search

SSSD / sssd

A daemon to manage identity, authentication and authorization for centrally-managed systems.
https://sssd.io
GNU General Public License v3.0
588 stars 237 forks source link

kerberos pre-auth fails for pkinit #5856

Closed macgeneral closed 1 year ago

macgeneral commented 2 years ago

Related Issue: #5377 OS: Manjaro (Arch Linux) SSSD Version 2.5.2 Kerberos 5 version 1.19.2 OpenSC 0.22.0 [gcc 11.1.0]

I have a working SSSD setup including SSSD-KCM as credential cache and everything works as expected.

My company uses SmartCards to authenticate users for example on AD and on Windows laptops users can login using either the SmartCard + PIN or their AD password. They also use self-signed Root and Intermediate CAs. On Linux I'm able to login using the SmartCard + PIN as well when using the pam_krb5.so module, but the same configuration does not work when I try to use pam_sss.so with SmartCard authentication enabled instead.

I enabled SmartCard authentication in SSSD by adding ldap_user_certificate = userCertificate;binary and pam_cert_auth = TRUE in the respective configurations and creating the file /var/lib/sss/pubconf/pam_preauth_available.

Unfortunately I get the following error in the logs and pam_sss.so falls back to the AD password:

krb5_child[..]: Pre-authentication failed: Cannot read password

When I use p11_child with the directory path as originally configured in /etc/krb5.conf the certificate authentication fails:

user@domain:~$ /usr/lib/sssd/sssd/p11_child --pre --ca_db=/usr/share/ca-certificates/trust-source/anchors/ --debug-fd=1 --debug-level=10 

[p11_child[37508]] [main] (0x0400): p11_child started.
[p11_child[37508]] [main] (0x2000): Running in [pre-auth] mode.
[p11_child[37508]] [main] (0x2000): Running with effective IDs: [aduserid][aduserid].
[p11_child[37508]] [main] (0x2000): Running with real IDs [aduserid][aduserid].
[p11_child[37508]] [init_verification] (0x0040): X509_LOOKUP_load_file failed [185090184][error:0B084088:x509 certificate routines:X509_load_cert_crl_file:no certificate or crl found].
[p11_child[37508]] [do_work] (0x0040): init_verification failed.
[p11_child[37508]] [main] (0x0040): do_work failed.
[p11_child[37508]] [main] (0x0020): p11_child failed!

When concatenating all of them into a single file it succeeds:

user@domain:~$ /usr/lib/sssd/sssd/p11_child --pre --ca_db=/usr/share/ca-certificates/trust-source/company.bundle.crt --debug-fd=1

Company Corporate ID Card
/usr/lib/pkcs11/opensc-pkcs11.so
[..id..]
Auth iso_date_from iso_date_to
MII[..]
Company Corporate ID Card
/usr/lib/pkcs11/opensc-pkcs11.so
[..id..]
Encr iso_date_from iso_date_to
MII[..]

But it still fails when I try to authenticate with it with the same error as mentioned above.

I was hoping maybe @sumit-bose can point me into the right direction :).
Thank you already in advance!

Relevant config snippets:

/etc/krb5.conf ```ini [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 10h renew_lifetime = 7d forwardable = true proxiable = true default_realm = DOMAIN.COMPANY.TLD default_ccache_name = KCM: [appdefaults] pam = { ticket_lifetime = 10h renew_lifetime = 7d forwardable = true proxiable = true retain_after_close = false minimum_uid = 200000 krb4_convert = false } [realms] DOMAIN.COMPANY.TLD = { admin_server = hostname.domain.company.tld default_domain = DOMAIN.COMPANY.TLD # SmartCard pkinit_identities = PKCS11:opensc-pkcs11.so # DIR:/usr/share/ca-certificates/trust-source/anchors/ works as well pkinit_anchors = FILE:/usr/share/ca-certificates/trust-source/company.bundle.crt pkinit_cert_match = msScLogin,clientAuth pkinit_kdc_hostname = domain.company.tld pkinit_kdc_hostname = DOMAIN } [domain_realm] .domain.company.tld = DOMAIN.COMPANY.TLD domain.company.tld = DOMAIN.COMPANY.TLD ``` Note: moving the `pkinit_` values from the `realms` to `libdefaults` section does not make a difference.
/etc/sssd/sssd.conf ```ini [sssd] config_file_version = 2 domains = DOMAIN.COMPANY.TLD services = nss, pam [kcm] krb5_renew_interval = 1h timeout = 3000 tgt_renewal = TRUE [pam] debug_level = 10 # no limit offline_credentials_expiration = 0 offline_failed_login_attempts = 10 ;offline_failed_login_delay = 5 pam_verbosity = 1 # SmartCard pam_cert_auth = TRUE [nss] default_shell = /bin/zsh filter_groups = root filter_users = root reconnection_retries = 3 ```
/etc/sssd/conf.d/company.tld.conf ```ini [domain/DOMAIN.COMPANY.TLD] debug_level = 7 lookup_family_order = ipv4_only realmd_tags = manages-system joined-with-adcli cache_credentials = TRUE case_sensitive = FALSE default_shell = /bin/zsh override_shell = /bin/zsh auto_private_groups = TRUE enumerate = FALSE fallback_homedir = /home/%u min_id = 200000 use_fully_qualified_names = FALSE access_provider = ad auth_provider = ad chpass_provider = ad id_provider = ad ad_domain = domain.company.tld ad_enable_dns_sites = TRUE ad_enable_gc = TRUE ad_access_filter = (|(sAMAccountName=adusername)) ad_maximum_machine_account_password_age = 30 ad_hostname = hostname.domain.company.tld dyndns_update = TRUE dyndns_ttl = 3600 dyndns_refresh_interval = 43200 dyndns_update_ptr = FALSE dns_discovery_domain = domain.company.tld ldap_schema = ad ldap_sasl_mech = GSSAPI ldap_id_mapping = TRUE ldap_idmap_default_domain = domain.company.tld ldap_sasl_authid = hostname$ ldap_group_nesting_level = 0 ldap_user_name = sAMAccountName ldap_user_gecos = userPrincipalName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_group_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_account_expire_policy = ad ldap_force_upper_case_realm = TRUE ldap_pwd_policy = mit_kerberos ldap_krb5_keytab = /etc/krb5.keytab # SmartCard authentication with pam_sss.so ldap_user_certificate = userCertificate;binary krb5_realm = DOMAIN.COMPANY.TLD krb5_validate = TRUE krb5_keytab = /etc/krb5.keytab krb5_store_password_if_offline = TRUE krb5_use_fast = try krb5_fast_principal = HOSTNAME$ krb5_renewable_lifetime = 10h krb5_lifetime = 10h krb5_renew_interval = 1h ```
example for /etc/pam.d/[..] ```ini [..] # workaround to use the SmartCard PIN with krb5 #auth [success=done authinfo_unavail=ignore ignore=ignore default=ignore] pam_krb5.so search_k5login use_pkinit auth sufficient pam_sss.so ignore_authinfo_unavail [..] ```

PS: Sorry for opening a new issue but I didn't want to necro-bump the old (and very long) thread.

sumit-bose commented 2 years ago

Hi,

the

krb5_child[..]: Pre-authentication failed: Cannot read password

error message is most probably and expected message which checking which pre-authentication methods are available on the KDC. It would be best if you can send the full logs of an authentication attempt with debug_level = 9 in the [pam] and [domain/...] sections of sssd.conf.

bye, Sumit

macgeneral commented 2 years ago

Hi,

Thank you for your fast response. Unfortunately the logs are of limited use (to me at least).

journalctl -xef ``` Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: Outgoing update query: Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9765 Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; QUESTION SECTION: Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;2551358341.subdomain.domain.company.tld. ANY TKEY Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; ADDITIONAL SECTION: Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: 2551358341.subdomain.domain.company.tld. 0 ANY TKEY gss-tsig. 1635766702 1635766702 3 NOERROR 1569 YIIG[..] Nov 01 12:38:23 hostname.domain.company.tld krb5_child[7615]: Pre-authentication failed: Cannot read password Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: Outgoing update query: Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 62666 Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1 Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; UPDATE SECTION: Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: hostname.domain.company.tld. 0 ANY A Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: hostname.domain.company.tld. 3600 IN A [ ipv4 address ] Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: ;; TSIG PSEUDOSECTION: Nov 01 12:38:23 hostname.domain.company.tld sssd[7619]: 2551358341.subdomain.domain.company.tld. 0 ANY TSIG gss-tsig. 1635766703 300 28 BAQE//////8AAAA[..] 62666 NOERROR 0 Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: Outgoing update query: Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18119 Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; QUESTION SECTION: Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;4261122037.subdomain.domain.company.tld. ANY TKEY Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; ADDITIONAL SECTION: Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: 4261122037.subdomain.domain.company.tld. 0 ANY TKEY gss-tsig. 1635766705 1635766705 3 NOERROR 1569 YIIG[..] Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: Outgoing update query: Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 36035 Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; UPDATE SECTION: Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: hostname.domain.company.tld. 0 ANY AAAA Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: ;; TSIG PSEUDOSECTION: Nov 01 12:38:25 hostname.domain.company.tld sssd[7619]: 4261122037.subdomain.domain.company.tld. 0 ANY TSIG gss-tsig. 1635766705 300 28 BAQE//////8AAAAA[..] 36035 NOERROR 0 ```

Is there a way to increase the output of krb5_child? KRB5_TRACE=/dev/stdout unfortunately doesn't work.

macgeneral commented 2 years ago

Sorry my bad, I expected it in systemd's journalctl...

/var/log/sssd/krb5_child.log ``` (2021-11-01 14:44:18): [krb5_child[13502]] [main] (0x0400): krb5_child started. (2021-11-01 14:44:18): [krb5_child[13502]] [unpack_buffer] (0x1000): total buffer size: [106] (2021-11-01 14:44:18): [krb5_child[13502]] [unpack_buffer] (0x0100): cmd [249 (pre-auth)] uid [aduserid] gid [aduserid] validate [true] enterprise principal [true] offline [false] UPN [adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:18): [krb5_child[13502]] [unpack_buffer] (0x0100): ccname: [KCM:] old_ccname: [KCM:] keytab: [/etc/krb5.keytab] (2021-11-01 14:44:18): [krb5_child[13502]] [k5c_setup_fast] (0x0100): Fast principal is set to [hostname$] (2021-11-01 14:44:18): [krb5_child[13502]] [find_principal_in_keytab] (0x4000): Trying to find principal hostname$@DOMAIN.COMPANY.TLD in keytab. (2021-11-01 14:44:18): [krb5_child[13502]] [match_principal] (0x1000): Principal matched to the sample (hostname$@DOMAIN.COMPANY.TLD). (2021-11-01 14:44:18): [krb5_child[13502]] [check_fast_ccache] (0x0200): FAST TGT is still valid. (2021-11-01 14:44:18): [krb5_child[13502]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket (2021-11-01 14:44:18): [krb5_child[13502]] [become_user] (0x0200): Trying to become user [aduserid][aduserid]. (2021-11-01 14:44:18): [krb5_child[13502]] [main] (0x2000): Running as [aduserid][aduserid]. (2021-11-01 14:44:18): [krb5_child[13502]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 14:44:18): [krb5_child[13502]] [set_lifetime_options] (0x0100): Renewable lifetime is set to [7d] (2021-11-01 14:44:18): [krb5_child[13502]] [set_lifetime_options] (0x0100): Lifetime is set to [10h] (2021-11-01 14:44:18): [krb5_child[13502]] [set_canonicalize_option] (0x0100): Canonicalization is set to [true] (2021-11-01 14:44:18): [krb5_child[13502]] [main] (0x0400): Will perform pre-auth (2021-11-01 14:44:18): [krb5_child[13502]] [tgt_req_child] (0x1000): Attempting to get a TGT (2021-11-01 14:44:18): [krb5_child[13502]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [DOMAIN.COMPANY.TLD] (2021-11-01 14:44:20): [krb5_child[13502]] [sss_krb5_responder] (0x4000): Got question [pkinit]. (2021-11-01 14:44:20): [krb5_child[13502]] [sss_krb5_responder] (0x4000): Got question [password]. (2021-11-01 14:44:21): [krb5_child[13502]] [sss_krb5_prompter] (0x4000): sss_krb5_prompter name [(null)] banner [(null)] num_prompts [1] EINVAL. (2021-11-01 14:44:21): [krb5_child[13502]] [sss_krb5_prompter] (0x4000): Prompt [0][Company Corporate ID Card PIN]. (2021-11-01 14:44:21): [krb5_child[13502]] [sss_krb5_prompter] (0x0200): Prompter interface isn't used for password prompts by SSSD. (2021-11-01 14:44:21): [krb5_child[13502]] [sss_krb5_prompter] (0x4000): sss_krb5_prompter name [(null)] banner [(null)] num_prompts [1] EINVAL. (2021-11-01 14:44:21): [krb5_child[13502]] [sss_krb5_prompter] (0x4000): Prompt [0][Password for adusername\@DOMAIN.COMPANY.TLD@DOMAIN.COMPANY.TLD]. (2021-11-01 14:44:21): [krb5_child[13502]] [sss_krb5_prompter] (0x0200): Prompter interface isn't used for password prompts by SSSD. (2021-11-01 14:44:21): [krb5_child[13502]] [sss_krb5_get_init_creds_password] (0x0020): 1647: [-1765328174][Pre-authentication failed: Cannot read password] (2021-11-01 14:44:21): [krb5_child[13502]] [get_and_save_tgt] (0x0400): krb5_get_init_creds_password returned [-1765328174] during pre-auth. (2021-11-01 14:44:21): [krb5_child[13502]] [k5c_send_data] (0x0200): Received error code 0 (2021-11-01 14:44:21): [krb5_child[13502]] [pack_response_packet] (0x2000): response packet size: [12] (2021-11-01 14:44:21): [krb5_child[13502]] [k5c_send_data] (0x4000): Response sent. (2021-11-01 14:44:21): [krb5_child[13502]] [main] (0x0400): krb5_child completed successfully ```
macgeneral commented 2 years ago

And here's all other logs in the timeframe.

