i manually start sssd service in debug: i hope is useful
[root@cloud ~]# systemctl stop sssd.service
[root@cloud ~]# sssd -i -d 4
(Thu Aug 1 11:24:06:127794 2019) [sssd] [confdb_init_db] (0x0100): LDIF file to import:
dn: cn=config
version: 2
dn: cn=sssd,cn=config
cn: sssd
domains: domain.it
config_file_version: 2
services: nss, pam
default_domain_suffix: domain.it
dn: cn=domain.it,cn=domain,cn=config
cn: domain.it
use_fully_qualified_names: True
id_provider: ad
access_provider: ad
ad_domain: intranet.domain.it
krb5_realm: INTRANET.domain.IT
krb5_store_password_if_offline: True
ldap_id_mapping: True
ad_maximum_machine_account_password_age: 0
cache_credentials: True
override_homedir: /var/lib/nethserver/home/%u
default_shell: /usr/libexec/openssh/sftp-server
realmd_tags: manages-system joined-with-samba
dn: cn=nss,cn=config
cn: nss
filter_users: ldapservice
(Thu Aug 1 11:24:06:195001 2019) [sssd] [confdb_ensure_files_domain] (0x0100): The implicit files domain is disabled
(Thu Aug 1 11:24:06:195206 2019) [sssd] [confdb_get_domain_internal] (0x0100): Default domain suffix set. Changing default for use_fully_qualified_names to True.
(Thu Aug 1 11:24:06 2019) [sssd] [confdb_get_domain_internal] (0x0100): Default domain suffix set. Changing default for use_fully_qualified_names to True.
(Thu Aug 1 11:24:06 2019) [sssd] [sss_names_init_from_args] (0x0100): Using re [(((?P[^\]+)\(?P.+))|((?P<name>[^@]+)@(?P<domain>.+))|(^(?P[^@\]+)$))].
(Thu Aug 1 11:24:06 2019) [sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
(Thu Aug 1 11:24:06 2019) [sssd] [start_service] (0x0100): Queueing service domain.it for startup
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [confdb_get_domain_internal] (0x0100): Default domain suffix set. Changing default for use_fully_qualified_names to True.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_domain.it,1)
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sss_names_init_from_args] (0x0100): Using re [(((?P[^\]+)\(?P.+))|((?P<name>[^@]+)@(?P<domain>.+))|(^(?P[^@\]+)$))].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [id]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [auth]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [access]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [chpass]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [sudo]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [autofs]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [selinux]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [hostid]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [subdomains]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_load_configuration] (0x0100): Using [ad] provider for [session]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_get_common_options] (0x0100): No AD server set, will use service discovery!
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_get_common_options] (0x0100): Setting ad_hostname to [cloud.domain.it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_get_common_options] (0x0100): Setting domain option case_sensitive to [false]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [krb5_service_new] (0x0100): write_kdcinfo for realm INTRANET.domain.IT set to false
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_failover_init] (0x0100): No primary servers defined, using service discovery
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [_ad_servers_init] (0x0100): Added service discovery for AD
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_set_sdap_options] (0x0100): Option krb5_realm set to INTRANET.domain.IT
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_sasl_options] (0x0100): Will look for cloud.domain.it@INTRANET.domain.IT in default keytab
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to CLOUD$
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to INTRANET.domain.IT
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_set_search_bases] (0x0100): Search base not set. SSSD will attempt to discover it later, when connecting to the LDAP server.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_dyndns_init] (0x0100): Dynamic DNS updates are on. Checking for nsupdate…
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_idmap_init] (0x0100): Initializing [1] domains for ID-mapping
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_machine_account_password_renewal_init] (0x0100): Automatic machine account renewal disabled.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_get_auth_options] (0x0100): Option krb5_server set to (null)
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_get_auth_options] (0x0100): Option krb5_realm set to INTRANET.domain.IT
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_get_auth_options] (0x0100): Option krb5_use_kdcinfo set to true
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sss_krb5_check_options] (0x0100): No KDC explicitly configured, using defaults.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sss_krb5_check_options] (0x0100): No kpasswd server explicitly configured, using the KDC or defaults.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sss_krb5_check_options] (0x0100): ccache is of type FILE
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [parse_krb5_map_user] (0x0100): krb5_map_user is empty!
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_target_init] (0x0100): Target [selinux] is not supported by module [ad].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_target_init] (0x0100): Target [hostid] is not supported by module [ad].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_set_search_bases] (0x0100): Search base not set. SSSD will attempt to discover it later, when connecting to the LDAP server.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_target_init] (0x0100): Target [session] is not supported by module [ad].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [fo_resolve_service_send] (0x0100): Trying to resolve service ‘AD’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of ‘_ldap._tcp.domain._sites.intranet.domain.it’
(Thu Aug 1 11:24:06 2019) [sssd] [client_registration] (0x0100): Received ID registration: (%BE_domain.it,1)
(Thu Aug 1 11:24:06 2019) [sssd] [mark_service_as_started] (0x0100): Now starting services!
