On Mon, Jul 01, 2019 at 09:09:24AM -0000, B M wrote: > Hi Jakub, > > Thx for the suggestions! > > Here more logs: > > NOTE: Replaced xxxx-xxxx or xxxx from the original name. > > /var/log/sssd/sssd_sudo.log > > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [accept_fd_handler] (0x0400): Client > connected! > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): > Received client version [1]. > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): > Offered version [1]. > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using > protocol version [1] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_get_rules_send] (0x0400): > Running initgroups for [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_plugin] (0x2000): CR > #8: Setting "Initgroups by name" plugin > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_send] (0x0400): CR #8: New > request 'Initgroups by name' > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_process_input] (0x0400): > CR #8: Parsing input name [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_parse_name_for_domains] > (0x0200): name '[email protected]' matched expression for domain > 'awsad.xxxx-xxxx.com', user is admin > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_name] (0x0400): CR #8: > Setting name [admin] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_select_domains] (0x0400): > CR #8: Performing a single domain search > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_domain_get_state] (0x1000): > Domain awsad.xxxx-xxxx.com is Active > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_domains] (0x0400): > CR #8: Search will check the cache and check the data provider > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_validate_domain_type] > (0x2000): Request type POSIX-only for domain awsad.xxxx-xxxx.com type POSIX > is valid > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_domain] (0x0400): CR > #8: Using domain [awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_prepare_domain_data] > (0x0400): CR #8: Preparing input data for domain [awsad.xxxx-xxxx.com] rules > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR > #8: Looking up [email protected] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): > CR #8: Checking negative cache for [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): > Checking negative cache for > [NCE/USER/awsad.xxxx-xxxx.com/[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): > CR #8: [[email protected]] is not present in negative cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR > #8: Looking up [[email protected]] in cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR > #8: Object found, but needs to be refreshed. > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_dp] (0x0400): CR > #8: Looking up [[email protected]] in data provider > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_issue_request] (0x0400): > Issuing request for > [0x55c2341d5360:3:[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_account_msg] (0x0400): > Creating request for > [awsad.xxxx-xxxx.com][0x3][BE_REQ_INITGROUPS][[email protected]:-] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_add_timeout] (0x2000): > 0x55c2362f3a70 > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_internal_get_send] (0x0400): > Entering request > [0x55c2341d5360:3:[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_remove_timeout] (0x2000): > 0x55c2362f3a70 > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_reply] (0x0010): The Data > Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
You'll want to fix this first..unless sssd can stay online at least for the duration of the test, the logs won't be as useful.. The way I usually debug these issues is to find the first occurence of "Going offline" or "Marking port XYZ as NOT_WORKING" in the log and then look couple of lines before. See inline.. > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv] (0x0040): > CR #8: Data Provider Error: 3, 5, Failed to get reply from Data Provider > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv] (0x0400): > CR #8: Due to an error we will return cached data > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR > #8: Looking up [[email protected]] in cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache_filter] > (0x0400): CR #8: This request type does not support filtering result by > negative cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_done] (0x0400): CR > #8: Returning updated object [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_create_and_add_result] > (0x0400): CR #8: Found 24 entries in domain awsad.xxxx-xxxx.com > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_req_destructor] (0x0400): > Deleting request: > [0x55c2341d5360:3:[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_done] (0x0400): CR #8: > Finished: Success > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sysdb_get_sudo_user_info] (0x0400): > original name: [email protected] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): > Searching sysdb with > [(&(objectClass=sudoRule)(dataExpireTimestamp<=1561969502)(|(name=defaults)(sudoUser=ALL)([email protected])(sudoUser=#1979001109)(sudoUser=%Domain\[email protected])(sudoUser=%AWS\20Delegated\[email protected])(sudoUser=%AWS\20Delegated\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\[email protected])(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\[email protected])(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\[email