p11_child.log ``` (2021-11-01 14:44:02): [p11_child[13429]] [main] (0x0400): p11_child started. (2021-11-01 14:44:02): [p11_child[13429]] [main] (0x2000): Running in [pre-auth] mode. (2021-11-01 14:44:02): [p11_child[13429]] [main] (0x2000): Running with effective IDs: [0][0]. (2021-11-01 14:44:02): [p11_child[13429]] [main] (0x2000): Running with real IDs [0][0]. (2021-11-01 14:44:02): [p11_child[13429]] [init_verification] (0x0040): X509_LOOKUP_load_file failed [33558530][error:02001002:system library:fopen:No such file or directory]. (2021-11-01 14:44:02): [p11_child[13429]] [do_work] (0x0040): init_verification failed. (2021-11-01 14:44:02): [p11_child[13429]] [main] (0x0040): do_work failed. (2021-11-01 14:44:02): [p11_child[13429]] [main] (0x0020): p11_child failed! (2021-11-01 14:44:18): [p11_child[13501]] [main] (0x0400): p11_child started. (2021-11-01 14:44:18): [p11_child[13501]] [main] (0x2000): Running in [pre-auth] mode. (2021-11-01 14:44:18): [p11_child[13501]] [main] (0x2000): Running with effective IDs: [0][0]. (2021-11-01 14:44:18): [p11_child[13501]] [main] (0x2000): Running with real IDs [0][0]. (2021-11-01 14:44:18): [p11_child[13501]] [init_verification] (0x0040): X509_LOOKUP_load_file failed [33558530][error:02001002:system library:fopen:No such file or directory]. (2021-11-01 14:44:18): [p11_child[13501]] [do_work] (0x0040): init_verification failed. (2021-11-01 14:44:18): [p11_child[13501]] [main] (0x0040): do_work failed. (2021-11-01 14:44:18): [p11_child[13501]] [main] (0x0020): p11_child failed! ```
sssd.log ``` (2021-11-01 14:44:00): [sssd] [services_startup_timeout] (0x0400): Handling timeout (2021-11-01 14:44:36): [sssd] [message_type] (0x0200): netlink Message type: 20 (2021-11-01 14:44:36): [sssd] [addr_msg_debug_print] (0x1000): netlink addr message: iface idx 4 addr [ local IPv6 ] flags 0x280 (permanent,noprefixroute) (2021-11-01 14:44:36): [sssd] [check_ipv6_addr] (0x0200): Link local IPv6 address [ local IPv6 ] (2021-11-01 14:44:36): [sssd] [addr_msg_handler] (0x1000): Ignoring special address. (2021-11-01 14:44:36): [sssd] [message_type] (0x0200): netlink Message type: 20 (2021-11-01 14:44:36): [sssd] [addr_msg_debug_print] (0x1000): netlink addr message: iface idx 4 addr [ public IPv6 ] flags 0x200 (noprefixroute) (2021-11-01 14:44:36): [sssd] [network_status_change_cb] (0x2000): A networking status change detected signaling providers to reset offline status (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [message_type] (0x0200): netlink Message type: 20 (2021-11-01 14:44:36): [sssd] [addr_msg_debug_print] (0x1000): netlink addr message: iface idx 4 addr [ private IPv6 ] flags 0x200 (noprefixroute) (2021-11-01 14:44:36): [sssd] [network_status_change_cb] (0x2000): A networking status change detected signaling providers to reset offline status (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus (2021-11-01 14:44:36): [sssd] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus (2021-11-01 14:44:36): [sssd] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [sssd] [sbus_dispatch] (0x4000): Dispatching. ```
sssd_pam.log ``` (2021-11-01 14:44:02): [pam] [get_client_cred] (0x4000): Client [0x56123cc06230][24] creds: euid[0] egid[aduserid] pid[13247] cmd_line['sudo']. (2021-11-01 14:44:02): [pam] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: (2021-11-01 14:44:02): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x56123cc06230][24] (2021-11-01 14:44:02): [pam] [accept_fd_handler] (0x0400): Client [CID #1][cmd sudo][0x56123cc06230][24] connected! (2021-11-01 14:44:02): [pam] [sss_cmd_get_version] (0x0200): Received client version [3]. (2021-11-01 14:44:02): [pam] [sss_cmd_get_version] (0x0200): Offered version [3]. (2021-11-01 14:44:02): [pam] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth (2021-11-01 14:44:02): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-01 14:44:02): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:02): [pam] [sss_parse_name_for_domains] (0x0200): name 'adusername' matched without domain, user is adusername (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_PREAUTH (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] domain: not set (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] user: adusername (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] ruser: adusername (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 13247 (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] logon name: adusername (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 (2021-11-01 14:44:02): [pam] [child_handler_setup] (0x2000): Setting up signal handler up for pid [13429] (2021-11-01 14:44:02): [pam] [child_handler_setup] (0x2000): Signal handler set up for pid [13429] (2021-11-01 14:44:02): [pam] [read_pipe_handler] (0x0400): EOF received, client finished (2021-11-01 14:44:02): [pam] [parse_p11_child_response] (0x1000): No certificate found. (2021-11-01 14:44:02): [pam] [cache_req_set_plugin] (0x2000): CR #0: Setting "Initgroups by name" plugin (2021-11-01 14:44:02): [pam] [cache_req_send] (0x0400): CR #0: REQ_TRACE: New request [CID #1] 'Initgroups by name' (2021-11-01 14:44:02): [pam] [cache_req_process_input] (0x0400): CR #0: Parsing input name [adusername] (2021-11-01 14:44:02): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-01 14:44:02): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:02): [pam] [sss_parse_name_for_domains] (0x0200): name 'adusername' matched without domain, user is adusername (2021-11-01 14:44:02): [pam] [child_sig_handler] (0x1000): Waiting for child [13429]. (2021-11-01 14:44:02): [pam] [child_sig_handler] (0x0020): child [13429] failed with status [1]. (2021-11-01 14:44:02): [pam] [cache_req_set_name] (0x0400): CR #0: Setting name [adusername] (2021-11-01 14:44:02): [pam] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search (2021-11-01 14:44:02): [pam] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and bypass the data provider (2021-11-01 14:44:02): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DOMAIN.COMPANY.TLD type POSIX is valid (2021-11-01 14:44:02): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [DOMAIN.COMPANY.TLD] (2021-11-01 14:44:02): [pam] [cache_req_prepare_domain_data] (0x0400): CR #0: Preparing input data for domain [DOMAIN.COMPANY.TLD] rules (2021-11-01 14:44:02): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:02): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/DOMAIN.COMPANY.TLD/adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:02): [pam] [cache_req_search_ncache] (0x0400): CR #0: [adusername@DOMAIN.COMPANY.TLD] is not present in negative cache (2021-11-01 14:44:02): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [adusername@DOMAIN.COMPANY.TLD] in cache (2021-11-01 14:44:02): [pam] [cache_req_search_send] (0x0400): CR #0: Returning [adusername@DOMAIN.COMPANY.TLD] from cache (2021-11-01 14:44:02): [pam] [cache_req_search_ncache_filter] (0x0400): CR #0: This request type does not support filtering result by negative cache (2021-11-01 14:44:02): [pam] [cache_req_create_and_add_result] (0x0400): CR #0: Found 5 entries in domain DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [pam] [cache_req_done] (0x0400): CR #0: Finished: Success (2021-11-01 14:44:02): [pam] [pam_check_user_search_next] (0x4000): PAM initgroups scheme [no_session]. (2021-11-01 14:44:02): [pam] [pam_check_user_search_next] (0x4000): Found a session for uid aduserid. (2021-11-01 14:44:02): [pam] [pam_initgr_check_timeout] (0x4000): User [adusername] not found in PAM cache. (2021-11-01 14:44:02): [pam] [pam_check_user_search_next] (0x4000): No new initgroups needed because: (2021-11-01 14:44:02): [pam] [pam_check_user_search_next] (0x4000): there is a active session for user [adusername]. (2021-11-01 14:44:02): [pam] [pd_set_primary_name] (0x0400): User's primary name is adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [pam] [pam_initgr_check_timeout] (0x4000): User [adusername] not found in PAM cache. (2021-11-01 14:44:02): [pam] [pam_initgr_cache_set] (0x2000): [adusername] added to PAM initgroup cache (2021-11-01 14:44:02): [pam] [pam_dp_send_req] (0x0100): Sending request [CID #1] with the following data: (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_PREAUTH (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] domain: DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] user: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] ruser: adusername (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 13247 (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] logon name: adusername (2021-11-01 14:44:02): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 (2021-11-01 14:44:02): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2021-11-01 14:44:04): [pam] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:04): [pam] [pam_dp_send_req_done] (0x0200): received: [0 (Success)][DOMAIN.COMPANY.TLD][CID #1] (2021-11-01 14:44:04): [pam] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing (2021-11-01 14:44:04): [pam] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo]. (2021-11-01 14:44:04): [pam] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo-i]. (2021-11-01 14:44:04): [pam] [pam_eval_prompting_config] (0x4000): No prompting configuration found. (2021-11-01 14:44:04): [pam] [pam_reply] (0x0200): blen: 42 (2021-11-01 14:44:04): [pam] [pam_reply] (0x0200): Returning [0]: Success to the client [CID #1] (2021-11-01 14:44:04): [pam] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (2021-11-01 14:44:04): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-01 14:44:04): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:04): [pam] [sss_parse_name_for_domains] (0x0200): name 'adusername' matched without domain, user is adusername (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_AUTHENTICATE (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] domain: not set (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] user: adusername (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] ruser: adusername (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 13247 (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] logon name: adusername (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 (2021-11-01 14:44:04): [pam] [cache_req_set_plugin] (0x2000): CR #1: Setting "Initgroups by name" plugin (2021-11-01 14:44:04): [pam] [cache_req_send] (0x0400): CR #1: REQ_TRACE: New request [CID #1] 'Initgroups by name' (2021-11-01 14:44:04): [pam] [cache_req_process_input] (0x0400): CR #1: Parsing input name [adusername] (2021-11-01 14:44:04): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-01 14:44:04): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:04): [pam] [sss_parse_name_for_domains] (0x0200): name 'adusername' matched without domain, user is adusername (2021-11-01 14:44:04): [pam] [cache_req_set_name] (0x0400): CR #1: Setting name [adusername] (2021-11-01 14:44:04): [pam] [cache_req_select_domains] (0x0400): CR #1: Performing a multi-domain search (2021-11-01 14:44:04): [pam] [cache_req_search_domains] (0x0400): CR #1: Search will check the cache and bypass the data provider (2021-11-01 14:44:04): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DOMAIN.COMPANY.TLD type POSIX is valid (2021-11-01 14:44:04): [pam] [cache_req_set_domain] (0x0400): CR #1: Using domain [DOMAIN.COMPANY.TLD] (2021-11-01 14:44:04): [pam] [cache_req_prepare_domain_data] (0x0400): CR #1: Preparing input data for domain [DOMAIN.COMPANY.TLD] rules (2021-11-01 14:44:04): [pam] [cache_req_search_send] (0x0400): CR #1: Looking up adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:04): [pam] [cache_req_search_ncache] (0x0400): CR #1: Checking negative cache for [adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:04): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/DOMAIN.COMPANY.TLD/adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:04): [pam] [cache_req_search_ncache] (0x0400): CR #1: [adusername@DOMAIN.COMPANY.TLD] is not present in negative cache (2021-11-01 14:44:04): [pam] [cache_req_search_cache] (0x0400): CR #1: Looking up [adusername@DOMAIN.COMPANY.TLD] in cache (2021-11-01 14:44:04): [pam] [cache_req_search_send] (0x0400): CR #1: Returning [adusername@DOMAIN.COMPANY.TLD] from cache (2021-11-01 14:44:04): [pam] [cache_req_search_ncache_filter] (0x0400): CR #1: This request type does not support filtering result by negative cache (2021-11-01 14:44:04): [pam] [cache_req_create_and_add_result] (0x0400): CR #1: Found 5 entries in domain DOMAIN.COMPANY.TLD (2021-11-01 14:44:04): [pam] [cache_req_done] (0x0400): CR #1: Finished: Success (2021-11-01 14:44:04): [pam] [pam_check_user_search_next] (0x4000): PAM initgroups scheme [no_session]. (2021-11-01 14:44:04): [pam] [pam_check_user_search_next] (0x4000): Found a session for uid aduserid. (2021-11-01 14:44:04): [pam] [pam_initgr_check_timeout] (0x2000): User [adusername] found in PAM cache. (2021-11-01 14:44:04): [pam] [pam_check_user_search_next] (0x4000): No new initgroups needed because: (2021-11-01 14:44:04): [pam] [pam_check_user_search_next] (0x4000): PAM initgr cache still valid. (2021-11-01 14:44:04): [pam] [pd_set_primary_name] (0x0400): User's primary name is adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:04): [pam] [pam_initgr_check_timeout] (0x2000): User [adusername] found in PAM cache. (2021-11-01 14:44:04): [pam] [pam_dp_send_req] (0x0100): Sending request [CID #1] with the following data: (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_AUTHENTICATE (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] domain: DOMAIN.COMPANY.TLD (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] user: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] ruser: adusername (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 13247 (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] logon name: adusername (2021-11-01 14:44:04): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 (2021-11-01 14:44:04): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2021-11-01 14:44:04): [pam] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:04): [pam] [pam_dp_send_req_done] (0x0200): received: [7 (Authentication failure)][DOMAIN.COMPANY.TLD][CID #1] (2021-11-01 14:44:04): [pam] [pam_reply] (0x4000): pam_reply initially called with result [7]: Authentication failure. this result might be changed during processing (2021-11-01 14:44:04): [pam] [pam_reply] (0x0200): blen: 34 (2021-11-01 14:44:04): [pam] [pam_reply] (0x0200): Returning [7]: Authentication failure to the client [CID #1] (2021-11-01 14:44:06): [pam] [client_recv] (0x0200): Client disconnected! (2021-11-01 14:44:06): [pam] [client_close_fn] (0x2000): Terminated client [0x56123cc06230][24] (2021-11-01 14:44:07): [pam] [pam_initgr_cache_remove] (0x2000): [adusername] removed from PAM initgroup cache (2021-11-01 14:44:18): [pam] [get_client_cred] (0x4000): Client [0x56123cc06230][24] creds: euid[0] egid[aduserid] pid[13500] cmd_line['sudo']. (2021-11-01 14:44:18): [pam] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: (2021-11-01 14:44:18): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x56123cc06230][24] (2021-11-01 14:44:18): [pam] [accept_fd_handler] (0x0400): Client [CID #2][cmd sudo][0x56123cc06230][24] connected! (2021-11-01 14:44:18): [pam] [sss_cmd_get_version] (0x0200): Received client version [3]. (2021-11-01 14:44:18): [pam] [sss_cmd_get_version] (0x0200): Offered version [3]. (2021-11-01 14:44:18): [pam] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth (2021-11-01 14:44:18): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-01 14:44:18): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:18): [pam] [sss_parse_name_for_domains] (0x0200): name 'adusername' matched without domain, user is adusername (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_PREAUTH (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] domain: not set (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] user: adusername (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] service: sudo (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] tty: /dev/pts/0 (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] ruser: adusername (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] rhost: not set (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] authtok type: 0 (No authentication token available) (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] priv: 0 (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] cli_pid: 13500 (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] logon name: adusername (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] flags: 18 (2021-11-01 14:44:18): [pam] [child_handler_setup] (0x2000): Setting up signal handler up for pid [13501] (2021-11-01 14:44:18): [pam] [child_handler_setup] (0x2000): Signal handler set up for pid [13501] (2021-11-01 14:44:18): [pam] [read_pipe_handler] (0x0400): EOF received, client finished (2021-11-01 14:44:18): [pam] [parse_p11_child_response] (0x1000): No certificate found. (2021-11-01 14:44:18): [pam] [cache_req_set_plugin] (0x2000): CR #2: Setting "Initgroups by name" plugin (2021-11-01 14:44:18): [pam] [cache_req_send] (0x0400): CR #2: REQ_TRACE: New request [CID #2] 'Initgroups by name' (2021-11-01 14:44:18): [pam] [cache_req_process_input] (0x0400): CR #2: Parsing input name [adusername] (2021-11-01 14:44:18): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-01 14:44:18): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:18): [pam] [sss_parse_name_for_domains] (0x0200): name 'adusername' matched without domain, user is adusername (2021-11-01 14:44:18): [pam] [child_sig_handler] (0x1000): Waiting for child [13501]. (2021-11-01 14:44:18): [pam] [child_sig_handler] (0x0020): child [13501] failed with status [1]. (2021-11-01 14:44:18): [pam] [cache_req_set_name] (0x0400): CR #2: Setting name [adusername] (2021-11-01 14:44:18): [pam] [cache_req_select_domains] (0x0400): CR #2: Performing a multi-domain search (2021-11-01 14:44:18): [pam] [cache_req_search_domains] (0x0400): CR #2: Search will check the cache and bypass the data provider (2021-11-01 14:44:18): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DOMAIN.COMPANY.TLD type POSIX is valid (2021-11-01 14:44:18): [pam] [cache_req_set_domain] (0x0400): CR #2: Using domain [DOMAIN.COMPANY.TLD] (2021-11-01 14:44:18): [pam] [cache_req_prepare_domain_data] (0x0400): CR #2: Preparing input data for domain [DOMAIN.COMPANY.TLD] rules (2021-11-01 14:44:18): [pam] [cache_req_search_send] (0x0400): CR #2: Looking up adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [pam] [cache_req_search_ncache] (0x0400): CR #2: Checking negative cache for [adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:18): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/DOMAIN.COMPANY.TLD/adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:18): [pam] [cache_req_search_ncache] (0x0400): CR #2: [adusername@DOMAIN.COMPANY.TLD] is not present in negative cache (2021-11-01 14:44:18): [pam] [cache_req_search_cache] (0x0400): CR #2: Looking up [adusername@DOMAIN.COMPANY.TLD] in cache (2021-11-01 14:44:18): [pam] [cache_req_search_send] (0x0400): CR #2: Returning [adusername@DOMAIN.COMPANY.TLD] from cache (2021-11-01 14:44:18): [pam] [cache_req_search_ncache_filter] (0x0400): CR #2: This request type does not support filtering result by negative cache (2021-11-01 14:44:18): [pam] [cache_req_create_and_add_result] (0x0400): CR #2: Found 5 entries in domain DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [pam] [cache_req_done] (0x0400): CR #2: Finished: Success (2021-11-01 14:44:18): [pam] [pam_check_user_search_next] (0x4000): PAM initgroups scheme [no_session]. (2021-11-01 14:44:18): [pam] [pam_check_user_search_next] (0x4000): Found a session for uid aduserid. (2021-11-01 14:44:18): [pam] [pam_initgr_check_timeout] (0x4000): User [adusername] not found in PAM cache. (2021-11-01 14:44:18): [pam] [pam_check_user_search_next] (0x4000): No new initgroups needed because: (2021-11-01 14:44:18): [pam] [pam_check_user_search_next] (0x4000): there is a active session for user [adusername]. (2021-11-01 14:44:18): [pam] [pd_set_primary_name] (0x0400): User's primary name is adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [pam] [pam_initgr_check_timeout] (0x4000): User [adusername] not found in PAM cache. (2021-11-01 14:44:18): [pam] [pam_initgr_cache_set] (0x2000): [adusername] added to PAM initgroup cache (2021-11-01 14:44:18): [pam] [pam_dp_send_req] (0x0100): Sending request [CID #2] with the following data: (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_PREAUTH (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] domain: DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] user: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] service: sudo (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] tty: /dev/pts/0 (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] ruser: adusername (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] rhost: not set (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] authtok type: 0 (No authentication token available) (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] priv: 0 (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] cli_pid: 13500 (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] logon name: adusername (2021-11-01 14:44:18): [pam] [pam_print_data] (0x0100): [CID #2] flags: 18 (2021-11-01 14:44:18): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2021-11-01 14:44:21): [pam] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:21): [pam] [pam_dp_send_req_done] (0x0200): received: [0 (Success)][DOMAIN.COMPANY.TLD][CID #2] (2021-11-01 14:44:21): [pam] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing (2021-11-01 14:44:21): [pam] [pam_eval_prompting_config] (0x4000): No prompting configuration found. (2021-11-01 14:44:21): [pam] [pam_reply] (0x0200): blen: 42 (2021-11-01 14:44:21): [pam] [pam_reply] (0x0200): Returning [0]: Success to the client [CID #2] (2021-11-01 14:44:23): [pam] [pam_initgr_cache_remove] (0x2000): [adusername] removed from PAM initgroup cache (2021-11-01 14:44:48): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x56123cc06230][24] ```
sssd_DOMAIN.COMPANY.TLD.log ``` (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.pamHandler on /sssd (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pam] (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [dp_pam_handler_send] (0x0100): Got request with the following data (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_PREAUTH (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] domain: DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] user: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] ruser: adusername (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] rhost: (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] cli_pid: 13247 (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] logon name: not set (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] flags: 0 (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [dp_attach_req] (0x0400): [RID#3] DP Request [PAM Preauth #3]: REQ_TRACE: New request. [sssd.pam CID #1] Flags [0000]. (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [dp_attach_req] (0x0400): [RID#3] Number of active DP request: 1 (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [sss_domain_get_state] (0x1000): [RID#3] Domain DOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [krb5_auth_queue_send] (0x1000): [RID#3] Wait queue of user [adusername@DOMAIN.COMPANY.TLD] is empty, running request [0x557be36b9950] immediately. (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [krb5_setup] (0x4000): [RID#3] No mapping for: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [fo_resolve_service_send] (0x0100): [RID#3] Trying to resolve service 'AD' (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [get_server_status] (0x1000): [RID#3] Status of server 'subdomain.DOMAIN.COMPANY.TLD' is 'working' (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [get_port_status] (0x1000): [RID#3] Port status of port 389 for server 'subdomain.DOMAIN.COMPANY.TLD' is 'working' (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [fo_resolve_service_activate_timeout] (0x2000): [RID#3] Resolve timeout [dns_resolver_timeout] set to 6 seconds (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [resolve_srv_send] (0x0200): [RID#3] The status of SRV lookup is resolved (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [get_server_status] (0x1000): [RID#3] Status of server 'subdomain.DOMAIN.COMPANY.TLD' is 'working' (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [be_resolve_server_process] (0x1000): [RID#3] Saving the first resolved server (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [be_resolve_server_process] (0x0200): [RID#3] Found address for server subdomain.DOMAIN.COMPANY.TLD: [129.103.99.215] TTL 1467 (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [ad_resolve_callback] (0x0100): [RID#3] Constructed uri 'ldap://subdomain.DOMAIN.COMPANY.TLD' (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [ad_resolve_callback] (0x0100): [RID#3] Constructed GC uri 'ldap://subdomain.DOMAIN.COMPANY.TLD' (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [krb5_add_krb5info_offline_callback] (0x4000): [RID#3] Removal callback already available for service [AD]. (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [unique_filename_destructor] (0x2000): [RID#3] Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_4hAKKC] (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [unlink_dbg] (0x2000): [RID#3] File already removed: [/var/lib/sss/pubconf/.krb5info_dummy_4hAKKC] (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [sss_domain_get_state] (0x1000): [RID#3] Domain DOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [child_handler_setup] (0x2000): [RID#3] Setting up signal handler up for pid [13430] (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [child_handler_setup] (0x2000): [RID#3] Signal handler set up for pid [13430] (2021-11-01 14:44:02): [be[DOMAIN.COMPANY.TLD]] [write_pipe_handler] (0x0400): [RID#3] All data has been sent! (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [read_pipe_handler] (0x0400): [RID#3] EOF received, client finished (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [parse_krb5_child_response] (0x1000): [RID#3] child response: status code: 0 (Success), msg type: 11 (Password prompting is possible), len: 0 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [_be_fo_set_port_status] (0x8000): [RID#3] Setting status: PORT_WORKING. Called from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1086 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [fo_set_port_status] (0x0100): [RID#3] Marking port 389 of server 'subdomain.DOMAIN.COMPANY.TLD' as 'working' (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [set_server_common_status] (0x0100): [RID#3] Marking server 'subdomain.DOMAIN.COMPANY.TLD' as 'working' (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [fo_set_port_status] (0x0400): [RID#3] Marking port 389 of duplicate server 'subdomain.DOMAIN.COMPANY.TLD' as 'working' (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [check_wait_queue] (0x1000): [RID#3] Wait queue for user [adusername@DOMAIN.COMPANY.TLD] is empty. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [krb5_auth_queue_done] (0x1000): [RID#3] krb5_auth_queue request [0x557be36b9950] done. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_req_done] (0x0400): [RID#3] DP Request [PAM Preauth #3]: Request handler finished [0]: Success (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [_dp_req_recv] (0x0400): [RID#3] DP Request [PAM Preauth #3]: Receiving request data. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_req_destructor] (0x0400): [RID#3] DP Request [PAM Preauth #3]: Request removed. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_req_destructor] (0x0400): [RID#3] Number of active DP request: 0 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_method_enabled] (0x0400): [RID#3] Target selinux is not configured (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.pamHandler: Success (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [child_sig_handler] (0x1000): [RID#3] Waiting for child [13430]. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [child_sig_handler] (0x0100): [RID#3] child [13430] finished successfully. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.pamHandler on /sssd (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pam] (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_pam_handler_send] (0x0100): Got request with the following data (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_AUTHENTICATE (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] domain: DOMAIN.COMPANY.TLD (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] user: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] ruser: adusername (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] rhost: (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] cli_pid: 13247 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] logon name: not set (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #1] flags: 0 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_attach_req] (0x0400): [RID#4] DP Request [PAM Authenticate #4]: REQ_TRACE: New request. [sssd.pam CID #1] Flags [0000]. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_attach_req] (0x0400): [RID#4] Number of active DP request: 1 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sss_domain_get_state] (0x1000): [RID#4] Domain DOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [krb5_auth_queue_send] (0x1000): [RID#4] Wait queue of user [adusername@DOMAIN.COMPANY.TLD] is empty, running request [0x557be34958f0] immediately. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [krb5_auth_send] (0x0020): [RID#4] Illegal empty authtok for user [adusername@DOMAIN.COMPANY.TLD] (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [check_wait_queue] (0x1000): [RID#4] Wait queue for user [adusername@DOMAIN.COMPANY.TLD] is empty. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [krb5_auth_queue_done] (0x1000): [RID#4] krb5_auth_queue request [0x557be34958f0] done. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_req_done] (0x0400): [RID#4] DP Request [PAM Authenticate #4]: Request handler finished [0]: Success (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [_dp_req_recv] (0x0400): [RID#4] DP Request [PAM Authenticate #4]: Receiving request data. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_req_destructor] (0x0400): [RID#4] DP Request [PAM Authenticate #4]: Request removed. (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_req_destructor] (0x0400): [RID#4] Number of active DP request: 0 (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [dp_method_enabled] (0x0400): [RID#4] Target selinux is not configured (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.pamHandler: Success (2021-11-01 14:44:04): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [be_ptask_execute] (0x0400): Task [Dyndns update]: executing task, timeout 43200 seconds (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [ad_dyndns_update_send] (0x0400): Performing update (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [check_ipv6_addr] (0x0200): Link local IPv6 address fe80::e809:659e:d820:e5a9 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_id_op_destroy] (0x4000): releasing operation connection (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [nsupdate_msg_create_common] (0x0200): Creating update message for auto-discovered realm. (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [be_nsupdate_create_fwd_msg] (0x0400): -- Begin nsupdate message -- (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [13442] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [child_handler_setup] (0x2000): Signal handler set up for pid [13442] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [write_pipe_handler] (0x0400): All data has been sent! (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [be_ptask_execute] (0x0400): Task [SUDO Full Refresh]: executing task, timeout 21600 seconds (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_full_refresh_send] (0x0400): Issuing a full refresh of sudo rules (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_refresh_connect_done] (0x0400): SUDO LDAP connection successful (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [check_ipv4_addr] (0x0200): Loopback IPv4 address 127.0.0.1 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: 192.168.70.35 in network 192.168.70.0/24 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: 172.24.0.1 in network 172.24.0.0/16 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: 172.17.0.1 in network 172.17.0.0/16 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: 167.87.192.32 in network 167.87.192.32/32 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [check_ipv6_addr] (0x0200): Loopback IPv6 address ::1 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: [ private IPv6 ] in network fdc0:a846::/64 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: [ public IPv6 ] in network 2001:16b8:26d0:b100::/64 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: [ local IPv6 ] in network fe80::/64 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: fe80::e809:659e:d820:e5a9 in network fe80::/64 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_hostnames_send] (0x2000): Found fqdn: hostname.DOMAIN.COMPANY.TLD (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_get_hostnames_send] (0x2000): Found hostname: hostname (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_load_sudoers_send] (0x0400): About to fetch sudo rules (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_search_bases_ex_next_base] (0x0400): Issuing LDAP lookup with base [DC=domain,DC=company,DC=tld] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_print_server] (0x2000): Searching 129.103.99.215:389 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectCategory=sudoRole)(|(&(!(sudoHost=*))(cn=defaults))(sudoHost=ALL)(sudoHost=hostname.DOMAIN.COMPANY.TLD)(sudoHost=hostname)(sudoHost=192.168.70.35)(sudoHost=192.168.70.0/24)(sudoHost=172.24.0.1)(sudoHost=172.24.0.0/16)(sudoHost=172.17.0.1)(sudoHost=172.17.0.0/16)(sudoHost=167.87.192.32)(sudoHost=167.87.192.32/32)(sudoHost=[ private IPv6 ])(sudoHost=fdc0:a846::/64)(sudoHost=[ public IPv6 ])(sudoHost=2001:16b8:26d0:b100::/64)(sudoHost=[ local IPv6 ])(sudoHost=fe80::/64)(sudoHost=fe80::e809:659e:d820:e5a9)(sudoHost=fe80::/64)(sudoHost=+*)))][DC=domain,DC=company,DC=tld]. (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectCategory] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoCommand] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoHost] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoUser] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOption] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoRunAs] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoRunAsUser] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoRunAsGroup] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoNotBefore] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoNotAfter] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOrder] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 12 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_op_add] (0x2000): New operation 12 timeout 6 (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x557be3472230], connected[1], ops[0x557be36c8aa0], ldap[0x557be3573ec0] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://DomainDnsZones.DOMAIN.COMPANY.TLD/DC=DomainDnsZones,DC=domain,DC=company,DC=tld (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x557be3472230], connected[1], ops[0x557be36c8aa0], ldap[0x557be3573ec0] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://ForestDnsZones.DOMAIN.COMPANY.TLD/DC=ForestDnsZones,DC=domain,DC=company,DC=tld (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x557be3472230], connected[1], ops[0x557be36c8aa0], ldap[0x557be3573ec0] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://DOMAIN.COMPANY.TLD/CN=Configuration,DC=domain,DC=company,DC=tld (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x557be3472230], connected[1], ops[0x557be36c8aa0], ldap[0x557be3573ec0] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_op_finished] (0x2000): Total count [0] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_op_destructor] (0x2000): Operation 12 finished (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [generic_ext_search_handler] (0x4000): Request included referrals which were ignored. (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [generic_ext_search_handler] (0x4000): Ref: ldap://DomainDnsZones.DOMAIN.COMPANY.TLD/DC=DomainDnsZones,DC=domain,DC=company,DC=tld (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [generic_ext_search_handler] (0x4000): Ref: ldap://ForestDnsZones.DOMAIN.COMPANY.TLD/DC=ForestDnsZones,DC=domain,DC=company,DC=tld (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [generic_ext_search_handler] (0x4000): Ref: ldap://DOMAIN.COMPANY.TLD/CN=Configuration,DC=domain,DC=company,DC=tld (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [DC=domain,DC=company,DC=tld] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_load_sudoers_done] (0x0200): Received 0 sudo rules (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_id_op_done] (0x4000): releasing operation connection (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_refresh_done] (0x0400): Received 0 rules (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sysdb_merge_res_ts_attrs] (0x2000): TS cache doesn't handle this DN type, skipping (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sysdb_delete_recursive_with_filter] (0x4000): Found [1] items to delete. (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sysdb_delete_recursive_with_filter] (0x4000): Trying to delete [cn=sudorules,cn=custom,cn=DOMAIN.COMPANY.TLD,cn=sysdb]. (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_refresh_done] (0x0400): Sudoers is successfully stored in cache (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_set_usn] (0x0200): SUDO higher USN value: [509150861] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [be_ptask_postpone] (0x0400): Task [SUDO Smart Refresh]: rescheduling task (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [be_ptask_schedule] (0x0400): Task [SUDO Smart Refresh]: scheduling task 900 seconds from now [1635775145] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [be_ptask_done] (0x0400): Task [SUDO Full Refresh]: finished successfully (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task 21600 seconds from last execution time [1635795845] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x557be3472230], connected[1], ops[(nil)], ldap[0x557be3573ec0] (2021-11-01 14:44:05): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: end of ldap_result list (2021-11-01 14:44:09): [be[DOMAIN.COMPANY.TLD]] [child_sig_handler] (0x1000): Waiting for child [13442]. (2021-11-01 14:44:09): [be[DOMAIN.COMPANY.TLD]] [child_sig_handler] (0x0100): child [13442] finished successfully. (2021-11-01 14:44:09): [be[DOMAIN.COMPANY.TLD]] [be_nsupdate_done] (0x0200): nsupdate child status: 0 (2021-11-01 14:44:09): [be[DOMAIN.COMPANY.TLD]] [sdap_dyndns_update_done] (0x0400): No PTR update requested, done (2021-11-01 14:44:09): [be[DOMAIN.COMPANY.TLD]] [sdap_id_op_destroy] (0x4000): releasing operation connection (2021-11-01 14:44:09): [be[DOMAIN.COMPANY.TLD]] [be_ptask_done] (0x0400): Task [Dyndns update]: finished successfully (2021-11-01 14:44:09): [be[DOMAIN.COMPANY.TLD]] [be_ptask_schedule] (0x0400): Task [Dyndns update]: scheduling task 43200 seconds from last execution time [1635817445] (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.pamHandler on /sssd (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pam] (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [dp_pam_handler_send] (0x0100): Got request with the following data (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_PREAUTH (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] domain: DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] user: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] service: sudo (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] tty: /dev/pts/0 (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] ruser: adusername (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] rhost: (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] authtok type: 0 (No authentication token available) (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] priv: 0 (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] cli_pid: 13500 (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] logon name: not set (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [pam_print_data] (0x0100): [CID #2] flags: 0 (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [dp_attach_req] (0x0400): [RID#5] DP Request [PAM Preauth #5]: REQ_TRACE: New request. [sssd.pam CID #2] Flags [0000]. (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [dp_attach_req] (0x0400): [RID#5] Number of active DP request: 1 (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [sss_domain_get_state] (0x1000): [RID#5] Domain DOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [krb5_auth_queue_send] (0x1000): [RID#5] Wait queue of user [adusername@DOMAIN.COMPANY.TLD] is empty, running request [0x557be36b8a00] immediately. (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [krb5_setup] (0x4000): [RID#5] No mapping for: adusername@DOMAIN.COMPANY.TLD (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [fo_resolve_service_send] (0x0100): [RID#5] Trying to resolve service 'AD' (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [get_server_status] (0x1000): [RID#5] Status of server 'subdomain.DOMAIN.COMPANY.TLD' is 'working' (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [get_port_status] (0x1000): [RID#5] Port status of port 389 for server 'subdomain.DOMAIN.COMPANY.TLD' is 'working' (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [fo_resolve_service_activate_timeout] (0x2000): [RID#5] Resolve timeout [dns_resolver_timeout] set to 6 seconds (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [resolve_srv_send] (0x0200): [RID#5] The status of SRV lookup is resolved (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [get_server_status] (0x1000): [RID#5] Status of server 'subdomain.DOMAIN.COMPANY.TLD' is 'working' (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [be_resolve_server_process] (0x1000): [RID#5] Saving the first resolved server (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [be_resolve_server_process] (0x0200): [RID#5] Found address for server subdomain.DOMAIN.COMPANY.TLD: [129.103.99.215] TTL 1467 (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [ad_resolve_callback] (0x0100): [RID#5] Constructed uri 'ldap://subdomain.DOMAIN.COMPANY.TLD' (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [ad_resolve_callback] (0x0100): [RID#5] Constructed GC uri 'ldap://subdomain.DOMAIN.COMPANY.TLD' (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [krb5_add_krb5info_offline_callback] (0x4000): [RID#5] Removal callback already available for service [AD]. (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [unique_filename_destructor] (0x2000): [RID#5] Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_LGXEKt] (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [unlink_dbg] (0x2000): [RID#5] File already removed: [/var/lib/sss/pubconf/.krb5info_dummy_LGXEKt] (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [sss_domain_get_state] (0x1000): [RID#5] Domain DOMAIN.COMPANY.TLD is Active (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [child_handler_setup] (0x2000): [RID#5] Setting up signal handler up for pid [13502] (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [child_handler_setup] (0x2000): [RID#5] Signal handler set up for pid [13502] (2021-11-01 14:44:18): [be[DOMAIN.COMPANY.TLD]] [write_pipe_handler] (0x0400): [RID#5] All data has been sent! (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [child_sig_handler] (0x1000): [RID#5] Waiting for child [13502]. (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [child_sig_handler] (0x0100): [RID#5] child [13502] finished successfully. (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [read_pipe_handler] (0x0400): [RID#5] EOF received, client finished (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [parse_krb5_child_response] (0x1000): [RID#5] child response: status code: 0 (Success), msg type: 11 (Password prompting is possible), len: 0 (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [_be_fo_set_port_status] (0x8000): [RID#5] Setting status: PORT_WORKING. Called from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1086 (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [fo_set_port_status] (0x0100): [RID#5] Marking port 389 of server 'subdomain.DOMAIN.COMPANY.TLD' as 'working' (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [set_server_common_status] (0x0100): [RID#5] Marking server 'subdomain.DOMAIN.COMPANY.TLD' as 'working' (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [fo_set_port_status] (0x0400): [RID#5] Marking port 389 of duplicate server 'subdomain.DOMAIN.COMPANY.TLD' as 'working' (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [check_wait_queue] (0x1000): [RID#5] Wait queue for user [adusername@DOMAIN.COMPANY.TLD] is empty. (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [krb5_auth_queue_done] (0x1000): [RID#5] krb5_auth_queue request [0x557be36b8a00] done. (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [dp_req_done] (0x0400): [RID#5] DP Request [PAM Preauth #5]: Request handler finished [0]: Success (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [_dp_req_recv] (0x0400): [RID#5] DP Request [PAM Preauth #5]: Receiving request data. (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [dp_req_destructor] (0x0400): [RID#5] DP Request [PAM Preauth #5]: Request removed. (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [dp_req_destructor] (0x0400): [RID#5] Number of active DP request: 0 (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [dp_method_enabled] (0x0400): [RID#5] Target selinux is not configured (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.pamHandler: Success (2021-11-01 14:44:21): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.service.resetOffline on /sssd (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.monitor] (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.service.resetOffline on /sssd (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.monitor] (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_requests_add] (0x4000): Chaining request: -:0:org.freedesktop.DBus.GetConnectionUnixUser:/org/freedesktop/DBus:sssd.monitor (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_dispatch] (0x4000): Dispatching. (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.monitor] (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_add] (0x2000): Inserting identity of sender [sssd.monitor]: 0 (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.monitor] (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [check_if_online] (0x2000): Schedule check_if_online_delayed in 1s. (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_issue_request_done] (0x0400): sssd.service.resetOffline: Success (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [check_if_online] (0x2000): There is an online check already running. (2021-11-01 14:44:36): [be[DOMAIN.COMPANY.TLD]] [sbus_issue_request_done] (0x0400): sssd.service.resetOffline: Success (2021-11-01 14:44:37): [be[DOMAIN.COMPANY.TLD]] [be_run_unconditional_online_cb] (0x4000): List of unconditional online callbacks is empty, nothing to do. (2021-11-01 14:44:37): [be[DOMAIN.COMPANY.TLD]] [check_if_online_delayed] (0x2000): Backend is already online, nothing to do. ```
macgeneral commented 2 years ago

After setting pam_cert_db_path = /usr/share/ca-certificates/trust-source/company.bundle.crt in the [pam] section of the sssd.conf, the p11_child succeeds but it now takes 90 seconds for the password prompt (when issuing sudo) to fallback to the AD password. Seems like sssd_pam runs into a timeout (because the ldap_child fails to connect to one server and therefore fails to obtain the ceritficate)...

Specifying p11_uri = pkcs11:[..] unfortunately doesn't help either.

