Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
On Sat, 2013-09-28 at 18:29 +0200, steve wrote:
Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
segfault:
2013-09-28T18:58:51.449156+02:00 catral sssd[be[default]]: Starting up 2013-09-28T18:58:51.544958+02:00 catral kernel: [ 751.546697] sssd_be[4418]: segfault at 666e6f73 ip b5a898c8 sp bf9ecce0 error 4 in libsss_ldap_common.so[b5a65000+d8000]
On 28/09/13 17:29, steve wrote:
Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi Steve, are you sure that none of the old sssd is being used, I ask this because 'sss_idmap_domain_has_algorithmic_mapping' was added to 1.11.1 by Sumit Bose, it didn't exist in 1.10.1
Rowland
sss_idmap_domain_has_algorithmic_mapping
On Sat, 2013-09-28 at 18:41 +0100, Rowland Penny wrote:
On 28/09/13 17:29, steve wrote:
Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi Steve, are you sure that none of the old sssd is being used, I ask this because 'sss_idmap_domain_has_algorithmic_mapping' was added to 1.11.1 by Sumit Bose, it didn't exist in 1.10.1
Rowland
sss_idmap_domain_has_algorithmic_mapping
_
Hi OK. Thanks. Getting closer. Bare metal build and install has now removed that error. Now a different error but still concerning sss_idmap_domain_has_algorithmic_mapping
(Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Error de entrada/salida]) (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Sat Sep 28 20:12:15 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache
Ahhgghh!!
On Sat, 2013-09-28 at 20:15 +0200, steve wrote:
On Sat, 2013-09-28 at 18:41 +0100, Rowland Penny wrote:
On 28/09/13 17:29, steve wrote:
Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi Steve, are you sure that none of the old sssd is being used, I ask this because 'sss_idmap_domain_has_algorithmic_mapping' was added to 1.11.1 by Sumit Bose, it didn't exist in 1.10.1
Rowland
sss_idmap_domain_has_algorithmic_mapping
_
Hi OK. Thanks. Getting closer. Bare metal build and install has now removed that error. Now a different error but still concerning sss_idmap_domain_has_algorithmic_mapping
(Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Error de entrada/salida]) (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Sat Sep 28 20:12:15 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache
Ahhgghh!!
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
OK I got it working BUT It's really slow with the errors being logged: I changed: id_providor = ad to id_provider = ldap And now it works.
But _every_ operation (e.g. a user login, getent passwd or id username throws up these errors:
(Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1108]
1. Why can't we have id_providor = ad if we have AD? 2. Any chance of getting rid of the errors?
Cheers, Steve
Oh, and BTW, it knocks out autofs. We had to cp the libsss_autofs.so to /usr/lib/sssd/modules/
On Sat, Sep 28, 2013 at 08:45:04PM +0200, steve wrote:
OK I got it working BUT It's really slow with the errors being logged: I changed: id_providor = ad to id_provider = ldap And now it works.
But _every_ operation (e.g. a user login, getent passwd or id username throws up these errors:
(Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1108]
- Why can't we have id_providor = ad if we have AD?
No, it should keep working fine
- Any chance of getting rid of the errors?
As I said in the other thread, can you please paste larger context? I'm sorry you have trouble with the new release, we'll work on resolving it asap.
Cheers, Steve
Oh, and BTW, it knocks out autofs. We had to cp the libsss_autofs.so to /usr/lib/sssd/modules/
This sounds more like a configure time error. Can you check what did configure set as the path?
In the directory where you built the SSSD: $ grep appmodpath config.log
On Sun, 2013-09-29 at 12:54 +0200, Jakub Hrozek wrote:
On Sat, Sep 28, 2013 at 08:45:04PM +0200, steve wrote:
OK I got it working BUT It's really slow with the errors being logged: I changed: id_providor = ad to id_provider = ldap And now it works.
But _every_ operation (e.g. a user login, getent passwd or id username throws up these errors:
(Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:33:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1108]
- Why can't we have id_providor = ad if we have AD?
No, it should keep working fine
- Any chance of getting rid of the errors?
As I said in the other thread, can you please paste larger context? I'm sorry you have trouble with the new release, we'll work on resolving it asap.
Cheers, Steve
Oh, and BTW, it knocks out autofs. We had to cp the libsss_autofs.so to /usr/lib/sssd/modules/
This sounds more like a configure time error. Can you check what did configure set as the path?
