Found [CN=van.sg.posix.users,OU=groups.posix,OU=security.groups,OU=admin,OU=Vancouver,DC=ad,DC=example,DC=come] with POSIX attributes
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldaps://riverpoint.ad.example.com/DC=riverpoint,DC=ad,DC=example,DC=come] with fd [28].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldaps://ForestDnsZones.ad.example.com/DC=ForestDnsZones,DC=ad,DC=example,DC=come] with fd [29].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldaps://DomainDnsZones.ad.example.com/DC=DomainDnsZones,DC=ad,DC=example,DC=come] with fd [29].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldaps://ad.example.com/CN=Configuration,DC=ad,DC=example,DC=come] with fd [29].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldaps://DomainDnsZones.ad.example.com/DC=DomainDnsZones,DC=ad,DC=example,DC=come] with fd [30].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_rebind_proc] (0x1000): Successfully bind to [ldaps://ad.example.com/CN=Configuration,DC=ad,DC=example,DC=come].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_rebind_proc] (0x1000): Successfully bind to [ldaps://riverpoint.ad.example.com/DC=riverpoint,DC=ad,DC=example,DC=come].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldaps://riverpoint.ad.example.com/DC=riverpoint,DC=ad,DC=example,DC=come
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldaps://ForestDnsZones.ad.example.com/DC=ForestDnsZones,DC=ad,DC=example,DC=come
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldaps://DomainDnsZones.ad.example.com/DC=DomainDnsZones,DC=ad,DC=example,DC=come
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldaps://ad.example.com/CN=Configuration,DC=ad,DC=example,DC=come
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_posix_check_parse] (0x1000): Found [CN=ITS_P_STO_HPC_ITS-STAFF,OU=HPCC Permissions,OU=HPCC,OU=Departments,OU=Central,DC=riverpoint,DC=ad,DC=example,DC=come] with POSIX attributes
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_del] (0x4000): Closing LDAP connection with fd [28].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldaps://ad.example.com/CN=Schema,CN=Configuration,DC=ad,DC=example,DC=come
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[0x7f4fbf16bfd0], ldap[0x7f4fbef1ce20]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_ldap_connect_callback_del] (0x4000): Closing LDAP connection with fd [29].
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Can't contact LDAP server(-1), no errmsg set
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap: Can't contact LDAP server(-1), no errmsg set
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_op_destructor] (0x2000): Operation 3 finished
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_posix_check_done] (0x0040): sdap_get_generic_ext_recv failed [5]: Input/output error
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_done] (0x4000): advising for connection retry #1
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_handle_release] (0x2000): Trace: sh[0x7f4fbef2b000], connected[1], ops[(nil)], ldap[0x7f4fbef1ce20], destructor_lock[0], release_memory[0]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [remove_connection_callback] (0x4000): Successfully removed connection callback.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_connect_step] (0x4000): beginning to connect
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [get_server_status] (0x1000): Status of server 'authenticate.example.com' is 'working'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [get_port_status] (0x1000): Port status of port 636 for server 'authenticate.example.com' is 'not working'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP'
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error])
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_mark_offline] (0x2000): Going offline!
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_mark_offline] (0x2000): Initialize check_if_online_ptask.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was created
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 74 seconds from now [1506546934]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_op_connect_done] (0x4000): notify offline to op #1
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_req_done] (0x0400): DP Request [Account #3]: Request handler finished [0]: Success
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [_dp_req_recv] (0x0400): DP Request [Account #3]: Receiving request data.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #3]: Finished. Success.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_req_reply_std] (0x1000): DP Request [Account #3]: Returning [Provider is Offline]: 1,11,User lookup failed
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::ad.example.com:[email protected]] from reply table
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_req_destructor] (0x0400): DP Request [Account #3]: Request removed.
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.AD.EXAMPLE.COM], [2][No such file or directory]
(Wed Sep 27 14:14:20 2017) [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.AD.EXAMPLE.COM], [2][No such file or directory]

_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[SSSD-users] Unable to get ldap_tls_reqcert to work

Reply via email to