Here are the current logs: sssd_DOMAIN.COMPANY.TLD.log

p11_child.log ``` (2021-11-01 21:05:01): [p11_child[28019]] [main] (0x0400): p11_child started. (2021-11-01 21:05:01): [p11_child[28019]] [main] (0x2000): Running in [pre-auth] mode. (2021-11-01 21:05:01): [p11_child[28019]] [main] (0x2000): Running with effective IDs: [0][0]. (2021-11-01 21:05:01): [p11_child[28019]] [main] (0x2000): Running with real IDs [0][0]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): Module List: (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): common name: [p11-kit-trust]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/p11-kit-trust.so]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): Description [/etc/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): Description [/usr/share/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): common name: [opensc]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/opensc-pkcs11.so]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): Description [Gemalto PC Twin Reader 00 00 Gemplus ] Manufacturer [Gemplus ] flags [7] removable [true] token present [true]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): Found [Company Corporate ID Card] in slot [Gemalto PC Twin Reader 00 00][0] of module [1][/usr/lib/pkcs11/opensc-pkcs11.so]. (2021-11-01 21:05:03): [p11_child[28019]] [do_card] (0x4000): Login NOT required. (2021-11-01 21:05:03): [p11_child[28019]] [read_certs] (0x4000): found cert[Auth [ Date-from Date-To ]][/serialNumber=ADUSERNAME/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] (2021-11-01 21:05:03): [p11_child[28019]] [do_ocsp] (0x4000): Using OCSP URL [http://ocsp.company.tld]. (2021-11-01 21:05:04): [p11_child[28019]] [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. (2021-11-01 21:05:04): [p11_child[28019]] [do_ocsp] (0x4000): OCSP check was successful. (2021-11-01 21:05:04): [p11_child[28019]] [read_certs] (0x4000): found cert[Encr [ Date-from Date-To ]][/serialNumber=ADUSERNAME/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] (2021-11-01 21:05:04): [p11_child[28019]] [do_ocsp] (0x4000): Using OCSP URL [http://ocsp.company.tld]. (2021-11-01 21:05:05): [p11_child[28019]] [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. (2021-11-01 21:05:05): [p11_child[28019]] [do_ocsp] (0x4000): OCSP check was successful. (2021-11-01 21:05:05): [p11_child[28019]] [read_certs] (0x4000): found cert[Encr [ Date-from Date-To ]][/serialNumber=ADUSERNAME/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] (2021-11-01 21:05:05): [p11_child[28019]] [do_verification] (0x0040): X509_verify_cert failed [0]. (2021-11-01 21:05:05): [p11_child[28019]] [do_verification] (0x0040): X509_verify_cert failed [10][certificate has expired]. (2021-11-01 21:05:05): [p11_child[28019]] [read_certs] (0x0040): Certificate [Encr [ Date-from Date-To ]][/serialNumber=ADUSERNAME/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] not valid, skipping. (2021-11-01 21:05:05): [p11_child[28019]] [do_card] (0x4000): (null) /usr/lib/pkcs11/opensc-pkcs11.so (null) Company Corporate ID Card (null) - no label given- [ Key ID #1 ]. (2021-11-01 21:05:05): [p11_child[28019]] [do_card] (0x4000): (null) /usr/lib/pkcs11/opensc-pkcs11.so (null) Company Corporate ID Card (null) - no label given- [ Key ID #2 ]. (2021-11-01 21:05:05): [p11_child[28019]] [do_card] (0x4000): uri: pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.22;slot-description=Gemalto%20PC%20Twin%20Reader%2000%2000;slot-manufacturer=Gemplus;slot-id=0;model=PKCS%2315%20emulated;manufacturer=www.othercompany.tld%2Fcardos;serial=[serialnumber];token=Company%20Corporate%20ID%20Card;id=[%Key%ID%#2%];object=Auth%[ Date From ]%[ Date To ];type=cert. (2021-11-01 21:05:05): [p11_child[28019]] [do_card] (0x4000): uri: pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.22;slot-description=Gemalto%20PC%20Twin%20Reader%2000%2000;slot-manufacturer=Gemplus;slot-id=0;model=PKCS%2315%20emulated;manufacturer=www.othercompany.tld%2Fcardos;serial=[serialnumber];token=Company%20Corporate%20ID%20Card;id=[%Key%ID%#1%];object=Encr%[ Date From ]%[ Date To ]%2003;type=cert. (2021-11-01 21:05:05): [p11_child[28019]] [do_card] (0x4000): Found certificate has key id [[ Key ID #2 ]]. (2021-11-01 21:05:05): [p11_child[28019]] [do_card] (0x4000): Found certificate has key id [[ Key ID #1 ]]. ```
sssd_pam.log ``` (2021-11-01 21:05:01): [pam] [get_client_cred] (0x4000): Client [0x55f6be029e90][24] creds: euid[0] egid[[ aduserid ]] pid[28018] cmd_line['sudo']. (2021-11-01 21:05:01): [pam] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: (2021-11-01 21:05:01): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x55f6be029e90][24] (2021-11-01 21:05:01): [pam] [accept_fd_handler] (0x0400): Client [CID #1][cmd sudo][0x55f6be029e90][24] connected! (2021-11-01 21:05:01): [pam] [sss_cmd_get_version] (0x0200): Received client version [3]. (2021-11-01 21:05:01): [pam] [sss_cmd_get_version] (0x0200): Offered version [3]. (2021-11-01 21:05:01): [pam] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth (2021-11-01 21:05:01): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-01 21:05:01): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-01 21:05:01): [pam] [sss_parse_name_for_domains] (0x0200): name 'adusername' matched without domain, user is adusername (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_PREAUTH (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] domain: not set (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] user: adusername (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/3 (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] ruser: adusername (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 28018 (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] logon name: adusername (2021-11-01 21:05:01): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 (2021-11-01 21:05:01): [pam] [child_handler_setup] (0x2000): Setting up signal handler up for pid [28019] (2021-11-01 21:05:01): [pam] [child_handler_setup] (0x2000): Signal handler set up for pid [28019] (2021-11-01 21:05:05): [pam] [child_sig_handler] (0x1000): Waiting for child [28019]. (2021-11-01 21:05:05): [pam] [child_sig_handler] (0x0100): child [28019] finished successfully. (2021-11-01 21:05:05): [pam] [read_pipe_handler] (0x0400): EOF received, client finished (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found token name [Company Corporate ID Card]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found module name [/usr/lib/pkcs11/opensc-pkcs11.so]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found key id [[ Key ID #2 ]]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found label [Auth [ Date-from Date-To ]]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found cert [[ MII.. ]]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found token name [Company Corporate ID Card]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found module name [/usr/lib/pkcs11/opensc-pkcs11.so]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found key id [[ Key ID #1 ]]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found label [Encr [ Date-from Date-To ]]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x4000): Found cert [[ MII.. ]]. (2021-11-01 21:05:05): [pam] [parse_p11_child_response] (0x1000): Cert [[ MII.. ]] does not match matching rules and is ignored. (2021-11-01 21:05:05): [pam] [cache_req_set_plugin] (0x2000): CR #0: Setting "User by certificate" plugin (2021-11-01 21:05:05): [pam] [cache_req_send] (0x0400): CR #0: REQ_TRACE: New request [CID #1] 'User by certificate' (2021-11-01 21:05:05): [pam] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search (2021-11-01 21:05:05): [pam] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and check the data provider (2021-11-01 21:05:05): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DOMAIN.COMPANY.TLD type POSIX is valid (2021-11-01 21:05:05): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [DOMAIN.COMPANY.TLD] (2021-11-01 21:05:05): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up CERT:Zp75MC+84=@DOMAIN.COMPANY.TLD (2021-11-01 21:05:05): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [CERT:Zp75MC+84=@DOMAIN.COMPANY.TLD] (2021-11-01 21:05:05): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/CERT/[ MII.. ]] (2021-11-01 21:05:05): [pam] [cache_req_search_ncache] (0x0400): CR #0: [CERT:Zp75MC+84=@DOMAIN.COMPANY.TLD] is not present in negative cache (2021-11-01 21:05:05): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:Zp75MC+84=@DOMAIN.COMPANY.TLD] in cache (2021-11-01 21:05:05): [pam] [sysdb_search_object_attr] (0x0400): No such entry. (2021-11-01 21:05:05): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. (2021-11-01 21:05:05): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:Zp75MC+84=@DOMAIN.COMPANY.TLD] was not found in cache (2021-11-01 21:05:05): [pam] [cache_req_search_dp] (0x0400): CR #0: Looking up [CERT:Zp75MC+84=@DOMAIN.COMPANY.TLD] in data provider (2021-11-01 21:05:05): [pam] [sss_dp_get_account_send] (0x0400): Creating request for [DOMAIN.COMPANY.TLD][0x14][BE_REQ_BY_CERT][cert=[ MII.. ]:-] (2021-11-01 21:05:31): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x55f6be029e90][24] (2021-11-01 21:06:01): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x55f6be029e90][24] (2021-11-01 21:06:31): [pam] [client_idle_handler] (0x2000): Terminating idle client [0x55f6be029e90][24] (2021-11-01 21:06:31): [pam] [client_close_fn] (0x2000): Terminated client [0x55f6be029e90][24] ```
ldap_child.log ``` (2021-11-01 21:05:11): [ldap_child[28027]] [main] (0x0400): ldap_child started. (2021-11-01 21:05:11): [ldap_child[28027]] [main] (0x2000): context initialized (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:05:11): [ldap_child[28027]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:05:11): [ldap_child[28027]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:05:11): [ldap_child[28027]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:05:11): [ldap_child[28027]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:05:11): [ldap_child[28027]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:05:11): [ldap_child[28027]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:05:11): [ldap_child[28027]] [main] (0x2000): getting TGT sync (2021-11-01 21:05:11): [ldap_child[28027]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:05:11): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:05:11): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:05:11): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:05:12): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:05:12): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_4BTwjZ] (2021-11-01 21:05:12): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:05:12): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:05:12): [ldap_child[28027]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_4BTwjZ] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:12): [ldap_child[28027]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_4BTwjZ] (2021-11-01 21:05:12): [ldap_child[28027]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_4BTwjZ] (2021-11-01 21:05:12): [ldap_child[28027]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:05:12): [ldap_child[28027]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:05:12): [ldap_child[28027]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:12): [ldap_child[28027]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:05:20): [ldap_child[28032]] [main] (0x0400): ldap_child started. (2021-11-01 21:05:20): [ldap_child[28032]] [main] (0x2000): context initialized (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:05:20): [ldap_child[28032]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:05:20): [ldap_child[28032]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:05:20): [ldap_child[28032]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:05:20): [ldap_child[28032]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:05:20): [ldap_child[28032]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:05:20): [ldap_child[28032]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:05:20): [ldap_child[28032]] [main] (0x2000): getting TGT sync (2021-11-01 21:05:20): [ldap_child[28032]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_861laQ] (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:05:20): [ldap_child[28032]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_861laQ] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:20): [ldap_child[28032]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_861laQ] (2021-11-01 21:05:20): [ldap_child[28032]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_861laQ] (2021-11-01 21:05:20): [ldap_child[28032]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:05:20): [ldap_child[28032]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:05:20): [ldap_child[28032]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:20): [ldap_child[28032]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:05:28): [ldap_child[28043]] [main] (0x0400): ldap_child started. (2021-11-01 21:05:28): [ldap_child[28043]] [main] (0x2000): context initialized (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:05:28): [ldap_child[28043]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:05:28): [ldap_child[28043]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:05:28): [ldap_child[28043]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:05:28): [ldap_child[28043]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:05:28): [ldap_child[28043]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:05:28): [ldap_child[28043]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:05:28): [ldap_child[28043]] [main] (0x2000): getting TGT sync (2021-11-01 21:05:28): [ldap_child[28043]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:05:28): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:05:28): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:05:28): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:05:29): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:05:29): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_KmTNvh] (2021-11-01 21:05:29): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:05:29): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:05:29): [ldap_child[28043]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_KmTNvh] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:29): [ldap_child[28043]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_KmTNvh] (2021-11-01 21:05:29): [ldap_child[28043]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_KmTNvh] (2021-11-01 21:05:29): [ldap_child[28043]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:05:29): [ldap_child[28043]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:05:29): [ldap_child[28043]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:29): [ldap_child[28043]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:05:36): [ldap_child[28048]] [main] (0x0400): ldap_child started. (2021-11-01 21:05:36): [ldap_child[28048]] [main] (0x2000): context initialized (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:05:36): [ldap_child[28048]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:05:36): [ldap_child[28048]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:05:36): [ldap_child[28048]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:05:36): [ldap_child[28048]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:05:36): [ldap_child[28048]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:05:36): [ldap_child[28048]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:05:36): [ldap_child[28048]] [main] (0x2000): getting TGT sync (2021-11-01 21:05:36): [ldap_child[28048]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:05:36): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:05:36): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:05:36): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:05:37): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:05:37): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_yZmJY2] (2021-11-01 21:05:37): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:05:37): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:05:37): [ldap_child[28048]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_yZmJY2] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:37): [ldap_child[28048]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_yZmJY2] (2021-11-01 21:05:37): [ldap_child[28048]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_yZmJY2] (2021-11-01 21:05:37): [ldap_child[28048]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:05:37): [ldap_child[28048]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:05:37): [ldap_child[28048]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:37): [ldap_child[28048]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:05:44): [ldap_child[28053]] [main] (0x0400): ldap_child started. (2021-11-01 21:05:44): [ldap_child[28053]] [main] (0x2000): context initialized (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:05:44): [ldap_child[28053]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:05:44): [ldap_child[28053]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:05:44): [ldap_child[28053]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:05:44): [ldap_child[28053]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:05:44): [ldap_child[28053]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:05:44): [ldap_child[28053]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:05:44): [ldap_child[28053]] [main] (0x2000): getting TGT sync (2021-11-01 21:05:44): [ldap_child[28053]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:05:44): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:05:44): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:05:44): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:05:45): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:05:45): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_61whvY] (2021-11-01 21:05:45): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:05:45): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:05:45): [ldap_child[28053]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_61whvY] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:45): [ldap_child[28053]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_61whvY] (2021-11-01 21:05:45): [ldap_child[28053]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_61whvY] (2021-11-01 21:05:45): [ldap_child[28053]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:05:45): [ldap_child[28053]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:05:45): [ldap_child[28053]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:45): [ldap_child[28053]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:05:52): [ldap_child[28067]] [main] (0x0400): ldap_child started. (2021-11-01 21:05:52): [ldap_child[28067]] [main] (0x2000): context initialized (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:05:52): [ldap_child[28067]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:05:52): [ldap_child[28067]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:05:52): [ldap_child[28067]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:05:52): [ldap_child[28067]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:05:52): [ldap_child[28067]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:05:52): [ldap_child[28067]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:05:52): [ldap_child[28067]] [main] (0x2000): getting TGT sync (2021-11-01 21:05:52): [ldap_child[28067]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:05:52): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:05:52): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:05:52): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:05:53): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:05:53): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_F3juAf] (2021-11-01 21:05:53): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:05:53): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:05:53): [ldap_child[28067]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_F3juAf] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:53): [ldap_child[28067]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_F3juAf] (2021-11-01 21:05:53): [ldap_child[28067]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_F3juAf] (2021-11-01 21:05:53): [ldap_child[28067]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:05:53): [ldap_child[28067]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:05:53): [ldap_child[28067]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:05:53): [ldap_child[28067]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:06:01): [ldap_child[28073]] [main] (0x0400): ldap_child started. (2021-11-01 21:06:01): [ldap_child[28073]] [main] (0x2000): context initialized (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:06:01): [ldap_child[28073]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:06:01): [ldap_child[28073]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:06:01): [ldap_child[28073]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:06:01): [ldap_child[28073]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:06:01): [ldap_child[28073]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:06:01): [ldap_child[28073]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:06:01): [ldap_child[28073]] [main] (0x2000): getting TGT sync (2021-11-01 21:06:01): [ldap_child[28073]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_S2mXnz] (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:06:01): [ldap_child[28073]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_S2mXnz] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:01): [ldap_child[28073]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_S2mXnz] (2021-11-01 21:06:01): [ldap_child[28073]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_S2mXnz] (2021-11-01 21:06:01): [ldap_child[28073]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:06:01): [ldap_child[28073]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:06:01): [ldap_child[28073]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:01): [ldap_child[28073]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:06:10): [ldap_child[28076]] [main] (0x0400): ldap_child started. (2021-11-01 21:06:10): [ldap_child[28076]] [main] (0x2000): context initialized (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:06:10): [ldap_child[28076]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:06:10): [ldap_child[28076]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:06:10): [ldap_child[28076]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:06:10): [ldap_child[28076]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:06:10): [ldap_child[28076]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:06:10): [ldap_child[28076]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:06:10): [ldap_child[28076]] [main] (0x2000): getting TGT sync (2021-11-01 21:06:10): [ldap_child[28076]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_oesib8] (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:06:10): [ldap_child[28076]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_oesib8] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:10): [ldap_child[28076]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_oesib8] (2021-11-01 21:06:10): [ldap_child[28076]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_oesib8] (2021-11-01 21:06:10): [ldap_child[28076]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:06:10): [ldap_child[28076]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:06:10): [ldap_child[28076]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:10): [ldap_child[28076]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:06:18): [ldap_child[28082]] [main] (0x0400): ldap_child started. (2021-11-01 21:06:18): [ldap_child[28082]] [main] (0x2000): context initialized (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:06:18): [ldap_child[28082]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:06:18): [ldap_child[28082]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:06:18): [ldap_child[28082]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:06:18): [ldap_child[28082]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:06:18): [ldap_child[28082]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:06:18): [ldap_child[28082]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:06:18): [ldap_child[28082]] [main] (0x2000): getting TGT sync (2021-11-01 21:06:18): [ldap_child[28082]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_Z2fqjj] (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:06:18): [ldap_child[28082]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_Z2fqjj] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:18): [ldap_child[28082]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_Z2fqjj] (2021-11-01 21:06:18): [ldap_child[28082]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_Z2fqjj] (2021-11-01 21:06:18): [ldap_child[28082]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:06:18): [ldap_child[28082]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:06:18): [ldap_child[28082]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:18): [ldap_child[28082]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:06:26): [ldap_child[28089]] [main] (0x0400): ldap_child started. (2021-11-01 21:06:26): [ldap_child[28089]] [main] (0x2000): context initialized (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:06:26): [ldap_child[28089]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:06:26): [ldap_child[28089]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:06:26): [ldap_child[28089]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:06:26): [ldap_child[28089]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:06:26): [ldap_child[28089]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:06:26): [ldap_child[28089]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:06:26): [ldap_child[28089]] [main] (0x2000): getting TGT sync (2021-11-01 21:06:26): [ldap_child[28089]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_VuI5rv] (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:06:26): [ldap_child[28089]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_VuI5rv] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:26): [ldap_child[28089]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_VuI5rv] (2021-11-01 21:06:26): [ldap_child[28089]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_VuI5rv] (2021-11-01 21:06:26): [ldap_child[28089]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:06:26): [ldap_child[28089]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:06:26): [ldap_child[28089]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:26): [ldap_child[28089]] [main] (0x0400): ldap_child completed successfully (2021-11-01 21:06:34): [ldap_child[28099]] [main] (0x0400): ldap_child started. (2021-11-01 21:06:34): [ldap_child[28099]] [main] (0x2000): context initialized (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-01 21:06:34): [ldap_child[28099]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-01 21:06:34): [ldap_child[28099]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-01 21:06:34): [ldap_child[28099]] [main] (0x2000): Kerberos context initialized (2021-11-01 21:06:34): [ldap_child[28099]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-01 21:06:34): [ldap_child[28099]] [become_user] (0x0200): Already user [0]. (2021-11-01 21:06:34): [ldap_child[28099]] [main] (0x2000): Running as [0][0]. (2021-11-01 21:06:34): [ldap_child[28099]] [main] (0x2000): getting TGT sync (2021-11-01 21:06:34): [ldap_child[28099]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-01 21:06:34): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-01 21:06:34): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-01 21:06:34): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-01 21:06:35): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-01 21:06:35): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_zxgFEj] (2021-11-01 21:06:35): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-01 21:06:35): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-01 21:06:35): [ldap_child[28099]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_zxgFEj] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:35): [ldap_child[28099]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_zxgFEj] (2021-11-01 21:06:35): [ldap_child[28099]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_zxgFEj] (2021-11-01 21:06:35): [ldap_child[28099]] [prepare_response] (0x0400): Building response for result [0] (2021-11-01 21:06:35): [ldap_child[28099]] [pack_buffer] (0x2000): response size: 65 (2021-11-01 21:06:35): [ldap_child[28099]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-01 21:06:35): [ldap_child[28099]] [main] (0x0400): ldap_child completed successfully ```
sumit-bose commented 2 years ago

Hi,

thanks for the logs. You are right about the timeout. I would suggest to try to increase the search timeout to e.g. 20s by setting

ldap_search_timeout = 20

Since by default the userCertificate attribute is not indexed the initial searches might take more than the default timeout of 6s. Later on SSSD will use the data stored in the local cache. Depending on the certificate content it might be possible to use a different matching rule to use attributes which are indexed in AD but for a start I would try to continue with the default rule and just increase the timeout.

bye, Sumit

macgeneral commented 2 years ago

Hi,

Sorry for the delay. Unfortunately setting ldap_search_timeout didn't change anything. Is there a way to use krb5_child for pkinit instead of p11_child?

What does Kerberos do differently?

user@host:~$ KRB5_TRACE=/dev/stdout kinit -X X509_user_identity='PKCS11:opensc-pkcs11.so'