In the directory where you built the SSSD: $ grep appmodpath config.log
steve@catral:~> cd Descargas/sssd-1.11.1/ steve@catral:~/Descargas/sssd-1.11.1> grep appmodpath config.log appmodpath='${exec_prefix}/lib/sssd/modules'
On Sat, Sep 28, 2013 at 08:15:57PM +0200, steve wrote:
On Sat, 2013-09-28 at 18:41 +0100, Rowland Penny wrote:
On 28/09/13 17:29, steve wrote:
Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi Steve, are you sure that none of the old sssd is being used, I ask this because 'sss_idmap_domain_has_algorithmic_mapping' was added to 1.11.1 by Sumit Bose, it didn't exist in 1.10.1
Rowland
sss_idmap_domain_has_algorithmic_mapping
_
Hi OK. Thanks. Getting closer. Bare metal build and install has now removed that error. Now a different error but still concerning sss_idmap_domain_has_algorithmic_mapping
(Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Error de entrada/salida]) (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Sat Sep 28 20:12:15 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache
Ahhgghh!!
Can you post more context from the logs?
On Sun, 2013-09-29 at 12:49 +0200, Jakub Hrozek wrote:
On Sat, Sep 28, 2013 at 08:15:57PM +0200, steve wrote:
On Sat, 2013-09-28 at 18:41 +0100, Rowland Penny wrote:
On 28/09/13 17:29, steve wrote:
Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi Steve, are you sure that none of the old sssd is being used, I ask this because 'sss_idmap_domain_has_algorithmic_mapping' was added to 1.11.1 by Sumit Bose, it didn't exist in 1.10.1
Rowland
sss_idmap_domain_has_algorithmic_mapping
_
Hi OK. Thanks. Getting closer. Bare metal build and install has now removed that error. Now a different error but still concerning sss_idmap_domain_has_algorithmic_mapping
(Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Error de entrada/salida]) (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Sat Sep 28 20:12:15 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache
Ahhgghh!!
Can you post more context from the logs?
Hi. Yes: sssd -i -d4 (Sun Sep 29 13:07:39 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [default]: [10] (Sun Sep 29 13:07:39 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [default]: [60] (Sun Sep 29 13:07:39 2013) [sssd] [start_service] (0x0100): Queueing service default for startup (Sun Sep 29 13:07:39 2013) [sssd[be[default]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first (Sun Sep 29 13:07:39 2013) [sssd[be[default]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_default,1) (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\]+)\ (?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\ ]+)$))]. (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [sss_fqnames_init] (0x0100): Found the pattern for domain name (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_get_common_options] (0x0100): Setting domain case-insensitive (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [_ad_servers_init] (0x0100): Added failover server hh16.hh3.site (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_dyndns_init] (0x0100): Dynamic DNS updates are on. Checking for nsupdate.. (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_set_ad_id_options] (0x0100): Option krb5_realm set to HH3.SITE (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_set_ad_id_options] (0x0100): Option ldap_krb5_keytab set to /etc/krb5.keytab (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [sdap_set_sasl_options] (0x0100): Will look for CATRAL$@HH3.SITE in /etc/krb5.keytab (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to CATRAL$ (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to HH3.SITE (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_set_search_bases] (0x0100): Option ldap_user_search_base set to dc=hh3,dc=site (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_set_search_bases] (0x0100): Option ldap_netgroup_search_base set to dc=hh3,dc=site (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_set_search_bases] (0x0100): Option ldap_service_search_base set to dc=hh3,dc=site (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [USER][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_get_auth_options] (0x0100): Option krb5_server set to hh16.hh3.site (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_get_auth_options] (0x0100): Option krb5_realm set to HH3.SITE (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [ad_get_auth_options] (0x0100): Option krb5_use_kdcinfo set to true (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [check_and_export_options] (0x0100): ccache is of type FILE (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [USER][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [sssm_ldap_id_init] (0x0100): Service name for discovery set to ldap (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][OU=automount,DC=hh3,DC=site][SUBTREE][] (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Sun Sep 29 13:07:40 2013) [sssd] [client_registration] (0x0100): Received ID registration: (%BE_default,1) (Sun Sep 29 13:07:40 2013) [sssd] [mark_service_as_started] (0x0100): Now starting services! (Sun Sep 29 13:07:40 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [nss]: [10] (Sun Sep 29 13:07:40 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [nss]: [60] (Sun Sep 29 13:07:40 2013) [sssd] [start_service] (0x0100): Queueing service nss for startup (Sun Sep 29 13:07:40 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [pam]: [10] (Sun Sep 29 13:07:40 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [pam]: [60] (Sun Sep 29 13:07:40 2013) [sssd] [start_service] (0x0100): Queueing service pam for startup (Sun Sep 29 13:07:40 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [autofs]: [10] (Sun Sep 29 13:07:40 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [autofs]: [60] (Sun Sep 29 13:07:40 2013) [sssd] [start_service] (0x0100): Queueing service autofs for startup (Sun Sep 29 13:07:40 2013) [sssd[be[default]]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Sun Sep 29 13:07:40 2013) [sssd[nss]] [monitor_common_send_id] (0x0100): Sending ID: (nss,1) (Sun Sep 29 13:07:40 2013) [sssd[nss]] [sss_names_init_from_args] (0x0100): (Sun Sep 29 13:07:40 2013) [sssd[autofs]] [monitor_common_send_id] (0x0100): Sending ID: (autofs,1) Using re [(((?P<domain>[^\]+)\ (?