daily pastebin goal
63%
SHARE
TWEET

Untitled

a guest Jan 20th, 2017 131 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [root@server01 sssd]# more /etc/sssd/sssd.conf
  2. [sssd]
  3. domains = abc.com
  4. config_file_version = 2
  5. services = nss, pam
  6.  
  7. [domain/abc.com]
  8. id_provider = ad
  9. access_provider = simple
  10. realmd_tags = manages-system joined-with-samba
  11. ad_domain = abc.com
  12. ad_server = serverdc01.abc.com,serverdc02.abc.com,_srv_
  13. !adding in subdomain line below - SG 1-20-2017
  14. subdomain_enumerate = all
  15. krb5_realm = ABC.COM
  16. default_shell = /bin/bash
  17. ldap_id_mapping = True
  18. use_fully_qualified_names = False
  19. fallback_homedir = /home/%u@%d
  20. simple_allow_groups = TDI Remote Access Users@abc.com
  21. debug_level = 0x07F0
  22.  
  23. [domain/a.abc.com]
  24. ad_server = aserverdc01.a.abc.com,aserver02.a.abc.com,_srv_
  25.    
  26. [root@server01 bin]# id user@a.abc.com
  27. uid=1915601610(user@a.abc.com) gid=1915601610(user@a.abc.com)       groups=1915601610(user@a.abc.com),1213401243(tdi remote access users),1915601332(authlite 1f tag@a.abc.com),1915601331(authlite users@a.abc.com),1915601110(eus-workstationadmins@a.abc.com),1915601606(eus-sccmadmins@a.abc.com),1915600513(domain users@a.abc.com)
  28.    
  29. [root@server01 bin]# realm list
  30. abc.com
  31.   type: kerberos
  32.   realm-name: ABC.COM
  33.   domain-name: abc.com
  34.   configured: kerberos-member
  35.   server-software: active-directory
  36.   client-software: sssd
  37.   required-package: oddjob
  38.   required-package: oddjob-mkhomedir
  39.   required-package: sssd
  40.   required-package: adcli
  41.   required-package: samba-common
  42.   login-formats: %U
  43.   login-policy: allow-permitted-logins
  44.   permitted-logins:
  45.   permitted-groups: TDI Remote Access Users@abc.com
  46.    
  47. Jan 20 15:46:35 server01 cw[22854]: pam_sss(conwrks:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=user@abc.com
  48. Jan 20 15:46:35 server01 cw[22854]: pam_sss(conwrks:auth): received for user user@abc.com: 4 (System error)
  49.    
  50. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [unpack_buffer] (0x0100): cmd [241] uid [1915601610] gid [1915601610] validate [true] enterprise principal [true] offline [false] UPN [user@ABC.COM]
  51. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1915601610] old_ccname: [not set] keytab: [/etc/krb5.keytab]
  52. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [check_use_fast] (0x0100): Not using FAST.
  53. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket
  54. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [become_user] (0x0200): Trying to become user [1915601610][1915601610].
  55. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
  56. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
  57. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
  58. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [main] (0x0400): Will perform online auth
  59. (Fri Jan 20 15:46:33 2017) [[sssd[krb5_child[23048]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [ABC.COM]
  60. (Fri Jan 20 15:46:35 2017) [[sssd[krb5_child[23048]]]] [get_and_save_tgt] (0x0020): 1234: [-1765328372][KDC policy rejects request]
  61. (Fri Jan 20 15:46:35 2017) [[sssd[krb5_child[23048]]]] [map_krb5_error] (0x0020): 1303: [-1765328372][KDC policy rejects request]
  62. (Fri Jan 20 15:46:35 2017) [[sssd[krb5_child[23048]]]] [k5c_send_data] (0x0200): Received error code 1432158209
  63. (Fri Jan 20 15:46:35 2017) [[sssd[krb5_child[23048]]]] [main] (0x0400): krb5_child completed successfully
  64.    
  65. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=user]
  66. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [be_req_set_domain] (0x0400): Changing request domain from [abc.com] to [a.abc.com]
  67. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [dc=a,dc=a,dc=hawaiian,dc=aero]
  68. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=user)(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=a,dc=a].
  69. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
  70. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_search_user_process] (0x0400): Search for users, returned 1 results.
  71. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_save_user] (0x0400): Save user
  72. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_get_primary_name] (0x0400): Processing object user@a.abc.com
  73. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_save_user] (0x0400): Processing user user@a.abc.com
  74. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_save_user] (0x0400): Adding original memberOf attributes to [user@a.abc.com].
  75. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_save_user] (0x0400): Adding user principal [user@a.abc.com] to attributes of [user@a.abc.com].
  76. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sdap_save_user] (0x0400): Storing info for user user@a.abc.com
  77. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sysdb_search_by_name] (0x0400): No such entry
  78. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sysdb_search_by_name] (0x0400): No such entry
  79. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [sysdb_search_user_by_uid] (0x0400): No such entry
  80. (Fri Jan 20 15:46:31 2017) [sssd[be[abc.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top