[16755] 1636310195.707987: Getting initial credentials for aduser@DOMAIN.COMPANY.TLD
[16755] 1636310195.707989: Sending unauthenticated request
[16755] 1636310195.707990: Sending request (217 bytes) to DOMAIN.COMPANY.TLD
[16755] 1636310195.707991: Sending initial UDP request to dgram [ IPv4 address ]:88
[16755] 1636310195.707992: Received answer (325 bytes) from dgram [ IPv4 address ]:88
[16755] 1636310195.707993: Response was from primary KDC
[16755] 1636310195.707994: Received error from KDC: -1765328359/Additional pre-authentication required
[16755] 1636310195.707997: Preauthenticating using KDC method data
[16755] 1636310195.707998: Processing preauth types: PA-PK-AS-REQ (16), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2), PA_AS_FRESHNESS (150), PA-FX-FAST (136), PA-FX-COOKIE (133)
[16755] 1636310195.707999: Selected etype info: etype aes256-cts, salt "DOMAIN.COMPANY.TLDfirstname.lastname", params ""
[16755] 1636310195.708000: Received cookie: Microsof\x00
[16755] 1636310197.335577: PKINIT client received freshness token from KDC
[16755] 1636310197.335578: Preauth module pkinit (150) (info) returned: 0/Success
Company Corporate ID Card   PIN: 
[16755] 1636310202.400926: PKINIT loading CA certs and CRLs from FILE
[16755] 1636310202.400927: PKINIT client computed kdc-req-body checksum 9/4198425C152FBEFC4A3CB183CFC98661D5A1FB46
[16755] 1636310202.400929: PKINIT client making DH request
[16755] 1636310203.085172: Preauth module pkinit (16) (real) returned: 0/Success
[16755] 1636310203.085173: Produced preauth for next request: PA-FX-COOKIE (133), PA-PK-AS-REQ (16)
[16755] 1636310203.085174: Sending request (29469 bytes) to DOMAIN.COMPANY.TLD
[16755] 1636310203.085175: Initiating TCP connection to stream [ IPv4 address ]:88
[16755] 1636310203.085176: Sending TCP request to stream [ IPv4 address ]:88
[16755] 1636310204.255293: Received answer (4893 bytes) from stream [ IPv4 address ]:88
[16755] 1636310204.255294: Terminating TCP connection to stream [ IPv4 address ]:88
[16755] 1636310204.255295: Response was from primary KDC
[16755] 1636310204.255296: Processing preauth types: PA-PK-AS-REP (17)
[16755] 1636310204.255297: PKINIT client verified DH reply
[16755] 1636310204.255298: PKINIT client config accepts KDC dNSName SAN domain.company.tld
[16755] 1636310204.255299: PKINIT client config accepts KDC dNSName SAN DOMAIN
[16755] sub.domain.company.tld
[16755] 1636310204.255301: PKINIT client found dNSName SAN in KDC cert: domain.company.tld
[16755] 1636310204.255302: PKINIT client found dNSName SAN in KDC cert: DOMAIN
[16755] 1636310204.255303: PKINIT client matched KDC hostname domain.company.tld against dNSName SAN; EKU check still required
[16755] 1636310204.255304: PKINIT found acceptable EKU and digitalSignature KU
[16755] 1636310204.255305: PKINIT client found acceptable EKU in KDC cert
[16755] 1636310204.255306: PKINIT client used octetstring2key to compute reply key aes256-cts/E3E6
[16755] 1636310204.255307: Preauth module pkinit (17) (real) returned: 0/Success
[16755] 1636310204.255308: Produced preauth for next request: (empty)
[16755] 1636310204.255309: AS key determined by preauth: aes256-cts/E3E6
[16755] 1636310204.255310: Decrypted AS reply; session key is: aes256-cts/D074
[16755] 1636310204.255311: FAST negotiation: available
[16755] 1636310204.255312: Initializing KCM:aduserid:94866 with default princ aduser@DOMAIN.COMPANY.TLD
[16755] 1636310204.255313: Storing aduser@DOMAIN.COMPANY.TLD -> krbtgt/DOMAIN.COMPANY.TLD@DOMAIN.COMPANY.TLD in KCM:aduserid:94866
[16755] 1636310204.255314: Storing config in KCM:aduserid:94866 for krbtgt/DOMAIN.COMPANY.TLD@DOMAIN.COMPANY.TLD: fast_avail: yes
[16755] 1636310204.255315: Storing aduser@DOMAIN.COMPANY.TLD -> krb5_ccache_conf_data/fast_avail/krbtgt\/DOMAIN.COMPANY.TLD\@DOMAIN.COMPANY.TLD@X-CACHECONF: in KCM:aduserid:94866
[16755] 1636310204.255316: Storing config in KCM:aduserid:94866 for krbtgt/DOMAIN.COMPANY.TLD@DOMAIN.COMPANY.TLD: pa_type: 16
[16755] 1636310204.255317: Storing aduser@DOMAIN.COMPANY.TLD -> krb5_ccache_conf_data/pa_type/krbtgt\/DOMAIN.COMPANY.TLD\@DOMAIN.COMPANY.TLD@X-CACHECONF: in KCM:aduserid:94866
[16755] 1636310204.255318: Storing config in KCM:aduserid:94866 for krbtgt/DOMAIN.COMPANY.TLD@DOMAIN.COMPANY.TLD: pa_config_data: {"X509_user_identity":"PKCS11:module_name=opensc-pkcs11.so"}
[16755] 1636310204.255319: Storing aduser@DOMAIN.COMPANY.TLD -> krb5_ccache_conf_data/pa_config_data/krbtgt\/DOMAIN.COMPANY.TLD\@DOMAIN.COMPANY.TLD@X-CACHECONF: in KCM:aduserid:94866
p11_child.log ``` 2626:(2021-11-07 17:27:42): [p11_child[5579]] [main] (0x0400): p11_child started. 2627:(2021-11-07 17:27:42): [p11_child[5579]] [main] (0x2000): Running in [pre-auth] mode. 2628:(2021-11-07 17:27:42): [p11_child[5579]] [main] (0x2000): Running with effective IDs: [0][0]. 2629:(2021-11-07 17:27:42): [p11_child[5579]] [main] (0x2000): Running with real IDs [0][0]. 2630:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): Module List: 2631:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): common name: [p11-kit-trust]. 2632:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/p11-kit-trust.so]. 2633:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): Description [/etc/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. 2634:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): Description [/usr/share/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. 2635:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): common name: [opensc]. 2636:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/opensc-pkcs11.so]. 2637:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): Description [Alcor Micro AU9540 00 00 Generic ] Manufacturer [Generic ] flags [7] removable [true] token present [true]. 2638:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): Found [Company Corporate ID Card] in slot [Alcor Micro AU9540 00 00][0] of module [1][/usr/lib/pkcs11/opensc-pkcs11.so]. 2639:(2021-11-07 17:27:44): [p11_child[5579]] [do_card] (0x4000): Login NOT required. 2640:(2021-11-07 17:27:44): [p11_child[5579]] [read_certs] (0x4000): found cert[Auth [date-from date-to]][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] 2641:(2021-11-07 17:27:44): [p11_child[5579]] [do_ocsp] (0x4000): Using OCSP URL [http://ocsp.company.tld]. 2642:(2021-11-07 17:27:46): [p11_child[5579]] [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. 2643:(2021-11-07 17:27:46): [p11_child[5579]] [do_ocsp] (0x4000): OCSP check was successful. 2644:(2021-11-07 17:27:46): [p11_child[5579]] [read_certs] (0x4000): found cert[Encr [date-from date-to] 03][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] 2645:(2021-11-07 17:27:46): [p11_child[5579]] [do_ocsp] (0x4000): Using OCSP URL [http://ocsp.company.tld]. 2646:(2021-11-07 17:27:47): [p11_child[5579]] [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. 2647:(2021-11-07 17:27:47): [p11_child[5579]] [do_ocsp] (0x4000): OCSP check was successful. 2648:(2021-11-07 17:27:47): [p11_child[5579]] [read_certs] (0x4000): found cert[Encr [date-from date-to] 04][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] 2649:(2021-11-07 17:27:47): [p11_child[5579]] [do_verification] (0x0040): X509_verify_cert failed [0]. 2650:(2021-11-07 17:27:47): [p11_child[5579]] [do_verification] (0x0040): X509_verify_cert failed [10][certificate has expired]. 2651:(2021-11-07 17:27:47): [p11_child[5579]] [read_certs] (0x0040): Certificate [Encr [date-from date-to] 04][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] not valid, skipping. 2652:(2021-11-07 17:27:47): [p11_child[5579]] [do_card] (0x4000): (null) /usr/lib/pkcs11/opensc-pkcs11.so (null) Company Corporate ID Card (null) - no label given- [cert_id_2]. 2653:(2021-11-07 17:27:47): [p11_child[5579]] [do_card] (0x4000): (null) /usr/lib/pkcs11/opensc-pkcs11.so (null) Company Corporate ID Card (null) - no label given- [cert_id_1]. 2654:(2021-11-07 17:27:47): [p11_child[5579]] [do_card] (0x4000): uri: pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.22;slot-description=Alcor%20Micro%20AU9540%2000%2000;slot-manufacturer=Generic;slot-id=0;model=PKCS%2315%20emulated;manufacturer=www.atos.tld%2Fsmartsmartcardos;serial=4255364f51354e52;token=Company%20Corporate%20ID%20Card;id=[cert_id_1];object=Auth%20[date-from date-to];type=cert. 2655:(2021-11-07 17:27:47): [p11_child[5579]] [do_card] (0x4000): uri: pkcs11:library-description=OpenSC%20smartcard%20framework;library-manufacturer=OpenSC%20Project;library-version=0.22;slot-description=Alcor%20Micro%20AU9540%2000%2000;slot-manufacturer=Generic;slot-id=0;model=PKCS%2315%20emulated;manufacturer=www.atos.tld%2Fsmartsmartcardos;serial=4255364f51354e52;token=Company%20Corporate%20ID%20Card;id=[cert_id_2];object=Encr%20[date-from date-to]%2003;type=cert. 2656:(2021-11-07 17:27:47): [p11_child[5579]] [do_card] (0x4000): Found certificate has key id [[cert_id_1]]. 2657:(2021-11-07 17:27:47): [p11_child[5579]] [do_card] (0x4000): Found certificate has key id [[cert_id_2]]. ```
sssd_pam.log ``` 30846:(2021-11-07 17:27:42): [pam] [get_client_cred] (0x4000): Client [0x55e931ac4080][24] creds: euid[0] egid[aduserid] pid[5570] cmd_line['sudo']. 30847:(2021-11-07 17:27:42): [pam] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: 30850:(2021-11-07 17:27:42): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x55e931ac4080][24] 30851:(2021-11-07 17:27:42): [pam] [accept_fd_handler] (0x0400): Client [CID #1][cmd sudo][0x55e931ac4080][24] connected! 30852:(2021-11-07 17:27:42): [pam] [sss_cmd_get_version] (0x0200): Received client version [3]. 30853:(2021-11-07 17:27:42): [pam] [sss_cmd_get_version] (0x0200): Offered version [3]. 30854:(2021-11-07 17:27:42): [pam] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth 30855:(2021-11-07 17:27:42): [pam] [sss_parse_name] (0x0100): Domain not provided! 30856:(2021-11-07 17:27:42): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active 30857:(2021-11-07 17:27:42): [pam] [sss_parse_name_for_domains] (0x0200): name 'aduser' matched without domain, user is aduser 30858:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_PREAUTH 30859:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] domain: not set 30860:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] user: aduser 30861:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo 30862:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/3 30863:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] ruser: aduser 30864:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set 30865:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) 30866:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) 30867:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 30868:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 5570 30869:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] logon name: aduser 30870:(2021-11-07 17:27:42): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 30871:(2021-11-07 17:27:42): [pam] [child_handler_setup] (0x2000): Setting up signal handler up for pid [5579] 30872:(2021-11-07 17:27:42): [pam] [child_handler_setup] (0x2000): Signal handler set up for pid [5579] 30873:(2021-11-07 17:27:47): [pam] [read_pipe_handler] (0x0400): EOF received, client finished 30874:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found token name [Company Corporate ID Card]. 30875:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found module name [/usr/lib/pkcs11/opensc-pkcs11.so]. 30876:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found key id [[cert_id_1]]. 30877:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found label [Auth [date-from date-to]]. 30878:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found cert [[cert_1]]. 30879:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found token name [Company Corporate ID Card]. 30880:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found module name [/usr/lib/pkcs11/opensc-pkcs11.so]. 30881:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found key id [[cert_id_2]]. 30882:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found label [Encr [date-from date-to] 03]. 30883:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x4000): Found cert [[cert_2]]. 30884:(2021-11-07 17:27:47): [pam] [parse_p11_child_response] (0x1000): Cert [[cert_2]] does not match matching rules and is ignored. 30885:(2021-11-07 17:27:47): [pam] [cache_req_set_plugin] (0x2000): CR #0: Setting "User by certificate" plugin 30886:(2021-11-07 17:27:47): [pam] [cache_req_send] (0x0400): CR #0: REQ_TRACE: New request [CID #1] 'User by certificate' 30887:(2021-11-07 17:27:47): [pam] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search 30888:(2021-11-07 17:27:47): [pam] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and check the data provider 30889:(2021-11-07 17:27:47): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DOMAIN.COMPANY.TLD type POSIX is valid 30890:(2021-11-07 17:27:47): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [DOMAIN.COMPANY.TLD] 30891:(2021-11-07 17:27:47): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up CERT:[short-id]@DOMAIN.COMPANY.TLD 30892:(2021-11-07 17:27:47): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [CERT:[short-id]@DOMAIN.COMPANY.TLD] 30893:(2021-11-07 17:27:47): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/CERT/[cert_1]] 30894:(2021-11-07 17:27:47): [pam] [cache_req_search_ncache] (0x0400): CR #0: [CERT:[short-id]@DOMAIN.COMPANY.TLD] is not present in negative cache 30895:(2021-11-07 17:27:47): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:[short-id]@DOMAIN.COMPANY.TLD] in cache 30896:(2021-11-07 17:27:47): [pam] [sysdb_search_object_attr] (0x0400): No such entry. 30897:(2021-11-07 17:27:47): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. 30898:(2021-11-07 17:27:47): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:[short-id]@DOMAIN.COMPANY.TLD] was not found in cache 30899:(2021-11-07 17:27:47): [pam] [cache_req_search_dp] (0x0400): CR #0: Looking up [CERT:[short-id]@DOMAIN.COMPANY.TLD] in data provider 30900:(2021-11-07 17:27:47): [pam] [sss_dp_get_account_send] (0x0400): Creating request for [DOMAIN.COMPANY.TLD][0x14][BE_REQ_BY_CERT][cert=[cert_1]:-] 30901:(2021-11-07 17:27:47): [pam] [child_sig_handler] (0x1000): Waiting for child [5579]. 30902:(2021-11-07 17:27:47): [pam] [child_sig_handler] (0x0100): child [5579] finished successfully. 30903:(2021-11-07 17:28:12): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x55e931ac4080][24] 30904:(2021-11-07 17:28:16): [pam] [sbus_dispatch] (0x4000): Dispatching. 30905:(2021-11-07 17:28:16): [pam] [sss_domain_get_state] (0x1000): Domain DOMAIN.COMPANY.TLD is Active 30906:(2021-11-07 17:28:16): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:[short-id]@DOMAIN.COMPANY.TLD] in cache 30907:(2021-11-07 17:28:16): [pam] [sysdb_search_object_attr] (0x0400): No such entry. 30908:(2021-11-07 17:28:16): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. 30909:(2021-11-07 17:28:16): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:[short-id]@DOMAIN.COMPANY.TLD] was not found in cache 30910:(2021-11-07 17:28:16): [pam] [cache_req_search_ncache_add_to_domain] (0x2000): CR #0: This request type does not support negative cache 30911:(2021-11-07 17:28:16): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain CompanyChildDomain.tld type POSIX is valid 30912:(2021-11-07 17:28:16): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [CompanyChildDomain.tld] 30913:(2021-11-07 17:28:16): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up CERT:[short-id]@CompanyChildDomain.tld 30914:(2021-11-07 17:28:16): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [CERT:[short-id]@CompanyChildDomain.tld] 30915:(2021-11-07 17:28:16): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/CERT/[cert_1]] 30916:(2021-11-07 17:28:16): [pam] [cache_req_search_ncache] (0x0400): CR #0: [CERT:[short-id]@CompanyChildDomain.tld] is not present in negative cache 30917:(2021-11-07 17:28:16): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:[short-id]@CompanyChildDomain.tld] in cache 30918:(2021-11-07 17:28:16): [pam] [sysdb_search_object_attr] (0x0400): No such entry. 30919:(2021-11-07 17:28:16): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. 30920:(2021-11-07 17:28:16): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:[short-id]@CompanyChildDomain.tld] was not found in cache 30921:(2021-11-07 17:28:16): [pam] [cache_req_search_dp] (0x0400): CR #0: Looking up [CERT:[short-id]@CompanyChildDomain.tld] in data provider 30922:(2021-11-07 17:28:16): [pam] [sss_dp_get_account_send] (0x0400): Creating request for [CompanyChildDomain.tld][0x14][BE_REQ_BY_CERT][cert=[cert_1]:-] 30923:(2021-11-07 17:28:36): [pam] [sbus_dispatch] (0x4000): Dispatching. 30924:(2021-11-07 17:28:36): [pam] [cache_req_common_process_dp_reply] (0x0040): CR #0: Data Provider Error: 3, 0, User lookup by certificate failed 30925:(2021-11-07 17:28:36): [pam] [cache_req_common_process_dp_reply] (0x0400): CR #0: Due to an error we will return cached data 30926:(2021-11-07 17:28:36): [pam] [sss_domain_get_state] (0x1000): Domain CompanyChildDomain.tld is Active 30927:(2021-11-07 17:28:36): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:[short-id]@CompanyChildDomain.tld] in cache 30928:(2021-11-07 17:28:36): [pam] [sysdb_search_object_attr] (0x0400): No such entry. 30929:(2021-11-07 17:28:36): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. 30930:(2021-11-07 17:28:36): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:[short-id]@CompanyChildDomain.tld] was not found in cache 30931:(2021-11-07 17:28:36): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain host_17.local type POSIX is valid 30932:(2021-11-07 17:28:36): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [host_17.local] 30933:(2021-11-07 17:28:36): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up CERT:[short-id]@host_17.local 30934:(2021-11-07 17:28:36): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [CERT:[short-id]@host_17.local] 30935:(2021-11-07 17:28:36): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/CERT/[cert_1]] 30936:(2021-11-07 17:28:36): [pam] [cache_req_search_ncache] (0x0400): CR #0: [CERT:[short-id]@host_17.local] is not present in negative cache 30937:(2021-11-07 17:28:36): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:[short-id]@host_17.local] in cache 30938:(2021-11-07 17:28:36): [pam] [sysdb_search_object_attr] (0x0400): No such entry. 30939:(2021-11-07 17:28:36): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. 30940:(2021-11-07 17:28:36): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:[short-id]@host_17.local] was not found in cache 30941:(2021-11-07 17:28:36): [pam] [cache_req_search_dp] (0x0400): CR #0: Looking up [CERT:[short-id]@host_17.local] in data provider 30942:(2021-11-07 17:28:36): [pam] [sss_dp_get_account_send] (0x0400): Creating request for [host_17.local][0x14][BE_REQ_BY_CERT][cert=[cert_1]:-] 30943:(2021-11-07 17:28:42): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x55e931ac4080][24] 30944:(2021-11-07 17:28:54): [pam] [sbus_dispatch] (0x4000): Dispatching. 30945:(2021-11-07 17:28:54): [pam] [cache_req_common_process_dp_reply] (0x0040): CR #0: Data Provider Error: 3, 0, User lookup by certificate failed 30946:(2021-11-07 17:28:54): [pam] [cache_req_common_process_dp_reply] (0x0400): CR #0: Due to an error we will return cached data 30947:(2021-11-07 17:28:54): [pam] [sss_domain_get_state] (0x1000): Domain host_17.local is Active 30948:(2021-11-07 17:28:54): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:[short-id]@host_17.local] in cache 30949:(2021-11-07 17:28:54): [pam] [sysdb_search_object_attr] (0x0400): No such entry. 30950:(2021-11-07 17:28:54): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. 30951:(2021-11-07 17:28:54): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:[short-id]@host_17.local] was not found in cache 30952:(2021-11-07 17:28:54): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain host_18.local type POSIX is valid 30953:(2021-11-07 17:28:54): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [host_18.local] 30954:(2021-11-07 17:28:54): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up CERT:[short-id]@host_18.local 30955:(2021-11-07 17:28:54): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [CERT:[short-id]@host_18.local] 30956:(2021-11-07 17:28:54): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/CERT/[cert_1]] 30957:(2021-11-07 17:28:54): [pam] [cache_req_search_ncache] (0x0400): CR #0: [CERT:[short-id]@host_18.local] is not present in negative cache 30958:(2021-11-07 17:28:54): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [CERT:[short-id]@host_18.local] in cache 30959:(2021-11-07 17:28:54): [pam] [sysdb_search_object_attr] (0x0400): No such entry. 30960:(2021-11-07 17:28:54): [pam] [sysdb_search_user_by_cert_with_views] (0x0040): sysdb_search_user_by_cert failed. 30961:(2021-11-07 17:28:54): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [CERT:[short-id]@host_18.local] was not found in cache 30962:(2021-11-07 17:28:54): [pam] [cache_req_search_dp] (0x0400): CR #0: Looking up [CERT:[short-id]@host_18.local] in data provider 30963:(2021-11-07 17:28:54): [pam] [sss_dp_get_account_send] (0x0400): Creating request for [host_18.local][0x14][BE_REQ_BY_CERT][cert=[cert_1]:-] 30964:(2021-11-07 17:29:12): [pam] [client_idle_handler] (0x2000): Terminating idle client [0x55e931ac4080][24] 30965:(2021-11-07 17:29:12): [pam] [client_close_fn] (0x2000): Terminated client [0x55e931ac4080][24] 30966:(2021-11-07 17:29:12): [pam] [sbus_dispatch] (0x4000): Dispatching. ```
ldap_child.log ``` 14897:(2021-11-07 17:27:34): [ldap_child[5573]] [main] (0x0400): ldap_child started. 14898:(2021-11-07 17:27:34): [ldap_child[5573]] [main] (0x2000): context initialized 14899:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): total buffer size: 66 14900:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): realm_str size: 17 14901:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 14902:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): princ_str size: 9 14903:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): got princ_str: hostname$ 14904:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): keytab_name size: 16 14905:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 14906:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x1000): lifetime: 86400 14907:(2021-11-07 17:27:34): [ldap_child[5573]] [unpack_buffer] (0x0200): Will run as [0][0]. 14908:(2021-11-07 17:27:34): [ldap_child[5573]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 14909:(2021-11-07 17:27:34): [ldap_child[5573]] [main] (0x2000): Kerberos context initialized 14910:(2021-11-07 17:27:34): [ldap_child[5573]] [become_user] (0x0200): Trying to become user [0][0]. 14911:(2021-11-07 17:27:34): [ldap_child[5573]] [become_user] (0x0200): Already user [0]. 14912:(2021-11-07 17:27:34): [ldap_child[5573]] [main] (0x2000): Running as [0][0]. 14913:(2021-11-07 17:27:34): [ldap_child[5573]] [main] (0x2000): getting TGT sync 14914:(2021-11-07 17:27:34): [ldap_child[5573]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 14915:(2021-11-07 17:27:34): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 14916:(2021-11-07 17:27:34): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] 14917:(2021-11-07 17:27:34): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 14918:(2021-11-07 17:27:35): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized 14919:(2021-11-07 17:27:35): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_iW2aXW] 14920:(2021-11-07 17:27:35): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x2000): credentials stored 14921:(2021-11-07 17:27:35): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset 14922:(2021-11-07 17:27:35): [ldap_child[5573]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_iW2aXW] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] 14923:(2021-11-07 17:27:35): [ldap_child[5573]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_iW2aXW] 14924:(2021-11-07 17:27:35): [ldap_child[5573]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_iW2aXW] 14925:(2021-11-07 17:27:35): [ldap_child[5573]] [prepare_response] (0x0400): Building response for result [0] 14926:(2021-11-07 17:27:35): [ldap_child[5573]] [pack_buffer] (0x2000): response size: 65 14927:(2021-11-07 17:27:35): [ldap_child[5573]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] 14928:(2021-11-07 17:27:35): [ldap_child[5573]] [main] (0x0400): ldap_child completed successfully 14929:(2021-11-07 17:28:16): [ldap_child[5609]] [main] (0x0400): ldap_child started. 14930:(2021-11-07 17:28:16): [ldap_child[5609]] [main] (0x2000): context initialized 14931:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): total buffer size: 88 14932:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): realm_str size: 17 14933:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 14934:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): princ_str size: 31 14935:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 14936:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): keytab_name size: 16 14937:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 14938:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x1000): lifetime: 86400 14939:(2021-11-07 17:28:16): [ldap_child[5609]] [unpack_buffer] (0x0200): Will run as [0][0]. 14940:(2021-11-07 17:28:16): [ldap_child[5609]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 14941:(2021-11-07 17:28:16): [ldap_child[5609]] [main] (0x2000): Kerberos context initialized 14942:(2021-11-07 17:28:16): [ldap_child[5609]] [become_user] (0x0200): Trying to become user [0][0]. 14943:(2021-11-07 17:28:16): [ldap_child[5609]] [become_user] (0x0200): Already user [0]. 14944:(2021-11-07 17:28:16): [ldap_child[5609]] [main] (0x2000): Running as [0][0]. 14945:(2021-11-07 17:28:16): [ldap_child[5609]] [main] (0x2000): getting TGT sync 14946:(2021-11-07 17:28:16): [ldap_child[5609]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 14947:(2021-11-07 17:28:16): [ldap_child[5609]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 14948:(2021-11-07 17:28:16): [ldap_child[5609]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 14949:(2021-11-07 17:28:16): [ldap_child[5609]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 14950:(2021-11-07 17:28:17): [ldap_child[5609]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 14951:(2021-11-07 17:28:17): [ldap_child[5609]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 14952:(2021-11-07 17:28:17): [ldap_child[5609]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_iDz6Y9] 14953:(2021-11-07 17:28:17): [ldap_child[5609]] [main] (0x0020): ldap_child_get_tgt_sync failed. 14954:(2021-11-07 17:28:17): [ldap_child[5609]] [prepare_response] (0x0400): Building response for result [-1765328378] 14955:(2021-11-07 17:28:17): [ldap_child[5609]] [pack_buffer] (0x2000): response size: 109 14956:(2021-11-07 17:28:17): [ldap_child[5609]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 14957:(2021-11-07 17:28:17): [ldap_child[5609]] [main] (0x0400): ldap_child completed successfully 14958:(2021-11-07 17:28:17): [ldap_child[5610]] [main] (0x0400): ldap_child started. 14959:(2021-11-07 17:28:17): [ldap_child[5610]] [main] (0x2000): context initialized 14960:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): total buffer size: 88 14961:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): realm_str size: 17 14962:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 14963:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): princ_str size: 31 14964:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 14965:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): keytab_name size: 16 14966:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 14967:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x1000): lifetime: 86400 14968:(2021-11-07 17:28:17): [ldap_child[5610]] [unpack_buffer] (0x0200): Will run as [0][0]. 14969:(2021-11-07 17:28:17): [ldap_child[5610]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 14970:(2021-11-07 17:28:17): [ldap_child[5610]] [main] (0x2000): Kerberos context initialized 14971:(2021-11-07 17:28:17): [ldap_child[5610]] [become_user] (0x0200): Trying to become user [0][0]. 14972:(2021-11-07 17:28:17): [ldap_child[5610]] [become_user] (0x0200): Already user [0]. 14973:(2021-11-07 17:28:17): [ldap_child[5610]] [main] (0x2000): Running as [0][0]. 14974:(2021-11-07 17:28:17): [ldap_child[5610]] [main] (0x2000): getting TGT sync 14975:(2021-11-07 17:28:17): [ldap_child[5610]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 14976:(2021-11-07 17:28:17): [ldap_child[5610]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 14977:(2021-11-07 17:28:17): [ldap_child[5610]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 14978:(2021-11-07 17:28:17): [ldap_child[5610]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 14979:(2021-11-07 17:28:17): [ldap_child[5610]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 14980:(2021-11-07 17:28:17): [ldap_child[5610]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 14981:(2021-11-07 17:28:17): [ldap_child[5610]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_ircbkL] 14982:(2021-11-07 17:28:17): [ldap_child[5610]] [main] (0x0020): ldap_child_get_tgt_sync failed. 14983:(2021-11-07 17:28:17): [ldap_child[5610]] [prepare_response] (0x0400): Building response for result [-1765328378] 14984:(2021-11-07 17:28:17): [ldap_child[5610]] [pack_buffer] (0x2000): response size: 109 14985:(2021-11-07 17:28:17): [ldap_child[5610]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 14986:(2021-11-07 17:28:17): [ldap_child[5610]] [main] (0x0400): ldap_child completed successfully 14987:(2021-11-07 17:28:18): [ldap_child[5611]] [main] (0x0400): ldap_child started. 14988:(2021-11-07 17:28:18): [ldap_child[5611]] [main] (0x2000): context initialized 14989:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): total buffer size: 88 14990:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): realm_str size: 17 14991:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 14992:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): princ_str size: 31 14993:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 14994:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): keytab_name size: 16 14995:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 14996:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x1000): lifetime: 86400 14997:(2021-11-07 17:28:18): [ldap_child[5611]] [unpack_buffer] (0x0200): Will run as [0][0]. 14998:(2021-11-07 17:28:18): [ldap_child[5611]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 14999:(2021-11-07 17:28:18): [ldap_child[5611]] [main] (0x2000): Kerberos context initialized 15000:(2021-11-07 17:28:18): [ldap_child[5611]] [become_user] (0x0200): Trying to become user [0][0]. 15001:(2021-11-07 17:28:18): [ldap_child[5611]] [become_user] (0x0200): Already user [0]. 15002:(2021-11-07 17:28:18): [ldap_child[5611]] [main] (0x2000): Running as [0][0]. 15003:(2021-11-07 17:28:18): [ldap_child[5611]] [main] (0x2000): getting TGT sync 15004:(2021-11-07 17:28:18): [ldap_child[5611]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15005:(2021-11-07 17:28:18): [ldap_child[5611]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15006:(2021-11-07 17:28:18): [ldap_child[5611]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15007:(2021-11-07 17:28:18): [ldap_child[5611]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15008:(2021-11-07 17:28:18): [ldap_child[5611]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15009:(2021-11-07 17:28:18): [ldap_child[5611]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15010:(2021-11-07 17:28:18): [ldap_child[5611]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_j9mCoJ] 15011:(2021-11-07 17:28:18): [ldap_child[5611]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15012:(2021-11-07 17:28:18): [ldap_child[5611]] [prepare_response] (0x0400): Building response for result [-1765328378] 15013:(2021-11-07 17:28:18): [ldap_child[5611]] [pack_buffer] (0x2000): response size: 109 15014:(2021-11-07 17:28:18): [ldap_child[5611]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15015:(2021-11-07 17:28:18): [ldap_child[5611]] [main] (0x0400): ldap_child completed successfully 15016:(2021-11-07 17:28:19): [ldap_child[5614]] [main] (0x0400): ldap_child started. 15017:(2021-11-07 17:28:19): [ldap_child[5614]] [main] (0x2000): context initialized 15018:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): total buffer size: 88 15019:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): realm_str size: 17 15020:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15021:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): princ_str size: 31 15022:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15023:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): keytab_name size: 16 15024:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15025:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x1000): lifetime: 86400 15026:(2021-11-07 17:28:19): [ldap_child[5614]] [unpack_buffer] (0x0200): Will run as [0][0]. 15027:(2021-11-07 17:28:19): [ldap_child[5614]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15028:(2021-11-07 17:28:19): [ldap_child[5614]] [main] (0x2000): Kerberos context initialized 15029:(2021-11-07 17:28:19): [ldap_child[5614]] [become_user] (0x0200): Trying to become user [0][0]. 15030:(2021-11-07 17:28:19): [ldap_child[5614]] [become_user] (0x0200): Already user [0]. 15031:(2021-11-07 17:28:19): [ldap_child[5614]] [main] (0x2000): Running as [0][0]. 15032:(2021-11-07 17:28:19): [ldap_child[5614]] [main] (0x2000): getting TGT sync 15033:(2021-11-07 17:28:19): [ldap_child[5614]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15034:(2021-11-07 17:28:19): [ldap_child[5614]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15035:(2021-11-07 17:28:19): [ldap_child[5614]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15036:(2021-11-07 17:28:19): [ldap_child[5614]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15037:(2021-11-07 17:28:19): [ldap_child[5614]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15038:(2021-11-07 17:28:19): [ldap_child[5614]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15039:(2021-11-07 17:28:19): [ldap_child[5614]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_vj74Hv] 15040:(2021-11-07 17:28:19): [ldap_child[5614]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15041:(2021-11-07 17:28:19): [ldap_child[5614]] [prepare_response] (0x0400): Building response for result [-1765328378] 15042:(2021-11-07 17:28:19): [ldap_child[5614]] [pack_buffer] (0x2000): response size: 109 15043:(2021-11-07 17:28:19): [ldap_child[5614]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15044:(2021-11-07 17:28:19): [ldap_child[5614]] [main] (0x0400): ldap_child completed successfully 15045:(2021-11-07 17:28:20): [ldap_child[5615]] [main] (0x0400): ldap_child started. 15046:(2021-11-07 17:28:20): [ldap_child[5615]] [main] (0x2000): context initialized 15047:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): total buffer size: 88 15048:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): realm_str size: 17 15049:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15050:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): princ_str size: 31 15051:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15052:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): keytab_name size: 16 15053:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15054:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x1000): lifetime: 86400 15055:(2021-11-07 17:28:20): [ldap_child[5615]] [unpack_buffer] (0x0200): Will run as [0][0]. 15056:(2021-11-07 17:28:20): [ldap_child[5615]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15057:(2021-11-07 17:28:20): [ldap_child[5615]] [main] (0x2000): Kerberos context initialized 15058:(2021-11-07 17:28:20): [ldap_child[5615]] [become_user] (0x0200): Trying to become user [0][0]. 15059:(2021-11-07 17:28:20): [ldap_child[5615]] [become_user] (0x0200): Already user [0]. 15060:(2021-11-07 17:28:20): [ldap_child[5615]] [main] (0x2000): Running as [0][0]. 15061:(2021-11-07 17:28:20): [ldap_child[5615]] [main] (0x2000): getting TGT sync 15062:(2021-11-07 17:28:20): [ldap_child[5615]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15063:(2021-11-07 17:28:20): [ldap_child[5615]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15064:(2021-11-07 17:28:20): [ldap_child[5615]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15065:(2021-11-07 17:28:20): [ldap_child[5615]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15066:(2021-11-07 17:28:20): [ldap_child[5615]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15067:(2021-11-07 17:28:20): [ldap_child[5615]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15068:(2021-11-07 17:28:20): [ldap_child[5615]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_9ZGwXt] 15069:(2021-11-07 17:28:20): [ldap_child[5615]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15070:(2021-11-07 17:28:20): [ldap_child[5615]] [prepare_response] (0x0400): Building response for result [-1765328378] 15071:(2021-11-07 17:28:20): [ldap_child[5615]] [pack_buffer] (0x2000): response size: 109 15072:(2021-11-07 17:28:20): [ldap_child[5615]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15073:(2021-11-07 17:28:20): [ldap_child[5615]] [main] (0x0400): ldap_child completed successfully 15074:(2021-11-07 17:28:22): [ldap_child[5616]] [main] (0x0400): ldap_child started. 15075:(2021-11-07 17:28:22): [ldap_child[5616]] [main] (0x2000): context initialized 15076:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): total buffer size: 88 15077:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): realm_str size: 17 15078:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15079:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): princ_str size: 31 15080:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15081:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): keytab_name size: 16 15082:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15083:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x1000): lifetime: 86400 15084:(2021-11-07 17:28:22): [ldap_child[5616]] [unpack_buffer] (0x0200): Will run as [0][0]. 15085:(2021-11-07 17:28:22): [ldap_child[5616]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15086:(2021-11-07 17:28:22): [ldap_child[5616]] [main] (0x2000): Kerberos context initialized 15087:(2021-11-07 17:28:22): [ldap_child[5616]] [become_user] (0x0200): Trying to become user [0][0]. 15088:(2021-11-07 17:28:22): [ldap_child[5616]] [become_user] (0x0200): Already user [0]. 15089:(2021-11-07 17:28:22): [ldap_child[5616]] [main] (0x2000): Running as [0][0]. 15090:(2021-11-07 17:28:22): [ldap_child[5616]] [main] (0x2000): getting TGT sync 15091:(2021-11-07 17:28:22): [ldap_child[5616]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15092:(2021-11-07 17:28:22): [ldap_child[5616]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15093:(2021-11-07 17:28:22): [ldap_child[5616]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15094:(2021-11-07 17:28:22): [ldap_child[5616]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15095:(2021-11-07 17:28:22): [ldap_child[5616]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15096:(2021-11-07 17:28:22): [ldap_child[5616]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15097:(2021-11-07 17:28:22): [ldap_child[5616]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_yUOnoR] 15098:(2021-11-07 17:28:22): [ldap_child[5616]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15099:(2021-11-07 17:28:22): [ldap_child[5616]] [prepare_response] (0x0400): Building response for result [-1765328378] 15100:(2021-11-07 17:28:22): [ldap_child[5616]] [pack_buffer] (0x2000): response size: 109 15101:(2021-11-07 17:28:22): [ldap_child[5616]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15102:(2021-11-07 17:28:22): [ldap_child[5616]] [main] (0x0400): ldap_child completed successfully 15103:(2021-11-07 17:28:23): [ldap_child[5618]] [main] (0x0400): ldap_child started. 15104:(2021-11-07 17:28:23): [ldap_child[5618]] [main] (0x2000): context initialized 15105:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): total buffer size: 88 15106:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): realm_str size: 17 15107:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15108:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): princ_str size: 31 15109:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15110:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): keytab_name size: 16 15111:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15112:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x1000): lifetime: 86400 15113:(2021-11-07 17:28:23): [ldap_child[5618]] [unpack_buffer] (0x0200): Will run as [0][0]. 15114:(2021-11-07 17:28:23): [ldap_child[5618]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15115:(2021-11-07 17:28:23): [ldap_child[5618]] [main] (0x2000): Kerberos context initialized 15116:(2021-11-07 17:28:23): [ldap_child[5618]] [become_user] (0x0200): Trying to become user [0][0]. 15117:(2021-11-07 17:28:23): [ldap_child[5618]] [become_user] (0x0200): Already user [0]. 15118:(2021-11-07 17:28:23): [ldap_child[5618]] [main] (0x2000): Running as [0][0]. 15119:(2021-11-07 17:28:23): [ldap_child[5618]] [main] (0x2000): getting TGT sync 15120:(2021-11-07 17:28:23): [ldap_child[5618]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15121:(2021-11-07 17:28:23): [ldap_child[5618]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15122:(2021-11-07 17:28:23): [ldap_child[5618]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15123:(2021-11-07 17:28:23): [ldap_child[5618]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15124:(2021-11-07 17:28:23): [ldap_child[5618]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15125:(2021-11-07 17:28:23): [ldap_child[5618]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15126:(2021-11-07 17:28:23): [ldap_child[5618]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_bQXSGp] 15127:(2021-11-07 17:28:23): [ldap_child[5618]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15128:(2021-11-07 17:28:23): [ldap_child[5618]] [prepare_response] (0x0400): Building response for result [-1765328378] 15129:(2021-11-07 17:28:23): [ldap_child[5618]] [pack_buffer] (0x2000): response size: 109 15130:(2021-11-07 17:28:23): [ldap_child[5618]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15131:(2021-11-07 17:28:23): [ldap_child[5618]] [main] (0x0400): ldap_child completed successfully 15132:(2021-11-07 17:28:25): [ldap_child[5621]] [main] (0x0400): ldap_child started. 15133:(2021-11-07 17:28:25): [ldap_child[5621]] [main] (0x2000): context initialized 15134:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): total buffer size: 88 15135:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): realm_str size: 17 15136:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15137:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): princ_str size: 31 15138:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15139:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): keytab_name size: 16 15140:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15141:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x1000): lifetime: 86400 15142:(2021-11-07 17:28:25): [ldap_child[5621]] [unpack_buffer] (0x0200): Will run as [0][0]. 15143:(2021-11-07 17:28:25): [ldap_child[5621]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15144:(2021-11-07 17:28:25): [ldap_child[5621]] [main] (0x2000): Kerberos context initialized 15145:(2021-11-07 17:28:25): [ldap_child[5621]] [become_user] (0x0200): Trying to become user [0][0]. 15146:(2021-11-07 17:28:25): [ldap_child[5621]] [become_user] (0x0200): Already user [0]. 15147:(2021-11-07 17:28:25): [ldap_child[5621]] [main] (0x2000): Running as [0][0]. 15148:(2021-11-07 17:28:25): [ldap_child[5621]] [main] (0x2000): getting TGT sync 15149:(2021-11-07 17:28:25): [ldap_child[5621]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15150:(2021-11-07 17:28:25): [ldap_child[5621]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15151:(2021-11-07 17:28:25): [ldap_child[5621]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15152:(2021-11-07 17:28:25): [ldap_child[5621]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15153:(2021-11-07 17:28:25): [ldap_child[5621]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15154:(2021-11-07 17:28:25): [ldap_child[5621]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15155:(2021-11-07 17:28:25): [ldap_child[5621]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_ySLAuH] 15156:(2021-11-07 17:28:25): [ldap_child[5621]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15157:(2021-11-07 17:28:25): [ldap_child[5621]] [prepare_response] (0x0400): Building response for result [-1765328378] 15158:(2021-11-07 17:28:25): [ldap_child[5621]] [pack_buffer] (0x2000): response size: 109 15159:(2021-11-07 17:28:25): [ldap_child[5621]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15160:(2021-11-07 17:28:25): [ldap_child[5621]] [main] (0x0400): ldap_child completed successfully 15161:(2021-11-07 17:28:26): [ldap_child[5626]] [main] (0x0400): ldap_child started. 15162:(2021-11-07 17:28:26): [ldap_child[5626]] [main] (0x2000): context initialized 15163:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): total buffer size: 88 15164:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): realm_str size: 17 15165:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15166:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): princ_str size: 31 15167:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15168:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): keytab_name size: 16 15169:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15170:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x1000): lifetime: 86400 15171:(2021-11-07 17:28:26): [ldap_child[5626]] [unpack_buffer] (0x0200): Will run as [0][0]. 15172:(2021-11-07 17:28:26): [ldap_child[5626]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15173:(2021-11-07 17:28:26): [ldap_child[5626]] [main] (0x2000): Kerberos context initialized 15174:(2021-11-07 17:28:26): [ldap_child[5626]] [become_user] (0x0200): Trying to become user [0][0]. 15175:(2021-11-07 17:28:26): [ldap_child[5626]] [become_user] (0x0200): Already user [0]. 15176:(2021-11-07 17:28:26): [ldap_child[5626]] [main] (0x2000): Running as [0][0]. 15177:(2021-11-07 17:28:26): [ldap_child[5626]] [main] (0x2000): getting TGT sync 15178:(2021-11-07 17:28:26): [ldap_child[5626]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15179:(2021-11-07 17:28:26): [ldap_child[5626]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15180:(2021-11-07 17:28:26): [ldap_child[5626]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15181:(2021-11-07 17:28:26): [ldap_child[5626]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15182:(2021-11-07 17:28:27): [ldap_child[5626]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15183:(2021-11-07 17:28:27): [ldap_child[5626]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15184:(2021-11-07 17:28:27): [ldap_child[5626]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_4TDwkK] 15185:(2021-11-07 17:28:27): [ldap_child[5626]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15186:(2021-11-07 17:28:27): [ldap_child[5626]] [prepare_response] (0x0400): Building response for result [-1765328378] 15187:(2021-11-07 17:28:27): [ldap_child[5626]] [pack_buffer] (0x2000): response size: 109 15188:(2021-11-07 17:28:27): [ldap_child[5626]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15189:(2021-11-07 17:28:27): [ldap_child[5626]] [main] (0x0400): ldap_child completed successfully 15190:(2021-11-07 17:28:28): [ldap_child[5627]] [main] (0x0400): ldap_child started. 15191:(2021-11-07 17:28:28): [ldap_child[5627]] [main] (0x2000): context initialized 15192:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): total buffer size: 88 15193:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): realm_str size: 17 15194:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15195:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): princ_str size: 31 15196:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15197:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): keytab_name size: 16 15198:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15199:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x1000): lifetime: 86400 15200:(2021-11-07 17:28:28): [ldap_child[5627]] [unpack_buffer] (0x0200): Will run as [0][0]. 15201:(2021-11-07 17:28:28): [ldap_child[5627]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15202:(2021-11-07 17:28:28): [ldap_child[5627]] [main] (0x2000): Kerberos context initialized 15203:(2021-11-07 17:28:28): [ldap_child[5627]] [become_user] (0x0200): Trying to become user [0][0]. 15204:(2021-11-07 17:28:28): [ldap_child[5627]] [become_user] (0x0200): Already user [0]. 15205:(2021-11-07 17:28:28): [ldap_child[5627]] [main] (0x2000): Running as [0][0]. 