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\ ]+)$))]. (Sun Sep 29 13:07:40 2013) [sssd[pam]] [monitor_common_send_id] (0x0100): (Sun Sep 29 13:07:40 2013) [sssd[nss]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:07:40 2013) [sssd[nss]] [sss_fqnames_init] (0x0100): Found the pattern for domain name Sending ID: (pam,1) (Sun Sep 29 13:07:40 2013) [sssd[autofs]] [sss_names_init_from_args] (0x0100): (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x989a3d0] (Sun Sep 29 13:07:41 2013) [sssd[pam]] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\]+)\ (?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\ ]+)$))]. (Sun Sep 29 13:07:41 2013) [sssd[nss]] [dp_common_send_id] (0x0100): (Sun Sep 29 13:07:41 2013) [sssd[autofs]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:07:41 2013) [sssd[autofs]] [sss_fqnames_init] (0x0100): Found the pattern for domain name (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x98aab70] Sending ID to DP: (1,NSS) Using re [(((?P<domain>[^\]+)\ (?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\ ]+)$))]. (Sun Sep 29 13:07:41 2013) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:07:41 2013) [sssd[autofs]] [dp_common_send_id] (0x0100): (Sun Sep 29 13:07:41 2013) [sssd[pam]] [sss_fqnames_init] (0x0100): Found the pattern for domain name (Sun Sep 29 13:07:41 2013) [sssd[pam]] [dp_common_send_id] (0x0100): Sending ID to DP: (1,autofs) (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [be_client_init] (0x0100): Sending ID to DP: (1,PAM) (Sun Sep 29 13:07:41 2013) [sssd[pam]] [responder_set_fd_limit] (0x0100): Set-up Backend ID timeout [0x98ad8d8] (Sun Sep 29 13:07:41 2013) [sssd] [client_registration] (0x0100): Received ID registration: (autofs,1) (Sun Sep 29 13:07:41 2013) [sssd[autofs]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x98aab70] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [autofs] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): (Sun Sep 29 13:07:41 2013) [sssd[autofs]] [dp_id_callback] (0x0100): Trying to resolve service 'AD' (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Got id ack and version (1) from DP Trying to resolve A record of 'hh16.hh3.site' in files (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [set_server_common_status] (0x0100): Maximum file descriptors set to [8192] Marking server 'hh16.hh3.site' as 'resolving name' (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'name resolved' (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://hh16.hh3.site' (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://hh16.hh3.site:3268' (Sun Sep 29 13:07:41 2013) [sssd] [client_registration] (0x0100): Received ID registration: (pam,1) (Sun Sep 29 13:07:41 2013) [sssd[pam]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [sdap_set_search_base] (0x0100): Setting option [ldap_sudo_search_base] to [DC=hh3,DC=site]. (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][DC=hh3,DC=site][SUBTREE][] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [sdap_set_search_base] (0x0100): Setting option [ldap_autofs_search_base] to [DC=hh3,DC=site]. (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][DC=hh3,DC=site][SUBTREE][] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x98ad8d8] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [PAM] (Sun Sep 29 13:07:41 2013) [sssd[pam]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Sun Sep 29 13:07:41 2013) [[sssd[ldap_child[2163]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [CATRAL $@HH3.SITE] (Sun Sep 29 13:07:41 2013) [[sssd[ldap_child[2163]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [/etc/krb5.keytab] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: CATRAL$ (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [child_sig_handler] (0x0100): child [2163] finished successfully. (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'hh16.hh3.site' as 'working' (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'working' (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [ad_master_domain_netlogon_done] (0x0080): No netlogon data available. Flat name might not be usable (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [ad_master_domain_netlogon_done] (0x0080): No netlogon data available. Flat name might not be usable (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'catral.hh3.site' in DNS (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record of 'catral.hh3.site' in DNS (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry (Sun Sep 29 13:07:41 2013) [sssd[nss]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x989a3d0] (Sun Sep 29 13:07:41 2013) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [NSS] (Sun Sep 29 13:07:41 2013) [sssd] [client_registration] (0x0100): Received ID registration: (nss,1) (Sun Sep 29 13:07:41 2013) [sssd[nss]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Sun Sep 29 13:07:41 2013) [sssd[nss]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Sun Sep 29 13:07:42 2013) [sssd[be[default]]] [child_sig_handler] (0x0100): child [2164] finished successfully. (Sun Sep 29 13:07:43 2013) [sssd[be[default]]] [child_sig_handler] (0x0100): child [2168] finished successfully. (Sun Sep 29 13:07:43 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Sun Sep 29 13:07:46 2013) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Sun Sep 29 13:07:46 