(Thu Aug 1 11:24:06 2019) [sssd] [start_service] (0x0100): Queueing service nss for startup
(Thu Aug 1 11:24:06 2019) [sssd] [start_service] (0x0100): Queueing service pam for startup
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [id_callback] (0x0100): Got id ack and version (1) from Monitor
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of ‘dc02.intranet.domain.it’ in files
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of ‘dc02.intranet.domain.it’ in files
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of ‘dc02.intranet.domain.it’ in DNS
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [confdb_get_domain_internal] (0x0100): Default domain suffix set. Changing default for use_fully_qualified_names to True.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of ‘_ldap._tcp.domain._sites.intranet.domain.it’
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [monitor_common_send_id] (0x0100): Sending ID: (nss,1)
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [sss_names_init_from_args] (0x0100): Using re [(((?P[^\]+)\(?P.+))|((?P<name>[^@]+)@(?P<domain>.+))|(^(?P[^@\]+)$))].
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of ‘_ldap._tcp.intranet.domain.it’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x56546069f820]
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [sss_names_init_from_args] (0x0100): Using re [(((?P[^\]+)\(?P.+))|((?P<name>[^@]+)@(?P<domain>.+))|(^(?P[^@\]+)$))].
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service ‘AD’ as ‘resolved’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of ‘dc01.intranet.domain.it’ in files
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [set_server_common_status] (0x0100): Marking server ‘dc01.intranet.domain.it’ as ‘resolving name’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of ‘dc01.intranet.domain.it’ in files
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of ‘dc01.intranet.domain.it’ in DNS
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [set_server_common_status] (0x0100): Marking server ‘dc01.intranet.domain.it’ as ‘name resolved’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_resolve_callback] (0x0100): Constructed uri ‘ldap://dc01.intranet.domain.it’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [ad_resolve_callback] (0x0100): Constructed GC uri ‘ldap://dc01.intranet.domain.it’
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [confdb_get_domain_internal] (0x0100): Default domain suffix set. Changing default for use_fully_qualified_names to True.
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [monitor_common_send_id] (0x0100): Sending ID: (pam,1)
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [sss_names_init_from_args] (0x0100): Using re [(((?P[^\]+)\(?P.+))|((?P<name>[^@]+)@(?P<domain>.+))|(^(?P[^@\]+)$))].
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [sss_names_init_from_args] (0x0100): Using re [(((?P[^\]+)\(?P.+))|((?P<name>[^@]+)@(?P<domain>.+))|(^(?P[^@\]+)$))].
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x5654606acc10]
(Thu Aug 1 11:24:06 2019) [sssd] [client_registration] (0x0100): Received ID registration: (pam,1)
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x5654606acc10]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_client_register] (0x0100): Added Frontend client [PAM]
(Thu Aug 1 11:24:06 2019) [sssd[pam]] [id_callback] (0x0100): Got id ack and version (1) from Monitor
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_user_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [USER][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_group_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_netgroup_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_host_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [HOST][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_sudo_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_service_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_set_search_base] (0x0100): Setting option [ldap_autofs_search_base] to [DC=intranet,DC=domain,DC=it].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][DC=intranet,DC=domain,DC=it][SUBTREE][]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [7]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_get_server_opts_from_rootdse] (0x0100): Will look for schema at [CN=Schema,CN=Configuration,DC=intranet,DC=domain,DC=it]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [fo_resolve_service_send] (0x0100): Trying to resolve service ‘AD’
(Thu Aug 1 11:24:06 2019) [[sssd[ldap_child[3245]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [CLOUD$@INTRANET.domain.IT]
(Thu Aug 1 11:24:06 2019) [[sssd[ldap_child[3245]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [child_sig_handler] (0x0100): child [3245] finished successfully.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: CLOUD$
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192]
(Thu Aug 1 11:24:06 2019) [sssd] [client_registration] (0x0100): Received ID registration: (nss,1)
(Thu Aug 1 11:24:06 2019) [sssd[nss]] [id_callback] (0x0100): Got id ack and version (1) from Monitor
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [fo_set_port_status] (0x0100): Marking port 389 of server ‘dc01.intranet.domain.it’ as ‘working’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [set_server_common_status] (0x0100): Marking server ‘dc01.intranet.domain.it’ as ‘working’
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x56546069f820]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [dp_client_register] (0x0100): Added Frontend client [NSS]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [be_ptask_enable] (0x0080): Task [Subdomains Refresh]: already enabled
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [be_ptask_enable] (0x0080): Task [SUDO Smart Refresh]: already enabled
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [be_ptask_enable] (0x0080): Task [SUDO Full Refresh]: already enabled
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of ‘cloud.domain.it’ in DNS
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record of ‘cloud.domain.it’ in DNS
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [child_sig_handler] (0x0100): child [3246] finished successfully.