15206:(2021-11-07 17:28:28): [ldap_child[5627]] [main] (0x2000): getting TGT sync 15207:(2021-11-07 17:28:28): [ldap_child[5627]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15208:(2021-11-07 17:28:28): [ldap_child[5627]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15209:(2021-11-07 17:28:28): [ldap_child[5627]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15210:(2021-11-07 17:28:28): [ldap_child[5627]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15211:(2021-11-07 17:28:28): [ldap_child[5627]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15212:(2021-11-07 17:28:28): [ldap_child[5627]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15213:(2021-11-07 17:28:28): [ldap_child[5627]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_sR9lJG] 15214:(2021-11-07 17:28:28): [ldap_child[5627]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15215:(2021-11-07 17:28:28): [ldap_child[5627]] [prepare_response] (0x0400): Building response for result [-1765328378] 15216:(2021-11-07 17:28:28): [ldap_child[5627]] [pack_buffer] (0x2000): response size: 109 15217:(2021-11-07 17:28:28): [ldap_child[5627]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15218:(2021-11-07 17:28:28): [ldap_child[5627]] [main] (0x0400): ldap_child completed successfully 15219:(2021-11-07 17:28:29): [ldap_child[5638]] [main] (0x0400): ldap_child started. 15220:(2021-11-07 17:28:29): [ldap_child[5638]] [main] (0x2000): context initialized 15221:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): total buffer size: 88 15222:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): realm_str size: 17 15223:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15224:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): princ_str size: 31 15225:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15226:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): keytab_name size: 16 15227:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15228:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x1000): lifetime: 86400 15229:(2021-11-07 17:28:29): [ldap_child[5638]] [unpack_buffer] (0x0200): Will run as [0][0]. 15230:(2021-11-07 17:28:29): [ldap_child[5638]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15231:(2021-11-07 17:28:29): [ldap_child[5638]] [main] (0x2000): Kerberos context initialized 15232:(2021-11-07 17:28:29): [ldap_child[5638]] [become_user] (0x0200): Trying to become user [0][0]. 15233:(2021-11-07 17:28:29): [ldap_child[5638]] [become_user] (0x0200): Already user [0]. 15234:(2021-11-07 17:28:29): [ldap_child[5638]] [main] (0x2000): Running as [0][0]. 15235:(2021-11-07 17:28:29): [ldap_child[5638]] [main] (0x2000): getting TGT sync 15236:(2021-11-07 17:28:29): [ldap_child[5638]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15237:(2021-11-07 17:28:29): [ldap_child[5638]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15238:(2021-11-07 17:28:29): [ldap_child[5638]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15239:(2021-11-07 17:28:29): [ldap_child[5638]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15240:(2021-11-07 17:28:29): [ldap_child[5638]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15241:(2021-11-07 17:28:29): [ldap_child[5638]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15242:(2021-11-07 17:28:29): [ldap_child[5638]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_XcNnKu] 15243:(2021-11-07 17:28:29): [ldap_child[5638]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15244:(2021-11-07 17:28:29): [ldap_child[5638]] [prepare_response] (0x0400): Building response for result [-1765328378] 15245:(2021-11-07 17:28:29): [ldap_child[5638]] [pack_buffer] (0x2000): response size: 109 15246:(2021-11-07 17:28:29): [ldap_child[5638]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15247:(2021-11-07 17:28:29): [ldap_child[5638]] [main] (0x0400): ldap_child completed successfully 15248:(2021-11-07 17:28:30): [ldap_child[5639]] [main] (0x0400): ldap_child started. 15249:(2021-11-07 17:28:30): [ldap_child[5639]] [main] (0x2000): context initialized 15250:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): total buffer size: 88 15251:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): realm_str size: 17 15252:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15253:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): princ_str size: 31 15254:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15255:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): keytab_name size: 16 15256:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15257:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x1000): lifetime: 86400 15258:(2021-11-07 17:28:30): [ldap_child[5639]] [unpack_buffer] (0x0200): Will run as [0][0]. 15259:(2021-11-07 17:28:30): [ldap_child[5639]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15260:(2021-11-07 17:28:30): [ldap_child[5639]] [main] (0x2000): Kerberos context initialized 15261:(2021-11-07 17:28:30): [ldap_child[5639]] [become_user] (0x0200): Trying to become user [0][0]. 15262:(2021-11-07 17:28:30): [ldap_child[5639]] [become_user] (0x0200): Already user [0]. 15263:(2021-11-07 17:28:30): [ldap_child[5639]] [main] (0x2000): Running as [0][0]. 15264:(2021-11-07 17:28:30): [ldap_child[5639]] [main] (0x2000): getting TGT sync 15265:(2021-11-07 17:28:30): [ldap_child[5639]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15266:(2021-11-07 17:28:30): [ldap_child[5639]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15267:(2021-11-07 17:28:30): [ldap_child[5639]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15268:(2021-11-07 17:28:30): [ldap_child[5639]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15269:(2021-11-07 17:28:31): [ldap_child[5639]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15270:(2021-11-07 17:28:31): [ldap_child[5639]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15271:(2021-11-07 17:28:31): [ldap_child[5639]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_drTQQY] 15272:(2021-11-07 17:28:31): [ldap_child[5639]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15273:(2021-11-07 17:28:31): [ldap_child[5639]] [prepare_response] (0x0400): Building response for result [-1765328378] 15274:(2021-11-07 17:28:31): [ldap_child[5639]] [pack_buffer] (0x2000): response size: 109 15275:(2021-11-07 17:28:31): [ldap_child[5639]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15276:(2021-11-07 17:28:31): [ldap_child[5639]] [main] (0x0400): ldap_child completed successfully 15277:(2021-11-07 17:28:32): [ldap_child[5640]] [main] (0x0400): ldap_child started. 15278:(2021-11-07 17:28:32): [ldap_child[5640]] [main] (0x2000): context initialized 15279:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): total buffer size: 88 15280:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): realm_str size: 17 15281:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15282:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): princ_str size: 31 15283:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15284:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): keytab_name size: 16 15285:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15286:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x1000): lifetime: 86400 15287:(2021-11-07 17:28:32): [ldap_child[5640]] [unpack_buffer] (0x0200): Will run as [0][0]. 15288:(2021-11-07 17:28:32): [ldap_child[5640]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15289:(2021-11-07 17:28:32): [ldap_child[5640]] [main] (0x2000): Kerberos context initialized 15290:(2021-11-07 17:28:32): [ldap_child[5640]] [become_user] (0x0200): Trying to become user [0][0]. 15291:(2021-11-07 17:28:32): [ldap_child[5640]] [become_user] (0x0200): Already user [0]. 15292:(2021-11-07 17:28:32): [ldap_child[5640]] [main] (0x2000): Running as [0][0]. 15293:(2021-11-07 17:28:32): [ldap_child[5640]] [main] (0x2000): getting TGT sync 15294:(2021-11-07 17:28:32): [ldap_child[5640]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15295:(2021-11-07 17:28:32): [ldap_child[5640]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15296:(2021-11-07 17:28:32): [ldap_child[5640]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15297:(2021-11-07 17:28:32): [ldap_child[5640]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15298:(2021-11-07 17:28:32): [ldap_child[5640]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15299:(2021-11-07 17:28:32): [ldap_child[5640]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15300:(2021-11-07 17:28:32): [ldap_child[5640]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_OQ1iQY] 15301:(2021-11-07 17:28:32): [ldap_child[5640]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15302:(2021-11-07 17:28:32): [ldap_child[5640]] [prepare_response] (0x0400): Building response for result [-1765328378] 15303:(2021-11-07 17:28:32): [ldap_child[5640]] [pack_buffer] (0x2000): response size: 109 15304:(2021-11-07 17:28:32): [ldap_child[5640]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15305:(2021-11-07 17:28:32): [ldap_child[5640]] [main] (0x0400): ldap_child completed successfully 15306:(2021-11-07 17:28:34): [ldap_child[5643]] [main] (0x0400): ldap_child started. 15307:(2021-11-07 17:28:34): [ldap_child[5643]] [main] (0x2000): context initialized 15308:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): total buffer size: 88 15309:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): realm_str size: 17 15310:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15311:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): princ_str size: 31 15312:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15313:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): keytab_name size: 16 15314:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15315:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x1000): lifetime: 86400 15316:(2021-11-07 17:28:34): [ldap_child[5643]] [unpack_buffer] (0x0200): Will run as [0][0]. 15317:(2021-11-07 17:28:34): [ldap_child[5643]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15318:(2021-11-07 17:28:34): [ldap_child[5643]] [main] (0x2000): Kerberos context initialized 15319:(2021-11-07 17:28:34): [ldap_child[5643]] [become_user] (0x0200): Trying to become user [0][0]. 15320:(2021-11-07 17:28:34): [ldap_child[5643]] [become_user] (0x0200): Already user [0]. 15321:(2021-11-07 17:28:34): [ldap_child[5643]] [main] (0x2000): Running as [0][0]. 15322:(2021-11-07 17:28:34): [ldap_child[5643]] [main] (0x2000): getting TGT sync 15323:(2021-11-07 17:28:34): [ldap_child[5643]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15324:(2021-11-07 17:28:34): [ldap_child[5643]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15325:(2021-11-07 17:28:34): [ldap_child[5643]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15326:(2021-11-07 17:28:34): [ldap_child[5643]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15327:(2021-11-07 17:28:34): [ldap_child[5643]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15328:(2021-11-07 17:28:34): [ldap_child[5643]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15329:(2021-11-07 17:28:34): [ldap_child[5643]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_jKRnme] 15330:(2021-11-07 17:28:34): [ldap_child[5643]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15331:(2021-11-07 17:28:34): [ldap_child[5643]] [prepare_response] (0x0400): Building response for result [-1765328378] 15332:(2021-11-07 17:28:34): [ldap_child[5643]] [pack_buffer] (0x2000): response size: 109 15333:(2021-11-07 17:28:34): [ldap_child[5643]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15334:(2021-11-07 17:28:34): [ldap_child[5643]] [main] (0x0400): ldap_child completed successfully 15335:(2021-11-07 17:28:35): [ldap_child[5644]] [main] (0x0400): ldap_child started. 15336:(2021-11-07 17:28:35): [ldap_child[5644]] [main] (0x2000): context initialized 15337:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): total buffer size: 88 15338:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): realm_str size: 17 15339:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15340:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): princ_str size: 31 15341:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15342:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): keytab_name size: 16 15343:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15344:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x1000): lifetime: 86400 15345:(2021-11-07 17:28:35): [ldap_child[5644]] [unpack_buffer] (0x0200): Will run as [0][0]. 15346:(2021-11-07 17:28:35): [ldap_child[5644]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15347:(2021-11-07 17:28:35): [ldap_child[5644]] [main] (0x2000): Kerberos context initialized 15348:(2021-11-07 17:28:35): [ldap_child[5644]] [become_user] (0x0200): Trying to become user [0][0]. 15349:(2021-11-07 17:28:35): [ldap_child[5644]] [become_user] (0x0200): Already user [0]. 15350:(2021-11-07 17:28:35): [ldap_child[5644]] [main] (0x2000): Running as [0][0]. 15351:(2021-11-07 17:28:35): [ldap_child[5644]] [main] (0x2000): getting TGT sync 15352:(2021-11-07 17:28:35): [ldap_child[5644]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15353:(2021-11-07 17:28:35): [ldap_child[5644]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15354:(2021-11-07 17:28:35): [ldap_child[5644]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15355:(2021-11-07 17:28:35): [ldap_child[5644]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15356:(2021-11-07 17:28:35): [ldap_child[5644]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15357:(2021-11-07 17:28:35): [ldap_child[5644]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15358:(2021-11-07 17:28:35): [ldap_child[5644]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_YdULGa] 15359:(2021-11-07 17:28:35): [ldap_child[5644]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15360:(2021-11-07 17:28:35): [ldap_child[5644]] [prepare_response] (0x0400): Building response for result [-1765328378] 15361:(2021-11-07 17:28:35): [ldap_child[5644]] [pack_buffer] (0x2000): response size: 109 15362:(2021-11-07 17:28:35): [ldap_child[5644]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15363:(2021-11-07 17:28:35): [ldap_child[5644]] [main] (0x0400): ldap_child completed successfully 15364:(2021-11-07 17:28:36): [ldap_child[5648]] [main] (0x0400): ldap_child started. 15365:(2021-11-07 17:28:36): [ldap_child[5648]] [main] (0x2000): context initialized 15366:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): total buffer size: 88 15367:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): realm_str size: 17 15368:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15369:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): princ_str size: 31 15370:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15371:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): keytab_name size: 16 15372:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15373:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x1000): lifetime: 86400 15374:(2021-11-07 17:28:36): [ldap_child[5648]] [unpack_buffer] (0x0200): Will run as [0][0]. 15375:(2021-11-07 17:28:36): [ldap_child[5648]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15376:(2021-11-07 17:28:36): [ldap_child[5648]] [main] (0x2000): Kerberos context initialized 15377:(2021-11-07 17:28:36): [ldap_child[5648]] [become_user] (0x0200): Trying to become user [0][0]. 15378:(2021-11-07 17:28:36): [ldap_child[5648]] [become_user] (0x0200): Already user [0]. 15379:(2021-11-07 17:28:36): [ldap_child[5648]] [main] (0x2000): Running as [0][0]. 15380:(2021-11-07 17:28:36): [ldap_child[5648]] [main] (0x2000): getting TGT sync 15381:(2021-11-07 17:28:36): [ldap_child[5648]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15382:(2021-11-07 17:28:36): [ldap_child[5648]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15383:(2021-11-07 17:28:36): [ldap_child[5648]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15384:(2021-11-07 17:28:36): [ldap_child[5648]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15385:(2021-11-07 17:28:36): [ldap_child[5648]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15386:(2021-11-07 17:28:36): [ldap_child[5648]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15387:(2021-11-07 17:28:36): [ldap_child[5648]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_48Bnig] 15388:(2021-11-07 17:28:36): [ldap_child[5648]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15389:(2021-11-07 17:28:36): [ldap_child[5648]] [prepare_response] (0x0400): Building response for result [-1765328378] 15390:(2021-11-07 17:28:36): [ldap_child[5648]] [pack_buffer] (0x2000): response size: 109 15391:(2021-11-07 17:28:36): [ldap_child[5648]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15392:(2021-11-07 17:28:36): [ldap_child[5648]] [main] (0x0400): ldap_child completed successfully 15393:(2021-11-07 17:28:37): [ldap_child[5649]] [main] (0x0400): ldap_child started. 15394:(2021-11-07 17:28:37): [ldap_child[5649]] [main] (0x2000): context initialized 15395:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): total buffer size: 88 15396:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): realm_str size: 17 15397:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15398:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): princ_str size: 31 15399:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15400:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): keytab_name size: 16 15401:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15402:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x1000): lifetime: 86400 15403:(2021-11-07 17:28:37): [ldap_child[5649]] [unpack_buffer] (0x0200): Will run as [0][0]. 15404:(2021-11-07 17:28:37): [ldap_child[5649]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15405:(2021-11-07 17:28:37): [ldap_child[5649]] [main] (0x2000): Kerberos context initialized 15406:(2021-11-07 17:28:37): [ldap_child[5649]] [become_user] (0x0200): Trying to become user [0][0]. 15407:(2021-11-07 17:28:37): [ldap_child[5649]] [become_user] (0x0200): Already user [0]. 15408:(2021-11-07 17:28:37): [ldap_child[5649]] [main] (0x2000): Running as [0][0]. 15409:(2021-11-07 17:28:37): [ldap_child[5649]] [main] (0x2000): getting TGT sync 15410:(2021-11-07 17:28:37): [ldap_child[5649]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15411:(2021-11-07 17:28:37): [ldap_child[5649]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15412:(2021-11-07 17:28:37): [ldap_child[5649]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15413:(2021-11-07 17:28:37): [ldap_child[5649]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15414:(2021-11-07 17:28:37): [ldap_child[5649]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15415:(2021-11-07 17:28:37): [ldap_child[5649]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15416:(2021-11-07 17:28:37): [ldap_child[5649]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_ySTfev] 15417:(2021-11-07 17:28:37): [ldap_child[5649]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15418:(2021-11-07 17:28:37): [ldap_child[5649]] [prepare_response] (0x0400): Building response for result [-1765328378] 15419:(2021-11-07 17:28:37): [ldap_child[5649]] [pack_buffer] (0x2000): response size: 109 15420:(2021-11-07 17:28:37): [ldap_child[5649]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15421:(2021-11-07 17:28:37): [ldap_child[5649]] [main] (0x0400): ldap_child completed successfully 15422:(2021-11-07 17:28:38): [ldap_child[5650]] [main] (0x0400): ldap_child started. 15423:(2021-11-07 17:28:38): [ldap_child[5650]] [main] (0x2000): context initialized 15424:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): total buffer size: 88 15425:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): realm_str size: 17 15426:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15427:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): princ_str size: 31 15428:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15429:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): keytab_name size: 16 15430:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15431:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x1000): lifetime: 86400 15432:(2021-11-07 17:28:38): [ldap_child[5650]] [unpack_buffer] (0x0200): Will run as [0][0]. 15433:(2021-11-07 17:28:38): [ldap_child[5650]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15434:(2021-11-07 17:28:38): [ldap_child[5650]] [main] (0x2000): Kerberos context initialized 15435:(2021-11-07 17:28:38): [ldap_child[5650]] [become_user] (0x0200): Trying to become user [0][0]. 15436:(2021-11-07 17:28:38): [ldap_child[5650]] [become_user] (0x0200): Already user [0]. 15437:(2021-11-07 17:28:38): [ldap_child[5650]] [main] (0x2000): Running as [0][0]. 15438:(2021-11-07 17:28:38): [ldap_child[5650]] [main] (0x2000): getting TGT sync 15439:(2021-11-07 17:28:38): [ldap_child[5650]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15440:(2021-11-07 17:28:38): [ldap_child[5650]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15441:(2021-11-07 17:28:38): [ldap_child[5650]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15442:(2021-11-07 17:28:38): [ldap_child[5650]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15443:(2021-11-07 17:28:38): [ldap_child[5650]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15444:(2021-11-07 17:28:38): [ldap_child[5650]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15445:(2021-11-07 17:28:38): [ldap_child[5650]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_1mg30P] 15446:(2021-11-07 17:28:38): [ldap_child[5650]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15447:(2021-11-07 17:28:38): [ldap_child[5650]] [prepare_response] (0x0400): Building response for result [-1765328378] 15448:(2021-11-07 17:28:38): [ldap_child[5650]] [pack_buffer] (0x2000): response size: 109 15449:(2021-11-07 17:28:38): [ldap_child[5650]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15450:(2021-11-07 17:28:38): [ldap_child[5650]] [main] (0x0400): ldap_child completed successfully 15451:(2021-11-07 17:28:39): [ldap_child[5653]] [main] (0x0400): ldap_child started. 15452:(2021-11-07 17:28:39): [ldap_child[5653]] [main] (0x2000): context initialized 15453:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): total buffer size: 88 15454:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): realm_str size: 17 15455:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15456:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): princ_str size: 31 15457:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15458:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): keytab_name size: 16 15459:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15460:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x1000): lifetime: 86400 15461:(2021-11-07 17:28:39): [ldap_child[5653]] [unpack_buffer] (0x0200): Will run as [0][0]. 15462:(2021-11-07 17:28:39): [ldap_child[5653]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15463:(2021-11-07 17:28:39): [ldap_child[5653]] [main] (0x2000): Kerberos context initialized 15464:(2021-11-07 17:28:39): [ldap_child[5653]] [become_user] (0x0200): Trying to become user [0][0]. 15465:(2021-11-07 17:28:39): [ldap_child[5653]] [become_user] (0x0200): Already user [0]. 15466:(2021-11-07 17:28:39): [ldap_child[5653]] [main] (0x2000): Running as [0][0]. 15467:(2021-11-07 17:28:39): [ldap_child[5653]] [main] (0x2000): getting TGT sync 15468:(2021-11-07 17:28:39): [ldap_child[5653]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15469:(2021-11-07 17:28:39): [ldap_child[5653]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15470:(2021-11-07 17:28:39): [ldap_child[5653]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15471:(2021-11-07 17:28:39): [ldap_child[5653]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15472:(2021-11-07 17:28:39): [ldap_child[5653]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15473:(2021-11-07 17:28:39): [ldap_child[5653]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15474:(2021-11-07 17:28:39): [ldap_child[5653]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_hYdOVL] 15475:(2021-11-07 17:28:39): [ldap_child[5653]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15476:(2021-11-07 17:28:39): [ldap_child[5653]] [prepare_response] (0x0400): Building response for result [-1765328378] 15477:(2021-11-07 17:28:39): [ldap_child[5653]] [pack_buffer] (0x2000): response size: 109 15478:(2021-11-07 17:28:39): [ldap_child[5653]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15479:(2021-11-07 17:28:39): [ldap_child[5653]] [main] (0x0400): ldap_child completed successfully 15480:(2021-11-07 17:28:40): [ldap_child[5654]] [main] (0x0400): ldap_child started. 15481:(2021-11-07 17:28:40): [ldap_child[5654]] [main] (0x2000): context initialized 15482:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): total buffer size: 88 15483:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): realm_str size: 17 15484:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15485:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): princ_str size: 31 15486:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15487:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): keytab_name size: 16 15488:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15489:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x1000): lifetime: 86400 15490:(2021-11-07 17:28:40): [ldap_child[5654]] [unpack_buffer] (0x0200): Will run as [0][0]. 15491:(2021-11-07 17:28:40): [ldap_child[5654]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15492:(2021-11-07 17:28:40): [ldap_child[5654]] [main] (0x2000): Kerberos context initialized 15493:(2021-11-07 17:28:40): [ldap_child[5654]] [become_user] (0x0200): Trying to become user [0][0]. 15494:(2021-11-07 17:28:40): [ldap_child[5654]] [become_user] (0x0200): Already user [0]. 15495:(2021-11-07 17:28:40): [ldap_child[5654]] [main] (0x2000): Running as [0][0]. 15496:(2021-11-07 17:28:40): [ldap_child[5654]] [main] (0x2000): getting TGT sync 15497:(2021-11-07 17:28:40): [ldap_child[5654]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15498:(2021-11-07 17:28:40): [ldap_child[5654]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15499:(2021-11-07 17:28:40): [ldap_child[5654]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15500:(2021-11-07 17:28:40): [ldap_child[5654]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15501:(2021-11-07 17:28:40): [ldap_child[5654]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15502:(2021-11-07 17:28:40): [ldap_child[5654]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15503:(2021-11-07 17:28:40): [ldap_child[5654]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_p0lneD] 15504:(2021-11-07 17:28:40): [ldap_child[5654]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15505:(2021-11-07 17:28:40): [ldap_child[5654]] [prepare_response] (0x0400): Building response for result [-1765328378] 15506:(2021-11-07 17:28:40): [ldap_child[5654]] [pack_buffer] (0x2000): response size: 109 15507:(2021-11-07 17:28:40): [ldap_child[5654]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15508:(2021-11-07 17:28:40): [ldap_child[5654]] [main] (0x0400): ldap_child completed successfully 15509:(2021-11-07 17:28:41): [ldap_child[5655]] [main] (0x0400): ldap_child started. 15510:(2021-11-07 17:28:41): [ldap_child[5655]] [main] (0x2000): context initialized 15511:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): total buffer size: 88 15512:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): realm_str size: 17 15513:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15514:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): princ_str size: 31 15515:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15516:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): keytab_name size: 16 15517:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15518:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x1000): lifetime: 86400 15519:(2021-11-07 17:28:41): [ldap_child[5655]] [unpack_buffer] (0x0200): Will run as [0][0]. 15520:(2021-11-07 17:28:41): [ldap_child[5655]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15521:(2021-11-07 17:28:41): [ldap_child[5655]] [main] (0x2000): Kerberos context initialized 15522:(2021-11-07 17:28:41): [ldap_child[5655]] [become_user] (0x0200): Trying to become user [0][0]. 15523:(2021-11-07 17:28:41): [ldap_child[5655]] [become_user] (0x0200): Already user [0]. 15524:(2021-11-07 17:28:41): [ldap_child[5655]] [main] (0x2000): Running as [0][0]. 15525:(2021-11-07 17:28:41): [ldap_child[5655]] [main] (0x2000): getting TGT sync 15526:(2021-11-07 17:28:41): [ldap_child[5655]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15527:(2021-11-07 17:28:41): [ldap_child[5655]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15528:(2021-11-07 17:28:41): [ldap_child[5655]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15529:(2021-11-07 17:28:41): [ldap_child[5655]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15530:(2021-11-07 17:28:41): [ldap_child[5655]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15531:(2021-11-07 17:28:41): [ldap_child[5655]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15532:(2021-11-07 17:28:41): [ldap_child[5655]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_L5iwd4] 15533:(2021-11-07 17:28:41): [ldap_child[5655]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15534:(2021-11-07 17:28:41): [ldap_child[5655]] [prepare_response] (0x0400): Building response for result [-1765328378] 15535:(2021-11-07 17:28:41): [ldap_child[5655]] [pack_buffer] (0x2000): response size: 109 15536:(2021-11-07 17:28:41): [ldap_child[5655]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15537:(2021-11-07 17:28:41): [ldap_child[5655]] [main] (0x0400): ldap_child completed successfully 15538:(2021-11-07 17:28:42): [ldap_child[5656]] [main] (0x0400): ldap_child started. 15539:(2021-11-07 17:28:42): [ldap_child[5656]] [main] (0x2000): context initialized 15540:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): total buffer size: 88 15541:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): realm_str size: 17 15542:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15543:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): princ_str size: 31 15544:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15545:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): keytab_name size: 16 15546:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15547:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x1000): lifetime: 86400 15548:(2021-11-07 17:28:42): [ldap_child[5656]] [unpack_buffer] (0x0200): Will run as [0][0]. 15549:(2021-11-07 17:28:42): [ldap_child[5656]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15550:(2021-11-07 17:28:42): [ldap_child[5656]] [main] (0x2000): Kerberos context initialized 15551:(2021-11-07 17:28:42): [ldap_child[5656]] [become_user] (0x0200): Trying to become user [0][0]. 15552:(2021-11-07 17:28:42): [ldap_child[5656]] [become_user] (0x0200): Already user [0]. 15553:(2021-11-07 17:28:42): [ldap_child[5656]] [main] (0x2000): Running as [0][0]. 15554:(2021-11-07 17:28:42): [ldap_child[5656]] [main] (0x2000): getting TGT sync 15555:(2021-11-07 17:28:42): [ldap_child[5656]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15556:(2021-11-07 17:28:42): [ldap_child[5656]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15557:(2021-11-07 17:28:42): [ldap_child[5656]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15558:(2021-11-07 17:28:42): [ldap_child[5656]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15559:(2021-11-07 17:28:42): [ldap_child[5656]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15560:(2021-11-07 17:28:42): [ldap_child[5656]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15561:(2021-11-07 17:28:42): [ldap_child[5656]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_5rbJmk] 15562:(2021-11-07 17:28:42): [ldap_child[5656]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15563:(2021-11-07 17:28:42): [ldap_child[5656]] [prepare_response] (0x0400): Building response for result [-1765328378] 15564:(2021-11-07 17:28:42): [ldap_child[5656]] [pack_buffer] (0x2000): response size: 109 15565:(2021-11-07 17:28:42): [ldap_child[5656]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15566:(2021-11-07 17:28:42): [ldap_child[5656]] [main] (0x0400): ldap_child completed successfully 15567:(2021-11-07 17:28:43): [ldap_child[5659]] [main] (0x0400): ldap_child started. 15568:(2021-11-07 17:28:43): [ldap_child[5659]] [main] (0x2000): context initialized 15569:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): total buffer size: 88 15570:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): realm_str size: 17 15571:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15572:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): princ_str size: 31 15573:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15574:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): keytab_name size: 16 15575:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15576:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x1000): lifetime: 86400 15577:(2021-11-07 17:28:43): [ldap_child[5659]] [unpack_buffer] (0x0200): Will run as [0][0]. 15578:(2021-11-07 17:28:43): [ldap_child[5659]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15579:(2021-11-07 17:28:43): [ldap_child[5659]] [main] (0x2000): Kerberos context initialized 15580:(2021-11-07 17:28:43): [ldap_child[5659]] [become_user] (0x0200): Trying to become user [0][0]. 15581:(2021-11-07 17:28:43): [ldap_child[5659]] [become_user] (0x0200): Already user [0]. 15582:(2021-11-07 17:28:43): [ldap_child[5659]] [main] (0x2000): Running as [0][0]. 15583:(2021-11-07 17:28:43): [ldap_child[5659]] [main] (0x2000): getting TGT sync 15584:(2021-11-07 17:28:43): [ldap_child[5659]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15585:(2021-11-07 17:28:43): [ldap_child[5659]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15586:(2021-11-07 17:28:43): [ldap_child[5659]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15587:(2021-11-07 17:28:43): [ldap_child[5659]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15588:(2021-11-07 17:28:44): [ldap_child[5659]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15589:(2021-11-07 17:28:44): [ldap_child[5659]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15590:(2021-11-07 17:28:44): [ldap_child[5659]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_sZsBVE] 15591:(2021-11-07 17:28:44): [ldap_child[5659]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15592:(2021-11-07 17:28:44): [ldap_child[5659]] [prepare_response] (0x0400): Building response for result [-1765328378] 15593:(2021-11-07 17:28:44): [ldap_child[5659]] [pack_buffer] (0x2000): response size: 109 15594:(2021-11-07 17:28:44): [ldap_child[5659]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15595:(2021-11-07 17:28:44): [ldap_child[5659]] [main] (0x0400): ldap_child completed successfully 15596:(2021-11-07 17:28:45): [ldap_child[5660]] [main] (0x0400): ldap_child started. 15597:(2021-11-07 17:28:45): [ldap_child[5660]] [main] (0x2000): context initialized 15598:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): total buffer size: 88 15599:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): realm_str size: 17 15600:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15601:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): princ_str size: 31 15602:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15603:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): keytab_name size: 16 15604:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15605:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x1000): lifetime: 86400 15606:(2021-11-07 17:28:45): [ldap_child[5660]] [unpack_buffer] (0x0200): Will run as [0][0]. 15607:(2021-11-07 17:28:45): [ldap_child[5660]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15608:(2021-11-07 17:28:45): [ldap_child[5660]] [main] (0x2000): Kerberos context initialized 15609:(2021-11-07 17:28:45): [ldap_child[5660]] [become_user] (0x0200): Trying to become user [0][0]. 15610:(2021-11-07 17:28:45): [ldap_child[5660]] [become_user] (0x0200): Already user [0]. 15611:(2021-11-07 17:28:45): [ldap_child[5660]] [main] (0x2000): Running as [0][0]. 15612:(2021-11-07 17:28:45): [ldap_child[5660]] [main] (0x2000): getting TGT sync 15613:(2021-11-07 17:28:45): [ldap_child[5660]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15614:(2021-11-07 17:28:45): [ldap_child[5660]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15615:(2021-11-07 17:28:45): [ldap_child[5660]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15616:(2021-11-07 17:28:45): [ldap_child[5660]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15617:(2021-11-07 17:28:45): [ldap_child[5660]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15618:(2021-11-07 17:28:45): [ldap_child[5660]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15619:(2021-11-07 17:28:45): [ldap_child[5660]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_sZcmPF] 15620:(2021-11-07 17:28:45): [ldap_child[5660]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15621:(2021-11-07 17:28:45): [ldap_child[5660]] [prepare_response] (0x0400): Building response for result [-1765328378] 15622:(2021-11-07 17:28:45): [ldap_child[5660]] [pack_buffer] (0x2000): response size: 109 15623:(2021-11-07 17:28:45): [ldap_child[5660]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15624:(2021-11-07 17:28:45): [ldap_child[5660]] [main] (0x0400): ldap_child completed successfully 15625:(2021-11-07 17:28:46): [ldap_child[5661]] [main] (0x0400): ldap_child started. 15626:(2021-11-07 17:28:46): [ldap_child[5661]] [main] (0x2000): context initialized 15627:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): total buffer size: 88 15628:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): realm_str size: 17 15629:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15630:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): princ_str size: 31 15631:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15632:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): keytab_name size: 16 15633:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15634:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x1000): lifetime: 86400 15635:(2021-11-07 17:28:46): [ldap_child[5661]] [unpack_buffer] (0x0200): Will run as [0][0]. 15636:(2021-11-07 17:28:46): [ldap_child[5661]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15637:(2021-11-07 17:28:46): [ldap_child[5661]] [main] (0x2000): Kerberos context initialized 15638:(2021-11-07 17:28:46): [ldap_child[5661]] [become_user] (0x0200): Trying to become user [0][0]. 15639:(2021-11-07 17:28:46): [ldap_child[5661]] [become_user] (0x0200): Already user [0]. 15640:(2021-11-07 17:28:46): [ldap_child[5661]] [main] (0x2000): Running as [0][0]. 15641:(2021-11-07 17:28:46): [ldap_child[5661]] [main] (0x2000): getting TGT sync 15642:(2021-11-07 17:28:46): [ldap_child[5661]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15643:(2021-11-07 17:28:46): [ldap_child[5661]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15644:(2021-11-07 17:28:46): [ldap_child[5661]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15645:(2021-11-07 17:28:46): [ldap_child[5661]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15646:(2021-11-07 17:28:46): [ldap_child[5661]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15647:(2021-11-07 17:28:46): [ldap_child[5661]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15648:(2021-11-07 17:28:46): [ldap_child[5661]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_4BD2TS] 15649:(2021-11-07 17:28:46): [ldap_child[5661]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15650:(2021-11-07 17:28:46): [ldap_child[5661]] [prepare_response] (0x0400): Building response for result [-1765328378] 15651:(2021-11-07 17:28:46): [ldap_child[5661]] [pack_buffer] (0x2000): response size: 109 15652:(2021-11-07 17:28:46): [ldap_child[5661]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15653:(2021-11-07 17:28:46): [ldap_child[5661]] [main] (0x0400): ldap_child completed successfully 15654:(2021-11-07 17:28:47): [ldap_child[5665]] [main] (0x0400): ldap_child started. 15655:(2021-11-07 17:28:47): [ldap_child[5665]] [main] (0x2000): context initialized 15656:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): total buffer size: 88 15657:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): realm_str size: 17 15658:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15659:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): princ_str size: 31 15660:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15661:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): keytab_name size: 16 15662:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15663:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x1000): lifetime: 86400 15664:(2021-11-07 17:28:47): [ldap_child[5665]] [unpack_buffer] (0x0200): Will run as [0][0]. 15665:(2021-11-07 17:28:47): [ldap_child[5665]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15666:(2021-11-07 17:28:47): [ldap_child[5665]] [main] (0x2000): Kerberos context initialized 15667:(2021-11-07 17:28:47): [ldap_child[5665]] [become_user] (0x0200): Trying to become user [0][0]. 15668:(2021-11-07 17:28:47): [ldap_child[5665]] [become_user] (0x0200): Already user [0]. 15669:(2021-11-07 17:28:47): [ldap_child[5665]] [main] (0x2000): Running as [0][0]. 15670:(2021-11-07 17:28:47): [ldap_child[5665]] [main] (0x2000): getting TGT sync 15671:(2021-11-07 17:28:47): [ldap_child[5665]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15672:(2021-11-07 17:28:47): [ldap_child[5665]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15673:(2021-11-07 17:28:47): [ldap_child[5665]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15674:(2021-11-07 17:28:47): [ldap_child[5665]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15675:(2021-11-07 17:28:47): [ldap_child[5665]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15676:(2021-11-07 17:28:47): [ldap_child[5665]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15677:(2021-11-07 17:28:47): [ldap_child[5665]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_uO2q3V] 15678:(2021-11-07 17:28:47): [ldap_child[5665]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15679:(2021-11-07 17:28:47): [ldap_child[5665]] [prepare_response] (0x0400): Building response for result [-1765328378] 15680:(2021-11-07 17:28:47): [ldap_child[5665]] [pack_buffer] (0x2000): response size: 109 15681:(2021-11-07 17:28:47): [ldap_child[5665]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15682:(2021-11-07 17:28:47): [ldap_child[5665]] [main] (0x0400): ldap_child completed successfully 15683:(2021-11-07 17:28:48): [ldap_child[5666]] [main] (0x0400): ldap_child started. 15684:(2021-11-07 17:28:48): [ldap_child[5666]] [main] (0x2000): context initialized 15685:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): total buffer size: 88 15686:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): realm_str size: 17 15687:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15688:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): princ_str size: 31 15689:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15690:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): keytab_name size: 16 15691:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15692:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x1000): lifetime: 86400 15693:(2021-11-07 17:28:48): [ldap_child[5666]] [unpack_buffer] (0x0200): Will run as [0][0]. 15694:(2021-11-07 17:28:48): [ldap_child[5666]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15695:(2021-11-07 17:28:48): [ldap_child[5666]] [main] (0x2000): Kerberos context initialized 15696:(2021-11-07 17:28:48): [ldap_child[5666]] [become_user] (0x0200): Trying to become user [0][0]. 15697:(2021-11-07 17:28:48): [ldap_child[5666]] [become_user] (0x0200): Already user [0]. 15698:(2021-11-07 17:28:48): [ldap_child[5666]] [main] (0x2000): Running as [0][0]. 15699:(2021-11-07 17:28:48): [ldap_child[5666]] [main] (0x2000): getting TGT sync 15700:(2021-11-07 17:28:48): [ldap_child[5666]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15701:(2021-11-07 17:28:48): [ldap_child[5666]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15702:(2021-11-07 17:28:48): [ldap_child[5666]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15703:(2021-11-07 17:28:48): [ldap_child[5666]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15704:(2021-11-07 17:28:48): [ldap_child[5666]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15705:(2021-11-07 17:28:48): [ldap_child[5666]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15706:(2021-11-07 17:28:48): [ldap_child[5666]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_FHN0QM] 15707:(2021-11-07 17:28:48): [ldap_child[5666]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15708:(2021-11-07 17:28:48): [ldap_child[5666]] [prepare_response] (0x0400): Building response for result [-1765328378] 15709:(2021-11-07 17:28:48): [ldap_child[5666]] [pack_buffer] (0x2000): response size: 109 15710:(2021-11-07 17:28:48): [ldap_child[5666]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15711:(2021-11-07 17:28:48): [ldap_child[5666]] [main] (0x0400): ldap_child completed successfully 15712:(2021-11-07 17:28:49): [ldap_child[5669]] [main] (0x0400): ldap_child started. 15713:(2021-11-07 17:28:49): [ldap_child[5669]] [main] (0x2000): context initialized 15714:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): total buffer size: 88 15715:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): realm_str size: 17 15716:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15717:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): princ_str size: 31 15718:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15719:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): keytab_name size: 16 15720:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15721:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x1000): lifetime: 86400 15722:(2021-11-07 17:28:49): [ldap_child[5669]] [unpack_buffer] (0x0200): Will run as [0][0]. 15723:(2021-11-07 17:28:49): [ldap_child[5669]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15724:(2021-11-07 17:28:49): [ldap_child[5669]] [main] (0x2000): Kerberos context initialized 15725:(2021-11-07 17:28:49): [ldap_child[5669]] [become_user] (0x0200): Trying to become user [0][0]. 15726:(2021-11-07 17:28:49): [ldap_child[5669]] [become_user] (0x0200): Already user [0]. 15727:(2021-11-07 17:28:49): [ldap_child[5669]] [main] (0x2000): Running as [0][0]. 15728:(2021-11-07 17:28:49): [ldap_child[5669]] [main] (0x2000): getting TGT sync 15729:(2021-11-07 17:28:49): [ldap_child[5669]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15730:(2021-11-07 17:28:49): [ldap_child[5669]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15731:(2021-11-07 17:28:49): [ldap_child[5669]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15732:(2021-11-07 17:28:49): [ldap_child[5669]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15733:(2021-11-07 17:28:50): [ldap_child[5669]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15734:(2021-11-07 17:28:50): [ldap_child[5669]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15735:(2021-11-07 17:28:50): [ldap_child[5669]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_ZWJCKa] 15736:(2021-11-07 17:28:50): [ldap_child[5669]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15737:(2021-11-07 17:28:50): [ldap_child[5669]] [prepare_response] (0x0400): Building response for result [-1765328378] 15738:(2021-11-07 17:28:50): [ldap_child[5669]] [pack_buffer] (0x2000): response size: 109 15739:(2021-11-07 17:28:50): [ldap_child[5669]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15740:(2021-11-07 17:28:50): [ldap_child[5669]] [main] (0x0400): ldap_child completed successfully 15741:(2021-11-07 17:28:51): [ldap_child[5670]] [main] (0x0400): ldap_child started. 15742:(2021-11-07 17:28:51): [ldap_child[5670]] [main] (0x2000): context initialized 15743:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): total buffer size: 88 15744:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): realm_str size: 17 15745:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15746:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): princ_str size: 31 15747:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15748:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): keytab_name size: 16 15749:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15750:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x1000): lifetime: 86400 15751:(2021-11-07 17:28:51): [ldap_child[5670]] [unpack_buffer] (0x0200): Will run as [0][0]. 15752:(2021-11-07 17:28:51): [ldap_child[5670]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15753:(2021-11-07 17:28:51): [ldap_child[5670]] [main] (0x2000): Kerberos context initialized 15754:(2021-11-07 17:28:51): [ldap_child[5670]] [become_user] (0x0200): Trying to become user [0][0]. 15755:(2021-11-07 17:28:51): [ldap_child[5670]] [become_user] (0x0200): Already user [0]. 15756:(2021-11-07 17:28:51): [ldap_child[5670]] [main] (0x2000): Running as [0][0]. 15757:(2021-11-07 17:28:51): [ldap_child[5670]] [main] (0x2000): getting TGT sync 15758:(2021-11-07 17:28:51): [ldap_child[5670]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15759:(2021-11-07 17:28:51): [ldap_child[5670]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15760:(2021-11-07 17:28:51): [ldap_child[5670]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15761:(2021-11-07 17:28:51): [ldap_child[5670]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15762:(2021-11-07 17:28:51): [ldap_child[5670]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15763:(2021-11-07 17:28:51): [ldap_child[5670]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15764:(2021-11-07 17:28:51): [ldap_child[5670]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_xkzHff] 15765:(2021-11-07 17:28:51): [ldap_child[5670]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15766:(2021-11-07 17:28:51): [ldap_child[5670]] [prepare_response] (0x0400): Building response for result [-1765328378] 15767:(2021-11-07 17:28:51): [ldap_child[5670]] [pack_buffer] (0x2000): response size: 109 15768:(2021-11-07 17:28:51): [ldap_child[5670]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15769:(2021-11-07 17:28:51): [ldap_child[5670]] [main] (0x0400): ldap_child completed successfully 15770:(2021-11-07 17:28:52): [ldap_child[5671]] [main] (0x0400): ldap_child started. 