protected])(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\[email protected])(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\[email protected])(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Group\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\[email protected])(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\[email protected])(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\[email protected])(sudoUser=%AWS\20Delegated\20System\20Management\[email protected])(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\[email protected])(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\[email protected])(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\[email protected])(sudoUser=%[email protected])(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\[email protected])(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\[email protected])(sudoUser=%AWS\20Delegated\20Server\[email protected])(sudoUser=%[email protected])(sudoUser=%Domain\[email protected])(sudoUser=+*)))] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_refresh_rules_send] > (0x0400): No expired rules were found for > [[email protected]@awsad.xxxx-xxxx.com]. > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): > Retrieving default options for [[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): > Searching sysdb with [(&(objectClass=sudoRule)(name=defaults))] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): > Returning 0 default options for > [[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): > error: [0] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): > rules_num: [0] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using > protocol version [1] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_get_rules_send] (0x0400): > Running initgroups for [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_plugin] (0x2000): CR > #9: Setting "Initgroups by name" plugin > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_send] (0x0400): CR #9: New > request 'Initgroups by name' > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_process_input] (0x0400): > CR #9: Parsing input name [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_parse_name_for_domains] > (0x0200): name '[email protected]' matched expression for domain > 'awsad.xxxx-xxxx.com', user is admin > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_name] (0x0400): CR #9: > Setting name [admin] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_select_domains] (0x0400): > CR #9: Performing a single domain search > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_domain_get_state] (0x1000): > Domain awsad.xxxx-xxxx.com is Active > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_domains] (0x0400): > CR #9: Search will check the cache and check the data provider > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_validate_domain_type] > (0x2000): Request type POSIX-only for domain awsad.xxxx-xxxx.com type POSIX > is valid > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_set_domain] (0x0400): CR > #9: Using domain [awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_prepare_domain_data] > (0x0400): CR #9: Preparing input data for domain [awsad.xxxx-xxxx.com] rules > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR > #9: Looking up [email protected] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): > CR #9: Checking negative cache for [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): > Checking negative cache for > [NCE/USER/awsad.xxxx-xxxx.com/[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache] (0x0400): > CR #9: [[email protected]] is not present in negative cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR > #9: Looking up [[email protected]] in cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_send] (0x0400): CR > #9: Object found, but needs to be refreshed. > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_dp] (0x0400): CR > #9: Looking up [[email protected]] in data provider > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_issue_request] (0x0400): > Issuing request for > [0x55c2341d5360:3:[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_account_msg] (0x0400): > Creating request for > [awsad.xxxx-xxxx.com][0x3][BE_REQ_INITGROUPS][[email protected]:-] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_add_timeout] (0x2000): > 0x55c236313f70 > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_internal_get_send] (0x0400): > Entering request > [0x55c2341d5360:3:[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sbus_remove_timeout] (0x2000): > 0x55c236313f70 > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_get_reply] (0x0010): The Data > Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv] (0x0040): > CR #9: Data Provider Error: 3, 5, Failed to get reply from Data Provider > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_common_dp_recv] (0x0400): > CR #9: Due to an error we will return cached data > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_cache] (0x0400): CR > #9: Looking up [[email protected]] in cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_ncache_filter] > (0x0400): CR #9: This request type does not support filtering result by > negative cache > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_search_done] (0x0400): CR > #9: Returning updated object [[email protected]] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_create_and_add_result] > (0x0400): CR #9: Found 24 entries in domain awsad.xxxx-xxxx.com > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sss_dp_req_destructor] (0x0400): > Deleting request: > [0x55c2341d5360:3:[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [cache_req_done] (0x0400): CR #9: > Finished: Success > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sysdb_get_sudo_user_info] (0x0400): > original name: [email protected] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): > Searching sysdb with > [(&(objectClass=sudoRule)(dataExpireTimestamp<=1561969502)(|(name=defaults)(sudoUser=ALL)([email protected])(sudoUser=#1979001109)(sudoUser=%Domain\[email protected])(sudoUser=%AWS\20Delegated\[email protected])(sudoUser=%AWS\20Delegated\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\[email protected])(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\[email protected])(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\[email protected])(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\[email protected])(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\[email protected])(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Group\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\[email protected])(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\[email protected])(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\[email protected])(sudoUser=%AWS\20Delegated\20System\20Management\[email protected])(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\[email protected])(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\[email protected])(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\[email protected])(sudoUser=%[email protected])(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\[email protected])(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\[email protected])(sudoUser=%AWS\20Delegated\20Server\[email protected])(sudoUser=%[email protected])(sudoUser=%Domain\[email protected])(sudoUser=+*)))] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_refresh_rules_send] > (0x0400): No expired rules were found for > [[email protected]@awsad.xxxx-xxxx.com]. > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): > Retrieving rules for [[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): > Searching sysdb with > [(&(objectClass=sudoRule)(|(sudoUser=ALL)([email protected])(sudoUser=#1979001109)(sudoUser=%Domain\[email protected])(sudoUser=%AWS\20Delegated\[email protected])(sudoUser=%AWS\20Delegated\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\[email protected])(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\[email protected])(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\[email protected])(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\[email protected])(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\[email protected])(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Group\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\[email protected])(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\[email protected])(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\[email protected])(sudoUser=%AWS\20Delegated\20System\20Management\[email protected])(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\[email protected])(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\[email protected])(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\[email protected])(sudoUser=%[email protected])(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\[email protected])(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\[email protected])(sudoUser=%AWS\20Delegated\20Server\[email protected])(sudoUser=%[email protected])(sudoUser=%Domain\[email protected])))] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_cached_rules_by_user] > (0x0400): Replacing sudoUser attribute with sudoUser: #1979001109 > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_query_cache] (0x0200): > Searching sysdb with > [(&(objectClass=sudoRule)(sudoUser=+*)(!(|(sudoUser=ALL)([email protected])(sudoUser=#1979001109)(sudoUser=%Domain\[email protected])(sudoUser=%AWS\20Delegated\[email protected])(sudoUser=%AWS\20Delegated\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Active\20Directory\20Based\20Activation\[email protected])(sudoUser=%AWS\20Delegated\20Deleted\20Object\20Lifetime\[email protected])(sudoUser=%AWS\20Delegated\20Distributed\20File\20System\[email protected])(sudoUser=%AWS\20Delegated\20Dynamic\20Host\20Configuration\20Protocol\[email protected])(sudoUser=%AWS\20Delegated\20Enterprise\20Certificate\20Authority\[email protected])(sudoUser=%AWS\20Delegated\20Fine\20Grained\20Password\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Group\20Policy\[email protected])(sudoUser=%AWS\20Delegated\20Managed\20Service\20Account\[email protected])(sudoUser=%AWS\20Delegated\20Remote\20Access\20Service\[email protected])(sudoUser=%AWS\20Delegated\20Replicate\20Directory\20Changes\[email protected])(sudoUser=%AWS\20Delegated\20Sites\20and\20Services\[email protected])(sudoUser=%AWS\20Delegated\20System\20Management\[email protected])(sudoUser=%AWS\20Delegated\20Terminal\20Server\20Licensing\[email protected])(sudoUser=%AWS\20Delegated\20User\20Principal\20Name\20Suffix\[email protected])(sudoUser=%AWS\20Delegated\20Add\20Workstations\20To\20Domain\[email protected])(sudoUser=%[email protected])(sudoUser=%AWS\20Delegated\20Domain\20Name\20System\[email protected])(sudoUser=%AWS\20Delegated\20Kerberos\20Delegation\[email