On Fri, 2018-07-06 at 10:55 +0200, Sumit Bose wrote: > On Thu, Jul 05, 2018 at 08:09:55PM +0000, Ratliff, John wrote: > > > > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] [sdap_print_server] > (0x2000): Searching 134.68.239.131:389 > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with > [no filter][CN=jdratlif,OU=Accounts,DC=ads,DC=iu,DC=edu]. > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [tokenGroups] > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = > 15 > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] [sdap_op_add] > (0x2000): New operation 15 timeout 6 > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_process_result] (0x2000): Trace: sh[0x564b5d62f090], > connected[1], ops[(nil)], ldap[0x564b5d62d1e0] > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_process_result] (0x2000): Trace: sh[0x564b5d61dd00], > connected[1], ops[0x564b5d63a360], ldap[0x564b5d5a0c60] > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_process_message] (0x4000): Message type: > [LDAP_RES_SEARCH_ENTRY] > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] [sdap_parse_entry] > (0x1000): OriginalDN: [CN=jdratlif,OU=Accounts,DC=ads,DC=iu,DC=edu]. > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] [sdap_parse_entry] > (0x1000): Entry has no attributes [0(Success)]!? > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_process_result] (0x2000): Trace: sh[0x564b5d61dd00], > connected[1], ops[0x564b5d63a360], ldap[0x564b5d5a0c60] > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_process_message] (0x4000): Message type: > [LDAP_RES_SEARCH_RESULT] > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), > no errmsg set > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_op_destructor] (0x2000): Operation 15 finished > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] > [sdap_get_ad_tokengroups_done] (0x1000): No tokenGroups entries for [ > [email protected]] > (Thu Jul 5 16:04:42 2018) [sssd[be[ads.iu.edu]]] [ldb] (0x4000): > start ldb transaction (nesting: 0) > > this makes SSSD assume that the user is not a member of any group. > > Please try to set 'ldap_use_tokengroups=False' (see man sssd-ldap for > details) and check if the group memberships are reported more > reliable. > > Afaik the issue with the tokenGroups might indicate that the used AD > DC > has issues reaching a Global Catalog server.
Thank you for the information. I don't know what to do about it at the moment. Adding that parameter makes id freeze when I run it. It seems to be unable to handle it when this parameter exists. I'm unclear what you mean by AD DC has issues reaching the global catalog server. Do you mean my sever is having trouble, or the DC itself? One more thing I found interesting. I made another RHEL7 box and used winbind instead of sssd and group membership works fine there. I made another virtual machine and tried realmd/sssd again. I took it off the virtual machine NAT and gave it a public IP and disabled the firewall to make sure that wasn't causing any issues, but there was no change. This still feel like an sssd configuration problem to me, though I'm not sure what to do about it at the moment. Thanks for your assitance. -- John Ratliff Research Storage / UITS / Pervasive Technology Institute Indiana University | https://pti.iu.edu
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/2FPUT7PHHJAYYKS57PUXPOG57OIJMGGW/