15771:(2021-11-07 17:28:52): [ldap_child[5671]] [main] (0x2000): context initialized 15772:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): total buffer size: 88 15773:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): realm_str size: 17 15774:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15775:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): princ_str size: 31 15776:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15777:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): keytab_name size: 16 15778:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15779:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x1000): lifetime: 86400 15780:(2021-11-07 17:28:52): [ldap_child[5671]] [unpack_buffer] (0x0200): Will run as [0][0]. 15781:(2021-11-07 17:28:52): [ldap_child[5671]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15782:(2021-11-07 17:28:52): [ldap_child[5671]] [main] (0x2000): Kerberos context initialized 15783:(2021-11-07 17:28:52): [ldap_child[5671]] [become_user] (0x0200): Trying to become user [0][0]. 15784:(2021-11-07 17:28:52): [ldap_child[5671]] [become_user] (0x0200): Already user [0]. 15785:(2021-11-07 17:28:52): [ldap_child[5671]] [main] (0x2000): Running as [0][0]. 15786:(2021-11-07 17:28:52): [ldap_child[5671]] [main] (0x2000): getting TGT sync 15787:(2021-11-07 17:28:52): [ldap_child[5671]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15788:(2021-11-07 17:28:52): [ldap_child[5671]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15789:(2021-11-07 17:28:52): [ldap_child[5671]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15790:(2021-11-07 17:28:52): [ldap_child[5671]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15791:(2021-11-07 17:28:52): [ldap_child[5671]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15792:(2021-11-07 17:28:52): [ldap_child[5671]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15793:(2021-11-07 17:28:52): [ldap_child[5671]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_8KEUjp] 15794:(2021-11-07 17:28:52): [ldap_child[5671]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15795:(2021-11-07 17:28:52): [ldap_child[5671]] [prepare_response] (0x0400): Building response for result [-1765328378] 15796:(2021-11-07 17:28:52): [ldap_child[5671]] [pack_buffer] (0x2000): response size: 109 15797:(2021-11-07 17:28:52): [ldap_child[5671]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15798:(2021-11-07 17:28:52): [ldap_child[5671]] [main] (0x0400): ldap_child completed successfully 15799:(2021-11-07 17:28:53): [ldap_child[5672]] [main] (0x0400): ldap_child started. 15800:(2021-11-07 17:28:53): [ldap_child[5672]] [main] (0x2000): context initialized 15801:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): total buffer size: 88 15802:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): realm_str size: 17 15803:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15804:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): princ_str size: 31 15805:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15806:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): keytab_name size: 16 15807:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15808:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x1000): lifetime: 86400 15809:(2021-11-07 17:28:53): [ldap_child[5672]] [unpack_buffer] (0x0200): Will run as [0][0]. 15810:(2021-11-07 17:28:53): [ldap_child[5672]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15811:(2021-11-07 17:28:53): [ldap_child[5672]] [main] (0x2000): Kerberos context initialized 15812:(2021-11-07 17:28:53): [ldap_child[5672]] [become_user] (0x0200): Trying to become user [0][0]. 15813:(2021-11-07 17:28:53): [ldap_child[5672]] [become_user] (0x0200): Already user [0]. 15814:(2021-11-07 17:28:53): [ldap_child[5672]] [main] (0x2000): Running as [0][0]. 15815:(2021-11-07 17:28:53): [ldap_child[5672]] [main] (0x2000): getting TGT sync 15816:(2021-11-07 17:28:53): [ldap_child[5672]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15817:(2021-11-07 17:28:53): [ldap_child[5672]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15818:(2021-11-07 17:28:53): [ldap_child[5672]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15819:(2021-11-07 17:28:53): [ldap_child[5672]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15820:(2021-11-07 17:28:53): [ldap_child[5672]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15821:(2021-11-07 17:28:53): [ldap_child[5672]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15822:(2021-11-07 17:28:53): [ldap_child[5672]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_vNxUcG] 15823:(2021-11-07 17:28:53): [ldap_child[5672]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15824:(2021-11-07 17:28:53): [ldap_child[5672]] [prepare_response] (0x0400): Building response for result [-1765328378] 15825:(2021-11-07 17:28:53): [ldap_child[5672]] [pack_buffer] (0x2000): response size: 109 15826:(2021-11-07 17:28:53): [ldap_child[5672]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15827:(2021-11-07 17:28:53): [ldap_child[5672]] [main] (0x0400): ldap_child completed successfully 15828:(2021-11-07 17:28:54): [ldap_child[5675]] [main] (0x0400): ldap_child started. 15829:(2021-11-07 17:28:54): [ldap_child[5675]] [main] (0x2000): context initialized 15830:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): total buffer size: 88 15831:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): realm_str size: 17 15832:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15833:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): princ_str size: 31 15834:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15835:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): keytab_name size: 16 15836:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15837:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x1000): lifetime: 86400 15838:(2021-11-07 17:28:54): [ldap_child[5675]] [unpack_buffer] (0x0200): Will run as [0][0]. 15839:(2021-11-07 17:28:54): [ldap_child[5675]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15840:(2021-11-07 17:28:54): [ldap_child[5675]] [main] (0x2000): Kerberos context initialized 15841:(2021-11-07 17:28:54): [ldap_child[5675]] [become_user] (0x0200): Trying to become user [0][0]. 15842:(2021-11-07 17:28:54): [ldap_child[5675]] [become_user] (0x0200): Already user [0]. 15843:(2021-11-07 17:28:54): [ldap_child[5675]] [main] (0x2000): Running as [0][0]. 15844:(2021-11-07 17:28:54): [ldap_child[5675]] [main] (0x2000): getting TGT sync 15845:(2021-11-07 17:28:54): [ldap_child[5675]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15846:(2021-11-07 17:28:54): [ldap_child[5675]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15847:(2021-11-07 17:28:54): [ldap_child[5675]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15848:(2021-11-07 17:28:54): [ldap_child[5675]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15849:(2021-11-07 17:28:54): [ldap_child[5675]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15850:(2021-11-07 17:28:54): [ldap_child[5675]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15851:(2021-11-07 17:28:54): [ldap_child[5675]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_SFLi6b] 15852:(2021-11-07 17:28:54): [ldap_child[5675]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15853:(2021-11-07 17:28:54): [ldap_child[5675]] [prepare_response] (0x0400): Building response for result [-1765328378] 15854:(2021-11-07 17:28:54): [ldap_child[5675]] [pack_buffer] (0x2000): response size: 109 15855:(2021-11-07 17:28:54): [ldap_child[5675]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15856:(2021-11-07 17:28:54): [ldap_child[5675]] [main] (0x0400): ldap_child completed successfully 15857:(2021-11-07 17:28:55): [ldap_child[5676]] [main] (0x0400): ldap_child started. 15858:(2021-11-07 17:28:55): [ldap_child[5676]] [main] (0x2000): context initialized 15859:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): total buffer size: 88 15860:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): realm_str size: 17 15861:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15862:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): princ_str size: 31 15863:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15864:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): keytab_name size: 16 15865:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15866:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x1000): lifetime: 86400 15867:(2021-11-07 17:28:55): [ldap_child[5676]] [unpack_buffer] (0x0200): Will run as [0][0]. 15868:(2021-11-07 17:28:55): [ldap_child[5676]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15869:(2021-11-07 17:28:55): [ldap_child[5676]] [main] (0x2000): Kerberos context initialized 15870:(2021-11-07 17:28:55): [ldap_child[5676]] [become_user] (0x0200): Trying to become user [0][0]. 15871:(2021-11-07 17:28:55): [ldap_child[5676]] [become_user] (0x0200): Already user [0]. 15872:(2021-11-07 17:28:55): [ldap_child[5676]] [main] (0x2000): Running as [0][0]. 15873:(2021-11-07 17:28:55): [ldap_child[5676]] [main] (0x2000): getting TGT sync 15874:(2021-11-07 17:28:55): [ldap_child[5676]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15875:(2021-11-07 17:28:55): [ldap_child[5676]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15876:(2021-11-07 17:28:55): [ldap_child[5676]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15877:(2021-11-07 17:28:55): [ldap_child[5676]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15878:(2021-11-07 17:28:55): [ldap_child[5676]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15879:(2021-11-07 17:28:55): [ldap_child[5676]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15880:(2021-11-07 17:28:55): [ldap_child[5676]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_3bd0bx] 15881:(2021-11-07 17:28:55): [ldap_child[5676]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15882:(2021-11-07 17:28:55): [ldap_child[5676]] [prepare_response] (0x0400): Building response for result [-1765328378] 15883:(2021-11-07 17:28:55): [ldap_child[5676]] [pack_buffer] (0x2000): response size: 109 15884:(2021-11-07 17:28:55): [ldap_child[5676]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15885:(2021-11-07 17:28:55): [ldap_child[5676]] [main] (0x0400): ldap_child completed successfully 15886:(2021-11-07 17:28:56): [ldap_child[5677]] [main] (0x0400): ldap_child started. 15887:(2021-11-07 17:28:56): [ldap_child[5677]] [main] (0x2000): context initialized 15888:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): total buffer size: 88 15889:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): realm_str size: 17 15890:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15891:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): princ_str size: 31 15892:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15893:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): keytab_name size: 16 15894:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15895:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x1000): lifetime: 86400 15896:(2021-11-07 17:28:56): [ldap_child[5677]] [unpack_buffer] (0x0200): Will run as [0][0]. 15897:(2021-11-07 17:28:56): [ldap_child[5677]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15898:(2021-11-07 17:28:56): [ldap_child[5677]] [main] (0x2000): Kerberos context initialized 15899:(2021-11-07 17:28:56): [ldap_child[5677]] [become_user] (0x0200): Trying to become user [0][0]. 15900:(2021-11-07 17:28:56): [ldap_child[5677]] [become_user] (0x0200): Already user [0]. 15901:(2021-11-07 17:28:56): [ldap_child[5677]] [main] (0x2000): Running as [0][0]. 15902:(2021-11-07 17:28:56): [ldap_child[5677]] [main] (0x2000): getting TGT sync 15903:(2021-11-07 17:28:56): [ldap_child[5677]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15904:(2021-11-07 17:28:56): [ldap_child[5677]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15905:(2021-11-07 17:28:56): [ldap_child[5677]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15906:(2021-11-07 17:28:56): [ldap_child[5677]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15907:(2021-11-07 17:28:56): [ldap_child[5677]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15908:(2021-11-07 17:28:56): [ldap_child[5677]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15909:(2021-11-07 17:28:56): [ldap_child[5677]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_YxzhmG] 15910:(2021-11-07 17:28:56): [ldap_child[5677]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15911:(2021-11-07 17:28:56): [ldap_child[5677]] [prepare_response] (0x0400): Building response for result [-1765328378] 15912:(2021-11-07 17:28:56): [ldap_child[5677]] [pack_buffer] (0x2000): response size: 109 15913:(2021-11-07 17:28:56): [ldap_child[5677]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15914:(2021-11-07 17:28:56): [ldap_child[5677]] [main] (0x0400): ldap_child completed successfully 15915:(2021-11-07 17:28:57): [ldap_child[5681]] [main] (0x0400): ldap_child started. 15916:(2021-11-07 17:28:57): [ldap_child[5681]] [main] (0x2000): context initialized 15917:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): total buffer size: 88 15918:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): realm_str size: 17 15919:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15920:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): princ_str size: 31 15921:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15922:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): keytab_name size: 16 15923:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15924:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x1000): lifetime: 86400 15925:(2021-11-07 17:28:57): [ldap_child[5681]] [unpack_buffer] (0x0200): Will run as [0][0]. 15926:(2021-11-07 17:28:57): [ldap_child[5681]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15927:(2021-11-07 17:28:57): [ldap_child[5681]] [main] (0x2000): Kerberos context initialized 15928:(2021-11-07 17:28:57): [ldap_child[5681]] [become_user] (0x0200): Trying to become user [0][0]. 15929:(2021-11-07 17:28:57): [ldap_child[5681]] [become_user] (0x0200): Already user [0]. 15930:(2021-11-07 17:28:57): [ldap_child[5681]] [main] (0x2000): Running as [0][0]. 15931:(2021-11-07 17:28:57): [ldap_child[5681]] [main] (0x2000): getting TGT sync 15932:(2021-11-07 17:28:57): [ldap_child[5681]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15933:(2021-11-07 17:28:57): [ldap_child[5681]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15934:(2021-11-07 17:28:57): [ldap_child[5681]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15935:(2021-11-07 17:28:57): [ldap_child[5681]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15936:(2021-11-07 17:28:57): [ldap_child[5681]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15937:(2021-11-07 17:28:57): [ldap_child[5681]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15938:(2021-11-07 17:28:57): [ldap_child[5681]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_9qPGww] 15939:(2021-11-07 17:28:57): [ldap_child[5681]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15940:(2021-11-07 17:28:57): [ldap_child[5681]] [prepare_response] (0x0400): Building response for result [-1765328378] 15941:(2021-11-07 17:28:57): [ldap_child[5681]] [pack_buffer] (0x2000): response size: 109 15942:(2021-11-07 17:28:57): [ldap_child[5681]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15943:(2021-11-07 17:28:57): [ldap_child[5681]] [main] (0x0400): ldap_child completed successfully 15944:(2021-11-07 17:28:57): [ldap_child[5682]] [main] (0x0400): ldap_child started. 15945:(2021-11-07 17:28:57): [ldap_child[5682]] [main] (0x2000): context initialized 15946:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): total buffer size: 88 15947:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): realm_str size: 17 15948:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15949:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): princ_str size: 31 15950:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15951:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): keytab_name size: 16 15952:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15953:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x1000): lifetime: 86400 15954:(2021-11-07 17:28:57): [ldap_child[5682]] [unpack_buffer] (0x0200): Will run as [0][0]. 15955:(2021-11-07 17:28:57): [ldap_child[5682]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15956:(2021-11-07 17:28:57): [ldap_child[5682]] [main] (0x2000): Kerberos context initialized 15957:(2021-11-07 17:28:57): [ldap_child[5682]] [become_user] (0x0200): Trying to become user [0][0]. 15958:(2021-11-07 17:28:57): [ldap_child[5682]] [become_user] (0x0200): Already user [0]. 15959:(2021-11-07 17:28:57): [ldap_child[5682]] [main] (0x2000): Running as [0][0]. 15960:(2021-11-07 17:28:57): [ldap_child[5682]] [main] (0x2000): getting TGT sync 15961:(2021-11-07 17:28:57): [ldap_child[5682]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15962:(2021-11-07 17:28:57): [ldap_child[5682]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15963:(2021-11-07 17:28:57): [ldap_child[5682]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15964:(2021-11-07 17:28:57): [ldap_child[5682]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15965:(2021-11-07 17:28:58): [ldap_child[5682]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15966:(2021-11-07 17:28:58): [ldap_child[5682]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15967:(2021-11-07 17:28:58): [ldap_child[5682]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_Ko4HKl] 15968:(2021-11-07 17:28:58): [ldap_child[5682]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15969:(2021-11-07 17:28:58): [ldap_child[5682]] [prepare_response] (0x0400): Building response for result [-1765328378] 15970:(2021-11-07 17:28:58): [ldap_child[5682]] [pack_buffer] (0x2000): response size: 109 15971:(2021-11-07 17:28:58): [ldap_child[5682]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 15972:(2021-11-07 17:28:58): [ldap_child[5682]] [main] (0x0400): ldap_child completed successfully 15973:(2021-11-07 17:28:59): [ldap_child[5685]] [main] (0x0400): ldap_child started. 15974:(2021-11-07 17:28:59): [ldap_child[5685]] [main] (0x2000): context initialized 15975:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): total buffer size: 88 15976:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): realm_str size: 17 15977:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 15978:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): princ_str size: 31 15979:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 15980:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): keytab_name size: 16 15981:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 15982:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x1000): lifetime: 86400 15983:(2021-11-07 17:28:59): [ldap_child[5685]] [unpack_buffer] (0x0200): Will run as [0][0]. 15984:(2021-11-07 17:28:59): [ldap_child[5685]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 15985:(2021-11-07 17:28:59): [ldap_child[5685]] [main] (0x2000): Kerberos context initialized 15986:(2021-11-07 17:28:59): [ldap_child[5685]] [become_user] (0x0200): Trying to become user [0][0]. 15987:(2021-11-07 17:28:59): [ldap_child[5685]] [become_user] (0x0200): Already user [0]. 15988:(2021-11-07 17:28:59): [ldap_child[5685]] [main] (0x2000): Running as [0][0]. 15989:(2021-11-07 17:28:59): [ldap_child[5685]] [main] (0x2000): getting TGT sync 15990:(2021-11-07 17:28:59): [ldap_child[5685]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 15991:(2021-11-07 17:28:59): [ldap_child[5685]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 15992:(2021-11-07 17:28:59): [ldap_child[5685]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 15993:(2021-11-07 17:28:59): [ldap_child[5685]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 15994:(2021-11-07 17:28:59): [ldap_child[5685]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 15995:(2021-11-07 17:28:59): [ldap_child[5685]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 15996:(2021-11-07 17:28:59): [ldap_child[5685]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_lISIIC] 15997:(2021-11-07 17:28:59): [ldap_child[5685]] [main] (0x0020): ldap_child_get_tgt_sync failed. 15998:(2021-11-07 17:28:59): [ldap_child[5685]] [prepare_response] (0x0400): Building response for result [-1765328378] 15999:(2021-11-07 17:28:59): [ldap_child[5685]] [pack_buffer] (0x2000): response size: 109 16000:(2021-11-07 17:28:59): [ldap_child[5685]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16001:(2021-11-07 17:28:59): [ldap_child[5685]] [main] (0x0400): ldap_child completed successfully 16002:(2021-11-07 17:29:00): [ldap_child[5687]] [main] (0x0400): ldap_child started. 16003:(2021-11-07 17:29:00): [ldap_child[5687]] [main] (0x2000): context initialized 16004:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): total buffer size: 88 16005:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): realm_str size: 17 16006:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16007:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): princ_str size: 31 16008:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16009:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): keytab_name size: 16 16010:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16011:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x1000): lifetime: 86400 16012:(2021-11-07 17:29:00): [ldap_child[5687]] [unpack_buffer] (0x0200): Will run as [0][0]. 16013:(2021-11-07 17:29:00): [ldap_child[5687]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16014:(2021-11-07 17:29:00): [ldap_child[5687]] [main] (0x2000): Kerberos context initialized 16015:(2021-11-07 17:29:00): [ldap_child[5687]] [become_user] (0x0200): Trying to become user [0][0]. 16016:(2021-11-07 17:29:00): [ldap_child[5687]] [become_user] (0x0200): Already user [0]. 16017:(2021-11-07 17:29:00): [ldap_child[5687]] [main] (0x2000): Running as [0][0]. 16018:(2021-11-07 17:29:00): [ldap_child[5687]] [main] (0x2000): getting TGT sync 16019:(2021-11-07 17:29:00): [ldap_child[5687]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16020:(2021-11-07 17:29:00): [ldap_child[5687]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16021:(2021-11-07 17:29:00): [ldap_child[5687]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16022:(2021-11-07 17:29:00): [ldap_child[5687]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16023:(2021-11-07 17:29:00): [ldap_child[5687]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16024:(2021-11-07 17:29:00): [ldap_child[5687]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16025:(2021-11-07 17:29:00): [ldap_child[5687]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_iLo7jm] 16026:(2021-11-07 17:29:00): [ldap_child[5687]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16027:(2021-11-07 17:29:00): [ldap_child[5687]] [prepare_response] (0x0400): Building response for result [-1765328378] 16028:(2021-11-07 17:29:00): [ldap_child[5687]] [pack_buffer] (0x2000): response size: 109 16029:(2021-11-07 17:29:00): [ldap_child[5687]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16030:(2021-11-07 17:29:00): [ldap_child[5687]] [main] (0x0400): ldap_child completed successfully 16031:(2021-11-07 17:29:01): [ldap_child[5688]] [main] (0x0400): ldap_child started. 16032:(2021-11-07 17:29:01): [ldap_child[5688]] [main] (0x2000): context initialized 16033:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): total buffer size: 88 16034:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): realm_str size: 17 16035:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16036:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): princ_str size: 31 16037:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16038:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): keytab_name size: 16 16039:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16040:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x1000): lifetime: 86400 16041:(2021-11-07 17:29:01): [ldap_child[5688]] [unpack_buffer] (0x0200): Will run as [0][0]. 16042:(2021-11-07 17:29:01): [ldap_child[5688]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16043:(2021-11-07 17:29:01): [ldap_child[5688]] [main] (0x2000): Kerberos context initialized 16044:(2021-11-07 17:29:01): [ldap_child[5688]] [become_user] (0x0200): Trying to become user [0][0]. 16045:(2021-11-07 17:29:01): [ldap_child[5688]] [become_user] (0x0200): Already user [0]. 16046:(2021-11-07 17:29:01): [ldap_child[5688]] [main] (0x2000): Running as [0][0]. 16047:(2021-11-07 17:29:01): [ldap_child[5688]] [main] (0x2000): getting TGT sync 16048:(2021-11-07 17:29:01): [ldap_child[5688]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16049:(2021-11-07 17:29:01): [ldap_child[5688]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16050:(2021-11-07 17:29:01): [ldap_child[5688]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16051:(2021-11-07 17:29:01): [ldap_child[5688]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16052:(2021-11-07 17:29:01): [ldap_child[5688]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16053:(2021-11-07 17:29:01): [ldap_child[5688]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16054:(2021-11-07 17:29:01): [ldap_child[5688]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_wuURpT] 16055:(2021-11-07 17:29:01): [ldap_child[5688]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16056:(2021-11-07 17:29:01): [ldap_child[5688]] [prepare_response] (0x0400): Building response for result [-1765328378] 16057:(2021-11-07 17:29:01): [ldap_child[5688]] [pack_buffer] (0x2000): response size: 109 16058:(2021-11-07 17:29:01): [ldap_child[5688]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16059:(2021-11-07 17:29:01): [ldap_child[5688]] [main] (0x0400): ldap_child completed successfully 16060:(2021-11-07 17:29:02): [ldap_child[5689]] [main] (0x0400): ldap_child started. 16061:(2021-11-07 17:29:02): [ldap_child[5689]] [main] (0x2000): context initialized 16062:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): total buffer size: 88 16063:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): realm_str size: 17 16064:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16065:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): princ_str size: 31 16066:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16067:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): keytab_name size: 16 16068:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16069:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x1000): lifetime: 86400 16070:(2021-11-07 17:29:02): [ldap_child[5689]] [unpack_buffer] (0x0200): Will run as [0][0]. 16071:(2021-11-07 17:29:02): [ldap_child[5689]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16072:(2021-11-07 17:29:02): [ldap_child[5689]] [main] (0x2000): Kerberos context initialized 16073:(2021-11-07 17:29:02): [ldap_child[5689]] [become_user] (0x0200): Trying to become user [0][0]. 16074:(2021-11-07 17:29:02): [ldap_child[5689]] [become_user] (0x0200): Already user [0]. 16075:(2021-11-07 17:29:02): [ldap_child[5689]] [main] (0x2000): Running as [0][0]. 16076:(2021-11-07 17:29:02): [ldap_child[5689]] [main] (0x2000): getting TGT sync 16077:(2021-11-07 17:29:02): [ldap_child[5689]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16078:(2021-11-07 17:29:02): [ldap_child[5689]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16079:(2021-11-07 17:29:02): [ldap_child[5689]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16080:(2021-11-07 17:29:02): [ldap_child[5689]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16081:(2021-11-07 17:29:03): [ldap_child[5689]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16082:(2021-11-07 17:29:03): [ldap_child[5689]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16083:(2021-11-07 17:29:03): [ldap_child[5689]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_HBeGWJ] 16084:(2021-11-07 17:29:03): [ldap_child[5689]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16085:(2021-11-07 17:29:03): [ldap_child[5689]] [prepare_response] (0x0400): Building response for result [-1765328378] 16086:(2021-11-07 17:29:03): [ldap_child[5689]] [pack_buffer] (0x2000): response size: 109 16087:(2021-11-07 17:29:03): [ldap_child[5689]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16088:(2021-11-07 17:29:03): [ldap_child[5689]] [main] (0x0400): ldap_child completed successfully 16089:(2021-11-07 17:29:04): [ldap_child[5692]] [main] (0x0400): ldap_child started. 16090:(2021-11-07 17:29:04): [ldap_child[5692]] [main] (0x2000): context initialized 16091:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): total buffer size: 88 16092:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): realm_str size: 17 16093:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16094:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): princ_str size: 31 16095:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16096:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): keytab_name size: 16 16097:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16098:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x1000): lifetime: 86400 16099:(2021-11-07 17:29:04): [ldap_child[5692]] [unpack_buffer] (0x0200): Will run as [0][0]. 16100:(2021-11-07 17:29:04): [ldap_child[5692]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16101:(2021-11-07 17:29:04): [ldap_child[5692]] [main] (0x2000): Kerberos context initialized 16102:(2021-11-07 17:29:04): [ldap_child[5692]] [become_user] (0x0200): Trying to become user [0][0]. 16103:(2021-11-07 17:29:04): [ldap_child[5692]] [become_user] (0x0200): Already user [0]. 16104:(2021-11-07 17:29:04): [ldap_child[5692]] [main] (0x2000): Running as [0][0]. 16105:(2021-11-07 17:29:04): [ldap_child[5692]] [main] (0x2000): getting TGT sync 16106:(2021-11-07 17:29:04): [ldap_child[5692]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16107:(2021-11-07 17:29:04): [ldap_child[5692]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16108:(2021-11-07 17:29:04): [ldap_child[5692]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16109:(2021-11-07 17:29:04): [ldap_child[5692]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16110:(2021-11-07 17:29:04): [ldap_child[5692]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16111:(2021-11-07 17:29:04): [ldap_child[5692]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16112:(2021-11-07 17:29:04): [ldap_child[5692]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_OoEAa6] 16113:(2021-11-07 17:29:04): [ldap_child[5692]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16114:(2021-11-07 17:29:04): [ldap_child[5692]] [prepare_response] (0x0400): Building response for result [-1765328378] 16115:(2021-11-07 17:29:04): [ldap_child[5692]] [pack_buffer] (0x2000): response size: 109 16116:(2021-11-07 17:29:04): [ldap_child[5692]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16117:(2021-11-07 17:29:04): [ldap_child[5692]] [main] (0x0400): ldap_child completed successfully 16118:(2021-11-07 17:29:05): [ldap_child[5693]] [main] (0x0400): ldap_child started. 16119:(2021-11-07 17:29:05): [ldap_child[5693]] [main] (0x2000): context initialized 16120:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): total buffer size: 88 16121:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): realm_str size: 17 16122:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16123:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): princ_str size: 31 16124:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16125:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): keytab_name size: 16 16126:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16127:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x1000): lifetime: 86400 16128:(2021-11-07 17:29:05): [ldap_child[5693]] [unpack_buffer] (0x0200): Will run as [0][0]. 16129:(2021-11-07 17:29:05): [ldap_child[5693]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16130:(2021-11-07 17:29:05): [ldap_child[5693]] [main] (0x2000): Kerberos context initialized 16131:(2021-11-07 17:29:05): [ldap_child[5693]] [become_user] (0x0200): Trying to become user [0][0]. 16132:(2021-11-07 17:29:05): [ldap_child[5693]] [become_user] (0x0200): Already user [0]. 16133:(2021-11-07 17:29:05): [ldap_child[5693]] [main] (0x2000): Running as [0][0]. 16134:(2021-11-07 17:29:05): [ldap_child[5693]] [main] (0x2000): getting TGT sync 16135:(2021-11-07 17:29:05): [ldap_child[5693]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16136:(2021-11-07 17:29:05): [ldap_child[5693]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16137:(2021-11-07 17:29:05): [ldap_child[5693]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16138:(2021-11-07 17:29:05): [ldap_child[5693]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16139:(2021-11-07 17:29:05): [ldap_child[5693]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16140:(2021-11-07 17:29:05): [ldap_child[5693]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16141:(2021-11-07 17:29:05): [ldap_child[5693]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_A5lclw] 16142:(2021-11-07 17:29:05): [ldap_child[5693]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16143:(2021-11-07 17:29:05): [ldap_child[5693]] [prepare_response] (0x0400): Building response for result [-1765328378] 16144:(2021-11-07 17:29:05): [ldap_child[5693]] [pack_buffer] (0x2000): response size: 109 16145:(2021-11-07 17:29:05): [ldap_child[5693]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16146:(2021-11-07 17:29:05): [ldap_child[5693]] [main] (0x0400): ldap_child completed successfully 16147:(2021-11-07 17:29:06): [ldap_child[5694]] [main] (0x0400): ldap_child started. 16148:(2021-11-07 17:29:06): [ldap_child[5694]] [main] (0x2000): context initialized 16149:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): total buffer size: 88 16150:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): realm_str size: 17 16151:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16152:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): princ_str size: 31 16153:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16154:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): keytab_name size: 16 16155:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16156:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x1000): lifetime: 86400 16157:(2021-11-07 17:29:06): [ldap_child[5694]] [unpack_buffer] (0x0200): Will run as [0][0]. 16158:(2021-11-07 17:29:06): [ldap_child[5694]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16159:(2021-11-07 17:29:06): [ldap_child[5694]] [main] (0x2000): Kerberos context initialized 16160:(2021-11-07 17:29:06): [ldap_child[5694]] [become_user] (0x0200): Trying to become user [0][0]. 16161:(2021-11-07 17:29:06): [ldap_child[5694]] [become_user] (0x0200): Already user [0]. 16162:(2021-11-07 17:29:06): [ldap_child[5694]] [main] (0x2000): Running as [0][0]. 16163:(2021-11-07 17:29:06): [ldap_child[5694]] [main] (0x2000): getting TGT sync 16164:(2021-11-07 17:29:06): [ldap_child[5694]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16165:(2021-11-07 17:29:06): [ldap_child[5694]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16166:(2021-11-07 17:29:06): [ldap_child[5694]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16167:(2021-11-07 17:29:06): [ldap_child[5694]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16168:(2021-11-07 17:29:06): [ldap_child[5694]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16169:(2021-11-07 17:29:06): [ldap_child[5694]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16170:(2021-11-07 17:29:06): [ldap_child[5694]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_GjE8r3] 16171:(2021-11-07 17:29:06): [ldap_child[5694]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16172:(2021-11-07 17:29:06): [ldap_child[5694]] [prepare_response] (0x0400): Building response for result [-1765328378] 16173:(2021-11-07 17:29:06): [ldap_child[5694]] [pack_buffer] (0x2000): response size: 109 16174:(2021-11-07 17:29:06): [ldap_child[5694]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16175:(2021-11-07 17:29:06): [ldap_child[5694]] [main] (0x0400): ldap_child completed successfully 16176:(2021-11-07 17:29:07): [ldap_child[5698]] [main] (0x0400): ldap_child started. 16177:(2021-11-07 17:29:07): [ldap_child[5698]] [main] (0x2000): context initialized 16178:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): total buffer size: 88 16179:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): realm_str size: 17 16180:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16181:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): princ_str size: 31 16182:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16183:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): keytab_name size: 16 16184:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16185:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x1000): lifetime: 86400 16186:(2021-11-07 17:29:07): [ldap_child[5698]] [unpack_buffer] (0x0200): Will run as [0][0]. 16187:(2021-11-07 17:29:07): [ldap_child[5698]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16188:(2021-11-07 17:29:07): [ldap_child[5698]] [main] (0x2000): Kerberos context initialized 16189:(2021-11-07 17:29:07): [ldap_child[5698]] [become_user] (0x0200): Trying to become user [0][0]. 16190:(2021-11-07 17:29:07): [ldap_child[5698]] [become_user] (0x0200): Already user [0]. 16191:(2021-11-07 17:29:07): [ldap_child[5698]] [main] (0x2000): Running as [0][0]. 16192:(2021-11-07 17:29:07): [ldap_child[5698]] [main] (0x2000): getting TGT sync 16193:(2021-11-07 17:29:07): [ldap_child[5698]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16194:(2021-11-07 17:29:07): [ldap_child[5698]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16195:(2021-11-07 17:29:07): [ldap_child[5698]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16196:(2021-11-07 17:29:07): [ldap_child[5698]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16197:(2021-11-07 17:29:07): [ldap_child[5698]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16198:(2021-11-07 17:29:07): [ldap_child[5698]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16199:(2021-11-07 17:29:07): [ldap_child[5698]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_nodp7F] 16200:(2021-11-07 17:29:07): [ldap_child[5698]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16201:(2021-11-07 17:29:07): [ldap_child[5698]] [prepare_response] (0x0400): Building response for result [-1765328378] 16202:(2021-11-07 17:29:07): [ldap_child[5698]] [pack_buffer] (0x2000): response size: 109 16203:(2021-11-07 17:29:07): [ldap_child[5698]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16204:(2021-11-07 17:29:07): [ldap_child[5698]] [main] (0x0400): ldap_child completed successfully 16205:(2021-11-07 17:29:08): [ldap_child[5699]] [main] (0x0400): ldap_child started. 16206:(2021-11-07 17:29:08): [ldap_child[5699]] [main] (0x2000): context initialized 16207:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): total buffer size: 88 16208:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): realm_str size: 17 16209:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16210:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): princ_str size: 31 16211:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16212:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): keytab_name size: 16 16213:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16214:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x1000): lifetime: 86400 16215:(2021-11-07 17:29:08): [ldap_child[5699]] [unpack_buffer] (0x0200): Will run as [0][0]. 16216:(2021-11-07 17:29:08): [ldap_child[5699]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16217:(2021-11-07 17:29:08): [ldap_child[5699]] [main] (0x2000): Kerberos context initialized 16218:(2021-11-07 17:29:08): [ldap_child[5699]] [become_user] (0x0200): Trying to become user [0][0]. 16219:(2021-11-07 17:29:08): [ldap_child[5699]] [become_user] (0x0200): Already user [0]. 16220:(2021-11-07 17:29:08): [ldap_child[5699]] [main] (0x2000): Running as [0][0]. 16221:(2021-11-07 17:29:08): [ldap_child[5699]] [main] (0x2000): getting TGT sync 16222:(2021-11-07 17:29:08): [ldap_child[5699]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16223:(2021-11-07 17:29:08): [ldap_child[5699]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16224:(2021-11-07 17:29:08): [ldap_child[5699]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16225:(2021-11-07 17:29:08): [ldap_child[5699]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16226:(2021-11-07 17:29:08): [ldap_child[5699]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16227:(2021-11-07 17:29:08): [ldap_child[5699]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16228:(2021-11-07 17:29:08): [ldap_child[5699]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_mMEkGq] 16229:(2021-11-07 17:29:08): [ldap_child[5699]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16230:(2021-11-07 17:29:08): [ldap_child[5699]] [prepare_response] (0x0400): Building response for result [-1765328378] 16231:(2021-11-07 17:29:08): [ldap_child[5699]] [pack_buffer] (0x2000): response size: 109 16232:(2021-11-07 17:29:08): [ldap_child[5699]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16233:(2021-11-07 17:29:08): [ldap_child[5699]] [main] (0x0400): ldap_child completed successfully 16234:(2021-11-07 17:29:09): [ldap_child[5702]] [main] (0x0400): ldap_child started. 16235:(2021-11-07 17:29:09): [ldap_child[5702]] [main] (0x2000): context initialized 16236:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): total buffer size: 88 16237:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): realm_str size: 17 16238:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16239:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): princ_str size: 31 16240:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16241:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): keytab_name size: 16 16242:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16243:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x1000): lifetime: 86400 16244:(2021-11-07 17:29:09): [ldap_child[5702]] [unpack_buffer] (0x0200): Will run as [0][0]. 16245:(2021-11-07 17:29:09): [ldap_child[5702]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16246:(2021-11-07 17:29:09): [ldap_child[5702]] [main] (0x2000): Kerberos context initialized 16247:(2021-11-07 17:29:09): [ldap_child[5702]] [become_user] (0x0200): Trying to become user [0][0]. 16248:(2021-11-07 17:29:09): [ldap_child[5702]] [become_user] (0x0200): Already user [0]. 16249:(2021-11-07 17:29:09): [ldap_child[5702]] [main] (0x2000): Running as [0][0]. 16250:(2021-11-07 17:29:09): [ldap_child[5702]] [main] (0x2000): getting TGT sync 16251:(2021-11-07 17:29:09): [ldap_child[5702]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16252:(2021-11-07 17:29:09): [ldap_child[5702]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16253:(2021-11-07 17:29:09): [ldap_child[5702]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16254:(2021-11-07 17:29:09): [ldap_child[5702]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16255:(2021-11-07 17:29:10): [ldap_child[5702]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16256:(2021-11-07 17:29:10): [ldap_child[5702]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16257:(2021-11-07 17:29:10): [ldap_child[5702]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_XJHgXI] 16258:(2021-11-07 17:29:10): [ldap_child[5702]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16259:(2021-11-07 17:29:10): [ldap_child[5702]] [prepare_response] (0x0400): Building response for result [-1765328378] 16260:(2021-11-07 17:29:10): [ldap_child[5702]] [pack_buffer] (0x2000): response size: 109 16261:(2021-11-07 17:29:10): [ldap_child[5702]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16262:(2021-11-07 17:29:10): [ldap_child[5702]] [main] (0x0400): ldap_child completed successfully 16263:(2021-11-07 17:29:10): [ldap_child[5703]] [main] (0x0400): ldap_child started. 16264:(2021-11-07 17:29:10): [ldap_child[5703]] [main] (0x2000): context initialized 16265:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): total buffer size: 88 16266:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): realm_str size: 17 16267:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16268:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): princ_str size: 31 16269:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16270:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): keytab_name size: 16 16271:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16272:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x1000): lifetime: 86400 16273:(2021-11-07 17:29:10): [ldap_child[5703]] [unpack_buffer] (0x0200): Will run as [0][0]. 16274:(2021-11-07 17:29:10): [ldap_child[5703]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16275:(2021-11-07 17:29:10): [ldap_child[5703]] [main] (0x2000): Kerberos context initialized 16276:(2021-11-07 17:29:10): [ldap_child[5703]] [become_user] (0x0200): Trying to become user [0][0]. 16277:(2021-11-07 17:29:10): [ldap_child[5703]] [become_user] (0x0200): Already user [0]. 16278:(2021-11-07 17:29:10): [ldap_child[5703]] [main] (0x2000): Running as [0][0]. 16279:(2021-11-07 17:29:10): [ldap_child[5703]] [main] (0x2000): getting TGT sync 16280:(2021-11-07 17:29:10): [ldap_child[5703]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16281:(2021-11-07 17:29:10): [ldap_child[5703]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16282:(2021-11-07 17:29:10): [ldap_child[5703]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16283:(2021-11-07 17:29:10): [ldap_child[5703]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16284:(2021-11-07 17:29:11): [ldap_child[5703]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16285:(2021-11-07 17:29:11): [ldap_child[5703]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16286:(2021-11-07 17:29:11): [ldap_child[5703]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_oiajSc] 16287:(2021-11-07 17:29:11): [ldap_child[5703]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16288:(2021-11-07 17:29:11): [ldap_child[5703]] [prepare_response] (0x0400): Building response for result [-1765328378] 16289:(2021-11-07 17:29:11): [ldap_child[5703]] [pack_buffer] (0x2000): response size: 109 16290:(2021-11-07 17:29:11): [ldap_child[5703]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16291:(2021-11-07 17:29:11): [ldap_child[5703]] [main] (0x0400): ldap_child completed successfully 16292:(2021-11-07 17:29:12): [ldap_child[5705]] [main] (0x0400): ldap_child started. 16293:(2021-11-07 17:29:12): [ldap_child[5705]] [main] (0x2000): context initialized 16294:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): total buffer size: 88 16295:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): realm_str size: 17 16296:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD 16297:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): princ_str size: 31 16298:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): got princ_str: host/hostname.domain.company.tld 16299:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): keytab_name size: 16 16300:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab 16301:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x1000): lifetime: 86400 16302:(2021-11-07 17:29:12): [ldap_child[5705]] [unpack_buffer] (0x0200): Will run as [0][0]. 16303:(2021-11-07 17:29:12): [ldap_child[5705]] [privileged_krb5_setup] (0x2000): Kerberos context initialized 16304:(2021-11-07 17:29:12): [ldap_child[5705]] [main] (0x2000): Kerberos context initialized 16305:(2021-11-07 17:29:12): [ldap_child[5705]] [become_user] (0x0200): Trying to become user [0][0]. 16306:(2021-11-07 17:29:12): [ldap_child[5705]] [become_user] (0x0200): Already user [0]. 16307:(2021-11-07 17:29:12): [ldap_child[5705]] [main] (0x2000): Running as [0][0]. 16308:(2021-11-07 17:29:12): [ldap_child[5705]] [main] (0x2000): getting TGT sync 16309:(2021-11-07 17:29:12): [ldap_child[5705]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available 16310:(2021-11-07 17:29:12): [ldap_child[5705]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] 16311:(2021-11-07 17:29:12): [ldap_child[5705]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD] 16312:(2021-11-07 17:29:12): [ldap_child[5705]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] 16313:(2021-11-07 17:29:12): [ldap_child[5705]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328378 16314:(2021-11-07 17:29:12): [ldap_child[5705]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. 16315:(2021-11-07 17:29:12): [ldap_child[5705]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_Ibx7u3] 16316:(2021-11-07 17:29:12): [ldap_child[5705]] [main] (0x0020): ldap_child_get_tgt_sync failed. 16317:(2021-11-07 17:29:12): [ldap_child[5705]] [prepare_response] (0x0400): Building response for result [-1765328378] 16318:(2021-11-07 17:29:12): [ldap_child[5705]] [pack_buffer] (0x2000): response size: 109 16319:(2021-11-07 17:29:12): [ldap_child[5705]] [pack_buffer] (0x1000): result [14] krberr [-1765328378] msgsize [89] msg [Client 'host/hostname.domain.company.tld@DOMAIN.COMPANY.TLD' not found in Kerberos database] 16320:(2021-11-07 17:29:12): [ldap_child[5705]] [main] (0x0400): ldap_child completed successfully ```