protected])(sudoUser=%AWS\20Delegated\20Server\[email protected])(sudoUser=%[email protected])(sudoUser=%Domain\[email protected]))))] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_fetch_rules] (0x0400): > Returning 0 rules for [[email protected]@awsad.xxxx-xxxx.com] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): > error: [0] > (Mon Jul 1 08:25:02 2019) [sssd[sudo]] [sudosrv_build_response] (0x2000): > rules_num: [0] > > > /var/log/sssd/sssd_LDAP_AWSAD.XXXX-XXXX.COM.log > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_sudo_store_rule] (0x0400): Adding sudo rule %[email protected] > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_sudo_store_rule] (0x0400): Adding sudo rule r3 > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_sudo_store_rule] (0x0400): Adding sudo rule defaults > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_sudo_refresh_done] (0x0400): Sudoers is successfully stored in cache > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_sudo_set_usn] (0x0200): SUDO higher USN value: [245544] > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [be_ptask_done] (0x0400): Task [SUDO Full Refresh]: finished successfully > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task 21600 > seconds from last execution time [1561990778] > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[(nil)], ldap[0x55f8831bc530] > (Mon Jul 1 08:19:38 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sbus_message_handler] (0x2000): Received SBUS method > org.freedesktop.sssd.dataprovider.getAccountInfo on path > /org/freedesktop/sssd/dataprovider > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_get_account_info_handler] (0x0200): Got request for > [0x3][BE_REQ_INITGROUPS][name=ubuntu@ldap_awsad.xxxx-xxxx.com] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sss_domain_get_state] (0x1000): Domain LDAP_AWSAD.xxxx-xxxx.COM is Active > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_attach_req] (0x0400): DP Request [Initgroups #5]: New request. Flags > [0x0001]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_attach_req] (0x0400): Number of active DP request: 1 > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sss_domain_get_state] (0x1000): Domain LDAP_AWSAD.xxxx-xxxx.COM is Active > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_initgr_next_base] (0x0400): Searching for users with base > [DC=awsad,DC=xxxx-xxxx,DC=com] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_print_server] (0x2000): Searching 10.80.100.196:389 > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with > [(&(uid=ubuntu)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: > [krbPasswordExpiration] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [rhost] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sshPublicKey] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: > [userCertificate;binary] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 15 > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_op_add] > (0x2000): New operation 15 timeout 6 > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbbe0], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com] > with fd [23]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com] > with fd [24]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com] > with fd [25]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_rebind_proc] (0x1000): Successfully bind to > [ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_rebind_proc] (0x1000): Successfully bind to > [ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_rebind_proc] (0x1000): Successfully bind to > [ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbbe0], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbbe0], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com Here we see many referrals being followed. This is typical with AD and with LDAP provider with AD you'll want to switch off the referral support: ldap_referrals = false this is documented here: https://docs.pagure.org/SSSD.sssd/users/ldap_with_ad.html Is there a reason to use the LDAP provider and not the AD provider? > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbbe0], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbbe0], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://awsad.xxxx-xxxx.com/CN=Schema,CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbbe0], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbbe0], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg > set > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_op_destructor] (0x2000): Operation 15 finished > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_user_by_upn] (0x0400): No entry with upn > [ubuntu@ldap_awsad.xxxx-xxxx.com] found. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_entry_by_sid_str] (0x0400): No such entry > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_object_attr] (0x0400): No such entry. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_get_real_name] (0x0040): Cannot find user > [ubuntu@ldap_awsad.xxxx-xxxx.com] in cache > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [groups_by_user_done] (0x2000): Failed to canonicalize name, using > [ubuntu@ldap_awsad.xxxx-xxxx.com] [2]: No such file or directory. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_by_name] (0x0400): No such entry > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_cache_search_groups] (0x2000): Search groups with filter: > (&(objectCategory=group)(ghost=ubuntu@ldap_awsad.xxxx-xxxx.com)) > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_cache_search_groups] (0x2000): No such entry > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_done] > (0x0400): DP Request [Initgroups #5]: Request handler finished [0]: Success > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [_dp_req_recv] (0x0400): DP Request [Initgroups #5]: Receiving request data. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #5]: Finished. > Success. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_reply_std] (0x1000): DP Request [Initgroups #5]: Returning [Success]: > 0,0,Success > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_table_value_destructor] (0x0400): Removing > [0:1:0x0001:3::LDAP_AWSAD.xxxx-xxxx.COM:name=ubuntu@ldap_awsad.xxxx-xxxx.com] > from reply table > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_destructor] (0x0400): DP Request [Initgroups #5]: Request removed. > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_destructor] (0x0400): Number of active DP request: 0 > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[(nil)], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:02 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sbus_message_handler] (0x2000): Received SBUS method > org.freedesktop.sssd.dataprovider.getAccountInfo on path > /org/freedesktop/sssd/dataprovider > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_get_account_info_handler] (0x0200): Got request for > [0x3][BE_REQ_INITGROUPS][name=ubuntu@ldap_awsad.xxxx-xxxx.com] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sss_domain_get_state] (0x1000): Domain LDAP_AWSAD.xxxx-xxxx.COM is Active > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_attach_req] (0x0400): DP Request [Initgroups #6]: New request. Flags > [0x0001]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_attach_req] (0x0400): Number of active DP request: 1 > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sss_domain_get_state] (0x1000): Domain LDAP_AWSAD.xxxx-xxxx.COM is Active > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_initgr_next_base] (0x0400): Searching for users with base > [DC=awsad,DC=xxxx-xxxx,DC=com] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_print_server] (0x2000): Searching 10.80.100.196:389 > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with > [(&(uid=ubuntu)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: > [krbPasswordExpiration] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [rhost] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sshPublicKey] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: > [userCertificate;binary] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 26 > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [sdap_op_add] > (0x2000): New operation 26 timeout 6 > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbd60], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com] > with fd [23]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com] > with fd [24]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com] > with fd [25]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_rebind_proc] (0x1000): Successfully bind to > [ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_rebind_proc] (0x1000): Successfully bind to > [ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_rebind_proc] (0x1000): Successfully bind to > [ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com]. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://ForestDnsZones.awsad.xxxx-xxxx.com/DC=ForestDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbd60], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://awsad.xxxx-xxxx.com/CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbd60], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://DomainDnsZones.awsad.xxxx-xxxx.com/DC=DomainDnsZones,DC=awsad,DC=xxxx-xxxx,DC=com > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbd60], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbd60], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_ext_add_references] (0x1000): Additional References: > ldap://awsad.xxxx-xxxx.com/CN=Schema,CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbd60], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[0x55f8831dbd60], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg > set > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_op_destructor] (0x2000): Operation 26 finished > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_user_by_upn] (0x0400): No entry with upn > [ubuntu@ldap_awsad.xxxx-xxxx.com] found. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_entry_by_sid_str] (0x0400): No such entry > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_object_attr] (0x0400): No such entry. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_get_real_name] (0x0040): Cannot find user > [ubuntu@ldap_awsad.xxxx-xxxx.com] in cache > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [groups_by_user_done] (0x2000): Failed to canonicalize name, using > [ubuntu@ldap_awsad.xxxx-xxxx.com] [2]: No such file or directory. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_search_by_name] (0x0400): No such entry > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_cache_search_groups] (0x2000): Search groups with filter: > (&(objectCategory=group)(ghost=ubuntu@ldap_awsad.xxxx-xxxx.com)) > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_cache_search_groups] (0x2000): No such entry > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] [dp_req_done] > (0x0400): DP Request [Initgroups #6]: Request handler finished [0]: Success > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [_dp_req_recv] (0x0400): DP Request [Initgroups #6]: Receiving request data. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #6]: Finished. > Success. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_reply_std] (0x1000): DP Request [Initgroups #6]: Returning [Success]: > 0,0,Success > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_table_value_destructor] (0x0400): Removing > [0:1:0x0001:3::LDAP_AWSAD.xxxx-xxxx.COM:name=ubuntu@ldap_awsad.xxxx-xxxx.com] > from reply table > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_destructor] (0x0400): DP Request [Initgroups #6]: Request removed. > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [dp_req_destructor] (0x0400): Number of active DP request: 0 > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: sh[0x55f8831b51f0], connected[1], > ops[(nil)], ldap[0x55f8831bc530] > (Mon Jul 1 08:20:09 2019) [sssd[be[LDAP_AWSAD.xxxx-xxxx.COM]]] > [sdap_process_result] (0x2000): Trace: end of ldap_result list > > > ldbsearch -H /var/lib/sss/db/cache_LDAP_AWSAD.XXXX-XXXX.COM.ldb > > asq: Unable to register control with rootdse! > # record 1 > dn: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: Users > distinguishedName: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 2 > dn: name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: r2 > dataExpireTimestamp: 1561974578 > entryUSN: 245385 > name: r2 > objectClass: sudoRule > originalDN: CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: [email protected] > sudoUser: [email protected] > distinguishedName: name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM, > cn=sysdb > > # record 3 > dn: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: LDAP_AWSAD.xxxx-xxxx.COM > distinguishedName: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 4 > dn: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: defaults > dataExpireTimestamp: 1561974578 > entryUSN: 245543 > name: defaults > objectClass: sudoRule > originalDN: CN=defaults,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: ALL > sudoUser: all > distinguishedName: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.YARA-DFD > P.COM,cn=sysdb > > # record 5 > dn: > name=%[email protected],cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: %[email protected] > dataExpireTimestamp: 1561974578 > entryUSN: 245477 > name: %[email protected] > objectClass: sudoRule > originalDN: CN=%[email protected],OU=SUDOers,OU=awsad,DC=awsad,DC=yara > -dfdp,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: %[email protected] > sudoUser: %[email protected] > distinguishedName: name=%[email protected],cn=sudorules,cn=custom,cn=L > DAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 6 > dn: cn=ranges,cn=sysdb > cn: ranges > distinguishedName: cn=ranges,cn=sysdb > > # record 7 > dn: name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: r3 > dataExpireTimestamp: 1561974578 > entryUSN: 245509 > name: r3 > objectClass: sudoRule > originalDN: CN=r3,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: ALL > sudoUser: Admin@ldap_awsad.xxxx-xxxx.com > sudoUser: admin@ldap_awsad.xxxx-xxxx.com > distinguishedName: name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM, > cn=sysdb > > # record 8 > dn: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: sudorules > sudoLastFullRefreshTime: 1561969178 > distinguishedName: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 9 > dn: cn=sysdb > cn: sysdb > description: base object > version: 0.20 > distinguishedName: cn=sysdb > > # record 10 > dn: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: Groups > distinguishedName: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 11 > dn: name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: r1 > dataExpireTimestamp: 1561974578 > entryUSN: 245304 > name: r1 > objectClass: sudoRule > originalDN: CN=r1,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: ubuntu@ldap_awsad.xxxx-xxxx.com > distinguishedName: name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM, > cn=sysdb > > # returned 11 records > # 11 entries > # 0 referrals > root@dfdp-080100016:~# ldbsearch -H > /var/lib/sss/db/cache_LDAP_AWSAD.xxxx-xxxx.COM.ldb > asq: Unable to register control with rootdse! > # record 1 > dn: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: Users > distinguishedName: cn=users,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 2 > dn: name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: r2 > dataExpireTimestamp: 1561974578 > entryUSN: 245385 > name: r2 > objectClass: sudoRule > originalDN: CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: [email protected] > sudoUser: [email protected] > distinguishedName: name=r2,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM, > cn=sysdb > > # record 3 > dn: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: LDAP_AWSAD.xxxx-xxxx.COM > distinguishedName: cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 4 > dn: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: defaults > dataExpireTimestamp: 1561974578 > entryUSN: 245543 > name: defaults > objectClass: sudoRule > originalDN: CN=defaults,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: ALL > sudoUser: all > distinguishedName: name=defaults,cn=sudorules,cn=custom,cn=LDAP_AWSAD.YARA-DFD > P.COM,cn=sysdb > > # record 5 > dn: > name=%[email protected],cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: %[email protected] > dataExpireTimestamp: 1561974578 > entryUSN: 245477 > name: %[email protected] > objectClass: sudoRule > originalDN: CN=%[email protected],OU=SUDOers,OU=awsad,DC=awsad,DC=yara > -dfdp,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: %[email protected] > sudoUser: %[email protected] > distinguishedName: name=%[email protected],cn=sudorules,cn=custom,cn=L > DAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 6 > dn: cn=ranges,cn=sysdb > cn: ranges > distinguishedName: cn=ranges,cn=sysdb > > # record 7 > dn: name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: r3 > dataExpireTimestamp: 1561974578 > entryUSN: 245509 > name: r3 > objectClass: sudoRule > originalDN: CN=r3,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: ALL > sudoUser: Admin@ldap_awsad.xxxx-xxxx.com > sudoUser: admin@ldap_awsad.xxxx-xxxx.com > distinguishedName: name=r3,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM, > cn=sysdb > > # record 8 > dn: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: sudorules > sudoLastFullRefreshTime: 1561969178 > distinguishedName: cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 9 > dn: cn=sysdb > cn: sysdb > description: base object > version: 0.20 > distinguishedName: cn=sysdb > > # record 10 > dn: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: Groups > distinguishedName: cn=groups,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > > # record 11 > dn: name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM,cn=sysdb > cn: r1 > dataExpireTimestamp: 1561974578 > entryUSN: 245304 > name: r1 > objectClass: sudoRule > originalDN: CN=r1,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > sudoCommand: ALL > sudoHost: ALL > sudoOption: !authenticate > sudoUser: ubuntu@ldap_awsad.xxxx-xxxx.com > distinguishedName: name=r1,cn=sudorules,cn=custom,cn=LDAP_AWSAD.xxxx-xxxx.COM, > cn=sysdb > > # returned 11 records > # 11 entries > # 0 referrals > > /etc/sssd/sssd.conf > > [sssd] > services = nss, pam,ssh, sudo > debug_level = 0x7FFF > domains = awsad.xxxx-xxxx.com, aws.dfdp.com, LDAP_AWSAD.xxxx-xxxx.COM > > [sudo] > debug_level = 0x3ff0 > > [domain/LDAP_AWSAD.xxxx-xxxx.COM] > case_sensitive=false > debug_level = 0x3ff0 > access_provider = ldap > id_provider = ldap > sudo_provider = ldap > ldap_uri = ldap://xxx.xxx.xxx.xxx > ldap_default_bind_dn = [email protected] > ldap_default_authtok = xxxxxxxxx > ldap_sudo_search_base = OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > > [domain/awsad.xxxx-xxxx.com] > debug_level = 0x0200 > id_provider = ad > access_provider = ad > enumerate = true > subdomain_enumerate = all > ad_domain = AWSAD.xxxx-xxxx.COM > krb5_realm = AWSAD.xxxx-xxxx.COM > realmd_tags = manages-system joined-with-adcli > cache_credentials = True > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_id_mapping = True > use_fully_qualified_names = True > fallback_homedir = /home/%d/%u > > [domain/aws.xxxx.com] > debug_level = 0x0200 > id_provider = ad > access_provider = ad > enumerate = true > ad_domain = AWS.xxxx.COM > krb5_realm = AWS.xxxx.COM > realmd_tags = manages-system joined-with-adcli > cache_credentials = True > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_id_mapping = True > use_fully_qualified_names = True > fallback_homedir = /home/%d/%u > > > [domain/ad.xxxx.com] > debug_level = 0x0200 > id_provider = ad > access_provider = ad > ad_server = xxx.ad.xxxx.com > ad_server_backup = xxx.ad.xxxx.com > enumerate = true > ad_domain = AD.XXXX.COM > krb5_realm = AD.XXXX.COM > realmd_tags = manages-system joined-with-adcli > cache_credentials = True > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_id_mapping = True > use_fully_qualified_names = True > fallback_homedir = /home/%d/%u > > > > /etc/nsswitch.conf > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat systemd sss > group: compat systemd sss > shadow: compat sss > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files sss > ethers: db files > rpc: db files > > netgroup: nis sss > sudoers: sss files > > > Windows AD using the SUDO schema (imported). > > Only 1 entry from MS AD for the sake of example: > > PS C:\Windows\system32> Get-ADObject –Identity > "CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com" -Property * > > > CanonicalName : awsad.xxxx-xxxx.com/awsad/SUDOers/r2 > CN : r2 > Created : 6/30/2019 8:59:46 AM > createTimeStamp : 6/30/2019 8:59:46 AM > Deleted : > Description : > DisplayName : > DistinguishedName : > CN=r2,OU=SUDOers,OU=awsad,DC=awsad,DC=xxxx-xxxx,DC=com > dSCorePropagationData : {1/1/1601 12:00:00 AM} > instanceType : 4 > isDeleted : > LastKnownParent : > Modified : 6/30/2019 8:59:56 AM > modifyTimeStamp : 6/30/2019 8:59:56 AM > Name : r2 > nTSecurityDescriptor : > System.DirectoryServices.ActiveDirectorySecurity > ObjectCategory : > CN=sudoRole,CN=Schema,CN=Configuration,DC=awsad,DC=xxxx-xxxx,DC=com > ObjectClass : sudoRole > ObjectGUID : 9b660613-94f8-4f58-86bc-21e813027fbf > ProtectedFromAccidentalDeletion : False > sDRightsEffective : 7 > sudoCommand : {ALL} > sudoHost : {ALL} > sudoOption : {!authenticate} > sudoUser : {[email protected]} > uSNChanged : 245385 > uSNCreated : 245385 > whenChanged : 6/30/2019 8:59:56 AM > whenCreated : 6/30/2019 8:59:46 AM > > > > > PS C:\Windows\system32> > > > Thx a lot! and Cheers! > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