; TSIG error with server: tsig verify failure
update failed: REFUSED
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [child_sig_handler] (0x0020): child [3250] failed with status [2].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158239]: Dynamic DNS update failed
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [sdap_dyndns_update_ptr_done] (0x0080): nsupdate failed, retrying
; TSIG error with server: tsig verify failure
update failed: REFUSED
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [child_sig_handler] (0x0020): child [3254] failed with status [2].
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512]
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158239]: Dynamic DNS update failed
(Thu Aug 1 11:24:06 2019) [sssd[be[domain.it]]] [child_sig_handler] (0x0100): child [3258] finished successfully.
(Thu Aug 1 11:24:16 2019) [sssd[be[domain.it]]] [sdap_sudo_load_sudoers_done] (0x0040): Received 0 sudo rules
[nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512]
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled:
SELINUX_getpeercon failed [92][Protocol not available].
Please, consider enabling SELinux in your system.
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.it
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): user: apache
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): service: crond
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): tty: cron
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 3306
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [pam_print_data] (0x0100): logon name: apache
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [check_if_pac_is_available] (0x0040): find_user_entry failed.
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [fo_resolve_service_send] (0x0100): Trying to resolve service ‘AD_GC’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of ‘_ldap._tcp.domain._sites.intranet.domain.it’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of ‘dc02.intranet.domain.it’ in files
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of ‘dc02.intranet.domain.it’ in files
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of ‘dc02.intranet.domain.it’ in DNS
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of ‘_gc._tcp.domain._sites.intranet.domain.it’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of ‘_gc._tcp.intranet.domain.it’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service ‘AD_GC’ as ‘resolved’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of ‘dc02.intranet.domain.it’ in files
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [set_server_common_status] (0x0100): Marking server ‘dc02.intranet.domain.it’ as ‘resolving name’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of ‘dc02.intranet.domain.it’ in files
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of ‘dc02.intranet.domain.it’ in DNS
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [set_server_common_status] (0x0100): Marking server ‘dc02.intranet.domain.it’ as ‘name resolved’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [ad_resolve_callback] (0x0100): Constructed uri ‘ldap://dc02.intranet.domain.it’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [ad_resolve_callback] (0x0100): Constructed GC uri ‘ldap://dc02.intranet.domain.it:3268’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [7]
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sdap_get_server_opts_from_rootdse] (0x0100): Will look for schema at [CN=Schema,CN=Configuration,DC=intranet,DC=domain,DC=it]
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [fo_resolve_service_send] (0x0100): Trying to resolve service ‘AD’
(Thu Aug 1 11:25:01 2019) [[sssd[ldap_child[3307]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [CLOUD$@INTRANET.domain.IT]
(Thu Aug 1 11:25:01 2019) [[sssd[ldap_child[3307]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab]
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: CLOUD$
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [child_sig_handler] (0x0100): child [3307] finished successfully.
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [fo_set_port_status] (0x0100): Marking port 3268 of server ‘dc02.intranet.domain.it’ as ‘working’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [set_server_common_status] (0x0100): Marking server ‘dc02.intranet.domain.it’ as ‘working’
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [check_if_pac_is_available] (0x0040): find_user_entry failed.
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sysdb_get_real_name] (0x0040): Cannot find user [apache@domain.it] in cache
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sysdb_get_real_name] (0x0040): Cannot find user [apache@domain.it] in cache
(Thu Aug 1 11:25:01 2019) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal.
(Thu Aug 1 11:25:01 2019) [sssd[nss]] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled:
SELINUX_getpeercon failed [92][Protocol not available].
Please, consider enabling SELinux in your system.
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [check_if_pac_is_available] (0x0040): find_user_entry failed.
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [check_if_pac_is_available] (0x0040): find_user_entry failed.
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sysdb_get_real_name] (0x0040): Cannot find user [apache@domain.it] in cache
(Thu Aug 1 11:25:01 2019) [sssd[be[domain.it]]] [sysdb_get_real_name] (0x0040): Cannot find user [apache@domain.it] in cache
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering pam_cmd_close_session
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CLOSE_SESSION
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.it
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): user: apache
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): service: crond
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): tty: cron
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 3306
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [pam_print_data] (0x0100): logon name: apache
(Thu Aug 1 11:25:02 2019) [sssd[pam]] [filter_responses] (0x0100): [pam_response_filter] not available, not fatal.