sssd_DOMAIN.COMPANY.TLD.log

macgeneral commented 2 years ago

Btw. are the following settings converted correctly from krb5.conf to sssd.conf syntax?

pkinit_identities = PKCS11:opensc-pkcs11.so
pam_cert_auth = TRUE
pkinit_anchors = FILE:/usr/share/ca-certificates/trust-source/company.bundle.crt
pam_cert_db_path = /usr/share/ca-certificates/trust-source/company.bundle.crt
pkinit_cert_match = <EKU>msScLogin,clientAuth
[DOMAIN]
[..]
certificate_rules = pki

[certificate_rule/pki]
certificate_match = <EKU>msScLogin,clientAuth
pkinit_kdc_hostname = domain.company.tld
pkinit_kdc_hostname = DOMAIN
???
macgeneral commented 2 years ago

Note: it seems like it's catching lots of other domain users information from the ldap in sssd_DOMAIN.COMPANY.TLD.log so I assume something with the ldap configuration/lookup is wrong. I had to redact those values but you can search for redacted in the log file.

sumit-bose commented 2 years ago

Btw. are the following settings converted correctly from krb5.conf to sssd.conf syntax?

pkinit_identities = PKCS11:opensc-pkcs11.so
pam_cert_auth = TRUE
pkinit_anchors = FILE:/usr/share/ca-certificates/trust-source/company.bundle.crt
pam_cert_db_path = /usr/share/ca-certificates/trust-source/company.bundle.crt
pkinit_cert_match = <EKU>msScLogin,clientAuth
[DOMAIN]
[..]
certificate_rules = pki

[certificate_rule/pki]
certificate_match = <EKU>msScLogin,clientAuth

Hi,

this is wrong, you do not need a reference in the [domain/...] section but use the domain name the the mapping and matching section with is called [certmap/...]. Since you have <EKU>msScLogin in the matching rule but might be worth to try a different mapping rule than the default rule (match whole certificate) which does not seem to work properly and causes the LDAP search timeout. I would suggest to use:

[certmap/your.domain.name/pki] matchrule = msScLogin,clientAuth maprule = (|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name}))

pkinit_kdc_hostname = domain.company.tld
pkinit_kdc_hostname = DOMAIN
???

There is no corresponding SSSD option. All pkinit options should be kept in krb5.conf to allow manual pkinit as well. SSSD will not override to options to avoid confusion, but it needs some of the options to select and validate the certificate.

To your other question about krb5_child and p11_child. SSSD will use krb5_child for pkinit but currently SSSD was not able to related to user and the certificate with the default mapping rule. That's why krb5_child is not called for pkinit. I hope the new mapping rule which usese the userPrincipalName from the certificate works better.

bye, Sumit

macgeneral commented 2 years ago

Hi,

Thank you for your very fast response.
Unfortunately it still fails - but this time way faster.

I've tried to reduce the log output by searching for my name and attaching the 10 following lines for each match. I've redacted the OU= parts with [..] - but I think it successfully retrieves the certificate anyways.

sssd_DOMAIN.COMPANY.TLD.log (shortened with grep -A10 Lastname) ``` (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_entry] (0x1000): [RID#851] OriginalDN: [CN=Lastname Firstname aduser,OU=Users,OU=[..],OU=[..],OU=[..],DC=domain,DC=company,DC=tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [objectClass] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x1000): [RID#851] Base attribute of [userCertificate;binary] is [userCertificate] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x1000): [RID#851] [userCertificate;binary] contains sub-attribute other than a range, returning whole (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [whenChanged] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [memberOf] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [uSNChanged] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [name] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [objectGUID] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [userAccountControl] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [primaryGroupID] -- (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_save_user] (0x2000): [RID#851] Adding originalDN [CN=Lastname Firstname aduser,OU=Users,OU=[..],OU=[..],OU=[..],DC=domain,DC=company,DC=tld] to attributes of [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_save_user] (0x0400): [RID#851] Adding original memberOf attributes to [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] Adding original mod-Timestamp [20211104184302.0Z] to attributes of [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_save_user] (0x0400): [RID#851] Adding user principal [firstname.lastname@COMPANY.TLD] to attributes of [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] shadowLastChange is not available for [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] shadowMin is not available for [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] shadowMax is not available for [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] shadowWarning is not available for [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] shadowInactive is not available for [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] shadowExpire is not available for [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] shadowFlag is not available for [aduser@domain.company.tld]. -- (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] Adding userCertificate [[escaped-cert_1]] to attributes of [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_attrs_add_ldap_attr] (0x2000): [RID#851] Adding mail [firstname.lastname@company.tld] to attributes of [aduser@domain.company.tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sysdb_attrs_get_aliases] (0x2000): [RID#851] Domain is case-insensitive; will add lowercased aliases (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_save_user] (0x0400): [RID#851] Storing info for user aduser@domain.company.tld (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sysdb_set_entry_attr] (0x0200): [RID#851] Entry [name=aduser@domain.company.tld,cn=users,cn=DOMAIN.COMPANY.TLD,cn=sysdb] has set [ts_cache] attrs. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sysdb_remove_attrs] (0x2000): [RID#851] Removing attribute [userPassword] from [aduser@domain.company.tld] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sysdb_store_user] (0x0400): [RID#851] User "aduser@domain.company.tld" has been stored (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_get_initgr_user] (0x4000): [RID#851] Commit change (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_get_initgr_user] (0x4000): [RID#851] Process user's groups (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_id_op_connect_step] (0x4000): [RID#851] reusing cached connection (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_print_server] (0x2000): [RID#851] Searching [IPv4 address]:389 (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x0400): [RID#851] calling ldap_search_ext with [no filter][CN=Lastname Firstname aduser,OU=Users,OU=[..],OU=[..],OU=[..],DC=domain,DC=company,DC=tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x1000): [RID#851] Requesting attrs: [tokenGroups] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_ext_step] (0x2000): [RID#851] ldap_search_ext called, msgid = 20 (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_op_add] (0x2000): [RID#851] New operation 20 timeout 30 (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x564137f47070], connected[1], ops[0x564137f837e0], ldap[0x564137e95df0] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: end of ldap_result list (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x564137f47070], connected[1], ops[0x564137f837e0], ldap[0x564137e95df0] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_process_message] (0x4000): [RID#851] Message type: [LDAP_RES_SEARCH_ENTRY] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_entry] (0x1000): [RID#851] OriginalDN: [CN=Lastname Firstname aduser,OU=Users,OU=[..],OU=[..],OU=[..],DC=domain,DC=company,DC=tld]. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_parse_range] (0x2000): [RID#851] No sub-attributes for [tokenGroups] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_process_result] (0x2000): Trace: sh[0x564137f47070], connected[1], ops[0x564137f837e0], ldap[0x564137e95df0] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_process_message] (0x4000): [RID#851] Message type: [LDAP_RES_SEARCH_RESULT] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_get_generic_op_finished] (0x0400): [RID#851] Search result: Success(0), no errmsg set (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_op_destructor] (0x2000): [RID#851] Operation 20 finished (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_ad_save_group_membership_with_idmapping] (0x1000): [RID#851] Processing membership SID [S-1-5-32-545] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_idmap_sid_to_unix] (0x0400): [RID#851] Object SID [S-1-5-32-545] is a built-in one. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_ad_save_group_membership_with_idmapping] (0x0400): [RID#851] Skipping built-in object. (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sdap_ad_save_group_membership_with_idmapping] (0x1000): [RID#851] Processing membership SID [S-1-5-21-126432666-1270913926-3679153413-3333660] (2021-11-08 10:24:23): [be[DOMAIN.COMPANY.TLD]] [sss_domain_get_state] (0x1000): [RID#851] Domain DOMAIN.COMPANY.TLD is Active ```
ldap_child.log ``` (2021-11-08 10:24:15): [ldap_child[9633]] [main] (0x0400): ldap_child started. (2021-11-08 10:24:15): [ldap_child[9633]] [main] (0x2000): context initialized (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-08 10:24:15): [ldap_child[9633]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-08 10:24:15): [ldap_child[9633]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-08 10:24:15): [ldap_child[9633]] [main] (0x2000): Kerberos context initialized (2021-11-08 10:24:15): [ldap_child[9633]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-08 10:24:15): [ldap_child[9633]] [become_user] (0x0200): Already user [0]. (2021-11-08 10:24:15): [ldap_child[9633]] [main] (0x2000): Running as [0][0]. (2021-11-08 10:24:15): [ldap_child[9633]] [main] (0x2000): getting TGT sync (2021-11-08 10:24:15): [ldap_child[9633]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-08 10:24:15): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-08 10:24:15): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-08 10:24:15): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-08 10:24:16): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-08 10:24:16): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_BdvzkP] (2021-11-08 10:24:16): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-08 10:24:16): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-08 10:24:16): [ldap_child[9633]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_BdvzkP] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-08 10:24:16): [ldap_child[9633]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_BdvzkP] (2021-11-08 10:24:16): [ldap_child[9633]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_BdvzkP] (2021-11-08 10:24:16): [ldap_child[9633]] [prepare_response] (0x0400): Building response for result [0] (2021-11-08 10:24:16): [ldap_child[9633]] [pack_buffer] (0x2000): response size: 65 (2021-11-08 10:24:16): [ldap_child[9633]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-08 10:24:16): [ldap_child[9633]] [main] (0x0400): ldap_child completed successfully (2021-11-08 10:24:17): [ldap_child[9635]] [main] (0x0400): ldap_child started. (2021-11-08 10:24:17): [ldap_child[9635]] [main] (0x2000): context initialized (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-08 10:24:17): [ldap_child[9635]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-08 10:24:17): [ldap_child[9635]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-08 10:24:17): [ldap_child[9635]] [main] (0x2000): Kerberos context initialized (2021-11-08 10:24:17): [ldap_child[9635]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-08 10:24:17): [ldap_child[9635]] [become_user] (0x0200): Already user [0]. (2021-11-08 10:24:17): [ldap_child[9635]] [main] (0x2000): Running as [0][0]. (2021-11-08 10:24:17): [ldap_child[9635]] [main] (0x2000): getting TGT sync (2021-11-08 10:24:17): [ldap_child[9635]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_dI5Iok] (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-08 10:24:17): [ldap_child[9635]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_dI5Iok] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-08 10:24:17): [ldap_child[9635]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_dI5Iok] (2021-11-08 10:24:17): [ldap_child[9635]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_dI5Iok] (2021-11-08 10:24:17): [ldap_child[9635]] [prepare_response] (0x0400): Building response for result [0] (2021-11-08 10:24:17): [ldap_child[9635]] [pack_buffer] (0x2000): response size: 65 (2021-11-08 10:24:17): [ldap_child[9635]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-08 10:24:17): [ldap_child[9635]] [main] (0x0400): ldap_child completed successfully (2021-11-08 10:24:20): [ldap_child[9647]] [main] (0x0400): ldap_child started. (2021-11-08 10:24:20): [ldap_child[9647]] [main] (0x2000): context initialized (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): total buffer size: 66 (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): realm_str size: 17 (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): got realm_str: DOMAIN.COMPANY.TLD (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): princ_str size: 9 (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): got princ_str: hostname$ (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): keytab_name size: 16 (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): got keytab_name: /etc/krb5.keytab (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x1000): lifetime: 86400 (2021-11-08 10:24:20): [ldap_child[9647]] [unpack_buffer] (0x0200): Will run as [0][0]. (2021-11-08 10:24:20): [ldap_child[9647]] [privileged_krb5_setup] (0x2000): Kerberos context initialized (2021-11-08 10:24:20): [ldap_child[9647]] [main] (0x2000): Kerberos context initialized (2021-11-08 10:24:20): [ldap_child[9647]] [become_user] (0x0200): Trying to become user [0][0]. (2021-11-08 10:24:20): [ldap_child[9647]] [become_user] (0x0200): Already user [0]. (2021-11-08 10:24:20): [ldap_child[9647]] [main] (0x2000): Running as [0][0]. (2021-11-08 10:24:20): [ldap_child[9647]] [main] (0x2000): getting TGT sync (2021-11-08 10:24:20): [ldap_child[9647]] [sss_child_set_krb5_tracing] (0x0100): krb5 tracing is not available (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x2000): got realm_name: [DOMAIN.COMPANY.TLD] (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [hostname$@DOMAIN.COMPANY.TLD] (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab] (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x2000): credentials initialized (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x2000): keytab ccname: [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_0Fjyls] (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x2000): credentials stored (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x2000): Got KDC time offset (2021-11-08 10:24:20): [ldap_child[9647]] [ldap_child_get_tgt_sync] (0x2000): Renaming [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_0Fjyls] to [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-08 10:24:20): [ldap_child[9647]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_0Fjyls] (2021-11-08 10:24:20): [ldap_child[9647]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD_0Fjyls] (2021-11-08 10:24:20): [ldap_child[9647]] [prepare_response] (0x0400): Building response for result [0] (2021-11-08 10:24:20): [ldap_child[9647]] [pack_buffer] (0x2000): response size: 65 (2021-11-08 10:24:20): [ldap_child[9647]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [45] msg [FILE:/var/lib/sss/db/ccache_DOMAIN.COMPANY.TLD] (2021-11-08 10:24:20): [ldap_child[9647]] [main] (0x0400): ldap_child completed successfully ```
p11_child.log ``` (2021-11-08 10:24:21): [p11_child[9648]] [main] (0x0400): p11_child started. (2021-11-08 10:24:21): [p11_child[9648]] [main] (0x2000): Running in [pre-auth] mode. (2021-11-08 10:24:21): [p11_child[9648]] [main] (0x2000): Running with effective IDs: [0][0]. (2021-11-08 10:24:21): [p11_child[9648]] [main] (0x2000): Running with real IDs [0][0]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): Module List: (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): common name: [p11-kit-trust]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/p11-kit-trust.so]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): Description [/etc/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): Description [/usr/share/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): common name: [opensc]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/opensc-pkcs11.so]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): Description [Alcor Micro AU9540 00 00 Generic ] Manufacturer [Generic ] flags [6] removable [true] token present [false]. (2021-11-08 10:24:23): [p11_child[9648]] [do_card] (0x4000): Token not present. (2021-11-08 10:24:23): [p11_child[9648]] [main] (0x0040): do_work failed. (2021-11-08 10:24:23): [p11_child[9648]] [main] (0x0020): p11_child failed! ```
sssd_pam.log ``` (2021-11-08 10:24:21): [pam] [get_client_cred] (0x4000): Client [0x5569ba3927a0][24] creds: euid[0] egid[aduserid] pid[9632] cmd_line['sudo']. (2021-11-08 10:24:21): [pam] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: (2021-11-08 10:24:21): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x5569ba3927a0][24] (2021-11-08 10:24:21): [pam] [accept_fd_handler] (0x0400): Client [CID #1][cmd sudo][0x5569ba3927a0][24] connected! (2021-11-08 10:24:21): [pam] [sss_cmd_get_version] (0x0200): Received client version [3]. (2021-11-08 10:24:21): [pam] [sss_cmd_get_version] (0x0200): Offered version [3]. (2021-11-08 10:24:21): [pam] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth (2021-11-08 10:24:21): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-08 10:24:21): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-08 10:24:21): [pam] [sss_parse_name_for_domains] (0x0200): name 'aduser' matched without domain, user is aduser (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_PREAUTH (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] domain: not set (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] user: aduser (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] ruser: aduser (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 9632 (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] logon name: aduser (2021-11-08 10:24:21): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 (2021-11-08 10:24:21): [pam] [child_handler_setup] (0x2000): Setting up signal handler up for pid [9648] (2021-11-08 10:24:21): [pam] [child_handler_setup] (0x2000): Signal handler set up for pid [9648] (2021-11-08 10:24:23): [pam] [read_pipe_handler] (0x0400): EOF received, client finished (2021-11-08 10:24:23): [pam] [parse_p11_child_response] (0x1000): No certificate found. (2021-11-08 10:24:23): [pam] [cache_req_set_plugin] (0x2000): CR #0: Setting "Initgroups by name" plugin (2021-11-08 10:24:23): [pam] [cache_req_send] (0x0400): CR #0: REQ_TRACE: New request [CID #1] 'Initgroups by name' (2021-11-08 10:24:23): [pam] [cache_req_process_input] (0x0400): CR #0: Parsing input name [aduser] (2021-11-08 10:24:23): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-08 10:24:23): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-08 10:24:23): [pam] [sss_parse_name_for_domains] (0x0200): name 'aduser' matched without domain, user is aduser (2021-11-08 10:24:23): [pam] [child_sig_handler] (0x1000): Waiting for child [9648]. (2021-11-08 10:24:23): [pam] [child_sig_handler] (0x0020): child [9648] failed with status [1]. (2021-11-08 10:24:23): [pam] [cache_req_set_name] (0x0400): CR #0: Setting name [aduser] (2021-11-08 10:24:23): [pam] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search (2021-11-08 10:24:23): [pam] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and bypass the data provider (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DOMAIN.COMPANY.TLD type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [DOMAIN.COMPANY.TLD] (2021-11-08 10:24:23): [pam] [cache_req_prepare_domain_data] (0x0400): CR #0: Preparing input data for domain [DOMAIN.COMPANY.TLD] rules (2021-11-08 10:24:23): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up aduser@domain.company.tld (2021-11-08 10:24:23): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [aduser@domain.company.tld] (2021-11-08 10:24:23): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/DOMAIN.COMPANY.TLD/aduser@domain.company.tld] (2021-11-08 10:24:23): [pam] [cache_req_search_ncache] (0x0400): CR #0: [aduser@domain.company.tld] is not present in negative cache (2021-11-08 10:24:23): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [aduser@domain.company.tld] in cache (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain CompanyChildDomain.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain host_1.local type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain host_2.local type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain GB003.COMPANYMETERING.TLD type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ptdea.company.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain eu.d-rco.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ch999.company.ch type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain de010.company.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ww104.automation.company.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain atvies001a.companypro.at type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain mftech.dbgr.company.de type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain na.d-rco.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain medpse.companypro.at type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ppal.directory type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DELPZK001A.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain nbgdom.spc type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain dev.its type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain khe.sgs.company.de type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain evosec.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ch911.company.ch type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain de-ras.de.abatos.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ot001.company.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ist type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ad903.company.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain host_3.local type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain weissgmbh.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain mgc.mentorg.tld type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain OTHERDOMAIN.COMPANY.TLD type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_set_domain] (0x0400): CR #0: Using domain [OTHERDOMAIN.COMPANY.TLD] (2021-11-08 10:24:23): [pam] [cache_req_prepare_domain_data] (0x0400): CR #0: Preparing input data for domain [OTHERDOMAIN.COMPANY.TLD] rules (2021-11-08 10:24:23): [pam] [cache_req_search_send] (0x0400): CR #0: Looking up aduser@otherdomain.company.tld (2021-11-08 10:24:23): [pam] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [aduser@otherdomain.company.tld] (2021-11-08 10:24:23): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/OTHERDOMAIN.COMPANY.TLD/aduser@otherdomain.company.tld] (2021-11-08 10:24:23): [pam] [cache_req_search_ncache] (0x0400): CR #0: [aduser@otherdomain.company.tld] is not present in negative cache (2021-11-08 10:24:23): [pam] [cache_req_search_cache] (0x0400): CR #0: Looking up [aduser@otherdomain.company.tld] in cache (2021-11-08 10:24:23): [pam] [cache_req_search_cache] (0x0400): CR #0: Object [aduser@otherdomain.company.tld] was not found in cache (2021-11-08 10:24:23): [pam] [cache_req_process_result] (0x0400): CR #0: Finished: Not found (2021-11-08 10:24:23): [pam] [pam_check_user_search_next] (0x4000): PAM initgroups scheme [no_session]. (2021-11-08 10:24:23): [pam] [cache_req_set_plugin] (0x2000): CR #1: Setting "Initgroups by name" plugin (2021-11-08 10:24:23): [pam] [cache_req_send] (0x0400): CR #1: REQ_TRACE: New request [CID #1] 'Initgroups by name' (2021-11-08 10:24:23): [pam] [cache_req_process_input] (0x0400): CR #1: Parsing input name [aduser] (2021-11-08 10:24:23): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-08 10:24:23): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-08 10:24:23): [pam] [sss_parse_name_for_domains] (0x0200): name 'aduser' matched without domain, user is aduser (2021-11-08 10:24:23): [pam] [cache_req_set_name] (0x0400): CR #1: Setting name [aduser] (2021-11-08 10:24:23): [pam] [cache_req_select_domains] (0x0400): CR #1: Performing a multi-domain search (2021-11-08 10:24:23): [pam] [cache_req_search_domains] (0x0400): CR #1: Search will bypass the cache and check the data provider (2021-11-08 10:24:23): [pam] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain DOMAIN.COMPANY.TLD type POSIX is valid (2021-11-08 10:24:23): [pam] [cache_req_set_domain] (0x0400): CR #1: Using domain [DOMAIN.COMPANY.TLD] (2021-11-08 10:24:23): [pam] [cache_req_prepare_domain_data] (0x0400): CR #1: Preparing input data for domain [DOMAIN.COMPANY.TLD] rules (2021-11-08 10:24:23): [pam] [cache_req_search_send] (0x0400): CR #1: Looking up aduser@domain.company.tld (2021-11-08 10:24:23): [pam] [cache_req_search_ncache] (0x0400): CR #1: Checking negative cache for [aduser@domain.company.tld] (2021-11-08 10:24:23): [pam] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/DOMAIN.COMPANY.TLD/aduser@domain.company.tld] (2021-11-08 10:24:23): [pam] [cache_req_search_ncache] (0x0400): CR #1: [aduser@domain.company.tld] is not present in negative cache (2021-11-08 10:24:23): [pam] [cache_req_search_dp] (0x0400): CR #1: Looking up [aduser@domain.company.tld] in data provider (2021-11-08 10:24:23): [pam] [sss_dp_get_account_send] (0x0400): Creating request for [DOMAIN.COMPANY.TLD][0x3][BE_REQ_INITGROUPS][name=aduser@domain.company.tld:-] (2021-11-08 10:24:23): [pam] [sbus_dispatch] (0x4000): Dispatching. (2021-11-08 10:24:23): [pam] [sss_domain_get_state] (0x1000): Domain DOMAIN.COMPANY.TLD is Active (2021-11-08 10:24:23): [pam] [cache_req_search_cache] (0x0400): CR #1: Looking up [aduser@domain.company.tld] in cache (2021-11-08 10:24:23): [pam] [cache_req_search_ncache_filter] (0x0400): CR #1: This request type does not support filtering result by negative cache (2021-11-08 10:24:23): [pam] [cache_req_search_done] (0x0400): CR #1: Returning updated object [aduser@domain.company.tld] (2021-11-08 10:24:23): [pam] [cache_req_create_and_add_result] (0x0400): CR #1: Found 38 entries in domain DOMAIN.COMPANY.TLD (2021-11-08 10:24:23): [pam] [cache_req_done] (0x0400): CR #1: Finished: Success (2021-11-08 10:24:23): [pam] [pd_set_primary_name] (0x0400): User's primary name is aduser@domain.company.tld (2021-11-08 10:24:23): [pam] [pam_initgr_check_timeout] (0x4000): User [aduser] not found in PAM cache. (2021-11-08 10:24:23): [pam] [pam_initgr_cache_set] (0x2000): [aduser] added to PAM initgroup cache (2021-11-08 10:24:23): [pam] [pam_dp_send_req] (0x0100): Sending request [CID #1] with the following data: (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] command: SSS_PAM_PREAUTH (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] domain: DOMAIN.COMPANY.TLD (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] user: aduser@domain.company.tld (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] service: sudo (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] tty: /dev/pts/0 (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] ruser: aduser (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] rhost: not set (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] authtok type: 0 (No authentication token available) (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] newauthtok type: 0 (No authentication token available) (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] priv: 0 (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] cli_pid: 9632 (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] logon name: aduser (2021-11-08 10:24:23): [pam] [pam_print_data] (0x0100): [CID #1] flags: 18 (2021-11-08 10:24:23): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2021-11-08 10:24:28): [pam] [sbus_dispatch] (0x4000): Dispatching. (2021-11-08 10:24:28): [pam] [pam_dp_send_req_done] (0x0200): received: [0 (Success)][DOMAIN.COMPANY.TLD][CID #1] (2021-11-08 10:24:28): [pam] [pam_reply] (0x4000): pam_reply initially called with result [0]: Success. this result might be changed during processing (2021-11-08 10:24:28): [pam] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo]. (2021-11-08 10:24:28): [pam] [filter_responses] (0x0100): PAM response filter: [ENV:KRB5CCNAME:sudo-i]. (2021-11-08 10:24:28): [pam] [pam_eval_prompting_config] (0x4000): No prompting configuration found. (2021-11-08 10:24:28): [pam] [pam_reply] (0x0200): blen: 42 (2021-11-08 10:24:28): [pam] [pam_reply] (0x0200): Returning [0]: Success to the client [CID #1] (2021-11-08 10:24:28): [pam] [pam_initgr_cache_remove] (0x2000): [aduser] removed from PAM initgroup cache (2021-11-08 10:24:51): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x5569ba3927a0][24] ```

Seems like sssd currently doesn't recognize my second smartcard reader (pcsc_scan does though)- so I've switched to the internal one and retried (the ldap_child and DOMAIN log were empty for the timeframe on the second attempt):

p11_child.log ``` (2021-11-08 10:49:02): [p11_child[11715]] [main] (0x0400): p11_child started. (2021-11-08 10:49:02): [p11_child[11715]] [main] (0x2000): Running in [pre-auth] mode. (2021-11-08 10:49:02): [p11_child[11715]] [main] (0x2000): Running with effective IDs: [0][0]. (2021-11-08 10:49:02): [p11_child[11715]] [main] (0x2000): Running with real IDs [0][0]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): Module List: (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): common name: [p11-kit-trust]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/p11-kit-trust.so]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): Description [/etc/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): Description [/usr/share/ca-certificates/trust-source PKCS#11 Kit ] Manufacturer [PKCS#11 Kit ] flags [1] removable [false] token present [true]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): common name: [opensc]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): dll name: [/usr/lib/pkcs11/opensc-pkcs11.so]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): Description [Alcor Micro AU9540 00 00 Generic ] Manufacturer [Generic ] flags [7] removable [true] token present [true]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): Found [Company Corporate ID Card] in slot [Alcor Micro AU9540 00 00][0] of module [1][/usr/lib/pkcs11/opensc-pkcs11.so]. (2021-11-08 10:49:05): [p11_child[11715]] [do_card] (0x4000): Login NOT required. (2021-11-08 10:49:05): [p11_child[11715]] [read_certs] (0x4000): found cert[Auth [date-from date-to]][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] (2021-11-08 10:49:05): [p11_child[11715]] [do_ocsp] (0x4000): Using OCSP URL [http://ocsp.company.tld]. (2021-11-08 10:49:10): [p11_child[11715]] [do_ocsp] (0x4000): Nonce in OCSP response is the same as the one used in the request. (2021-11-08 10:49:10): [p11_child[11715]] [do_ocsp] (0x4000): OCSP check was successful. (2021-11-08 10:49:10): [p11_child[11715]] [read_certs] (0x4000): found cert[Encr [date-from date-to] 03][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname Firstname] (2021-11-08 10:49:10): [p11_child[11715]] [do_ocsp] (0x4000): Using OCSP URL [http://ocsp.company.tld]. ```
sssd_pam.log ``` (2021-11-08 10:49:02): [pam] [get_client_cred] (0x4000): Client [0x56226c7b4720][24] creds: euid[0] egid[aduserid] pid[11714] cmd_line['sudo']. (2021-11-08 10:49:02): [pam] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: (2021-11-08 10:49:02): [pam] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x56226c7b4720][24] (2021-11-08 10:49:02): [pam] [accept_fd_handler] (0x0400): Client [CID #2][cmd sudo][0x56226c7b4720][24] connected! (2021-11-08 10:49:02): [pam] [sss_cmd_get_version] (0x0200): Received client version [3]. (2021-11-08 10:49:02): [pam] [sss_cmd_get_version] (0x0200): Offered version [3]. (2021-11-08 10:49:02): [pam] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth (2021-11-08 10:49:02): [pam] [sss_parse_name] (0x0100): Domain not provided! (2021-11-08 10:49:02): [pam] [sss_domain_get_state] (0x1000): Domain OTHERDOMAIN.COMPANY.TLD is Active (2021-11-08 10:49:02): [pam] [sss_parse_name_for_domains] (0x0200): name 'aduser' matched without domain, user is aduser (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_PREAUTH (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] domain: not set (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] user: aduser (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] service: sudo (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] tty: /dev/pts/0 (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] ruser: aduser (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] rhost: not set (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] authtok type: 0 (No authentication token available) (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] priv: 0 (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] cli_pid: 11714 (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] logon name: aduser (2021-11-08 10:49:02): [pam] [pam_print_data] (0x0100): [CID #2] flags: 18 (2021-11-08 10:49:02): [pam] [child_handler_setup] (0x2000): Setting up signal handler up for pid [11715] (2021-11-08 10:49:02): [pam] [child_handler_setup] (0x2000): Signal handler set up for pid [11715] (2021-11-08 10:49:12): [pam] [p11_child_timeout] (0x0020): Timeout reached for p11_child, consider increasing p11_child_timeout. (2021-11-08 10:49:12): [pam] [pam_forwarder_cert_cb] (0x0040): get_cert request failed. (2021-11-08 10:49:12): [pam] [pam_reply] (0x4000): pam_reply initially called with result [4]: System error. this result might be changed during processing (2021-11-08 10:49:12): [pam] [pam_eval_prompting_config] (0x4000): No prompting configuration found. (2021-11-08 10:49:12): [pam] [pam_reply] (0x0200): blen: 8 (2021-11-08 10:49:12): [pam] [pam_reply] (0x0200): Returning [4]: System error to the client [CID #2] (2021-11-08 10:49:12): [pam] [child_sig_handler] (0x1000): Waiting for child [11715]. (2021-11-08 10:49:12): [pam] [child_sig_handler] (0x0020): child [11715] was terminated by signal [9]. ```

From the logs I would assume that retrieving my certificate from LDAP was successful and that sssd used the cached version in the second attempt. It still fails to prompt for the smartcard PIN though. [pam] [pam_eval_prompting_config] (0x4000): No prompting configuration found.

How can I fix this or do I miss something else? I would provide the PIN on stdin / tty (and later on in the GUI prompts of Polkit/GDM).

macgeneral commented 2 years ago

PS: I did set the p11_child_timeout = 30 in the [pam] section of the sssd.conf for testing purposes, but it just results in a longer time to wait for the error.

sumit-bose commented 2 years ago

Hi,

it looks like p11_child is stuck in the OCSP check, please try to disable it by setting

certificate_verification = no_ocsp

in the [sssd] section of sssd.conf.

bye, Sumit

alexey-tikhonov commented 2 years ago

Hi,

(2021-11-08 10:49:05): [p11_child[11715]] [read_certs] (0x4000): found
cert[Auth [date-from
date-to]][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname
Firstname]
(2021-11-08 10:49:05): [p11_child[11715]] [do_ocsp] (0x4000): Using OCSP
URL [http://ocsp.company.tld].
(2021-11-08 10:49:10): [p11_child[11715]] [do_ocsp] (0x4000): Nonce in OCSP
response is the same as the one used in the request.
(2021-11-08 10:49:10): [p11_child[11715]] [do_ocsp] (0x4000): OCSP check
was successful.
(2021-11-08 10:49:10): [p11_child[11715]] [read_certs] (0x4000): found
cert[Encr [date-from date-to]
03][/serialNumber=ADUSER/GN=Firstname/SN=Lastname/O=Company/CN=Lastname
Firstname]
(2021-11-08 10:49:10): [p11_child[11715]] [do_ocsp] (0x4000): Using OCSP
URL [http://ocsp.company.tld].

-- getting response from your OCSP server is very slow.

You can try to disable OCSP for a test - "certificate_verification = no_ocsp" - see man sssd.conf for details. Or, alternatively, try to increase p11_child_timeout - to allow more time for communication with the OCSP server.

andreboscatto commented 1 year ago

@macgeneral we are assuming the issue is fixed and configuration related. Please feel free to reopen if it is not the case.