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@default] (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=steve2] (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC' (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Error de entrada/salida]) (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Sun Sep 29 13:07:46 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache (Sun Sep 29 13:07:46 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,11,Internal Error (Se ha agotado el número máximo de reintentos para el servicio) (Sun Sep 29 13:07:49 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:07:49 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:07:50 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:07:50 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:07:50 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:07:50 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:07:50 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:07:50 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping (Sun Sep 29 13:07:59 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:07:59 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:08:00 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:08:00 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:08:00 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:08:00 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:08:00 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:08:00 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping (Sun Sep 29 13:08:09 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:08:09 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:08:10 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:08:10 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:08:10 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:08:10 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:08:10 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:08:10 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping (Sun Sep 29 13:08:19 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:08:19 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:08:20 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:08:20 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:08:20 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:08:20 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:08:20 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:08:20 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping (Sun Sep 29 13:08:29 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:08:29 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:08:30 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:08:30 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:08:30 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:08:30 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:08:30 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping (Sun Sep 29 13:08:30 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:08:39 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:08:39 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:08:40 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:08:40 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:08:40 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:08:40 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:08:40 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:08:40 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping
On Sun, 2013-09-29 at 12:49 +0200, Jakub Hrozek wrote:
On Sat, Sep 28, 2013 at 08:15:57PM +0200, steve wrote:
On Sat, 2013-09-28 at 18:41 +0100, Rowland Penny wrote:
On 28/09/13 17:29, steve wrote:
Hi openSUSE 12.3 build and installed fine, but fails with:
(Sat Sep 28 18:04:27 2013) [sssd[be[default]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/local/lib/sssd/libsss_ad.so), error: /usr/local/lib/sssd/libsss_ldap_common.so: undefined symbol: sss_idmap_domain_has_algorithmic_mapping
1.10.0 runs fine on the same box.
Can you help me? Cheers, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default
[nss]
[pam]
[autofs]
[domain/default] #debug_level = 6 dyndns_update=true #dyndns_refresh_interval = 16 ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = simple enumerate = false cache_credentials = true #entry_cache_timeout = 60 auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE #krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
#ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site #ldap_autofs_map_object_class = nisMap #ldap_autofs_entry_object_class = nisObject #ldap_autofs_map_name = nisMapName #ldap_autofs_entry_key = cn #ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi Steve, are you sure that none of the old sssd is being used, I ask this because 'sss_idmap_domain_has_algorithmic_mapping' was added to 1.11.1 by Sumit Bose, it didn't exist in 1.10.1
Rowland
sss_idmap_domain_has_algorithmic_mapping
_
Hi OK. Thanks. Getting closer. Bare metal build and install has now removed that error. Now a different error but still concerning sss_idmap_domain_has_algorithmic_mapping
(Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Error de entrada/salida]) (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Sat Sep 28 20:12:15 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Sat Sep 28 20:12:15 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache
Ahhgghh!!
Can you post more context from the logs? _
With: id_provider = ldap (getent and id do not work id_provider = ad)
sssd -i -d4 (Sun Sep 29 13:17:42 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [default]: [10] (Sun Sep 29 13:17:42 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [default]: [60] (Sun Sep 29 13:17:42 2013) [sssd] [start_service] (0x0100): Queueing service default for startup (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_default,1) (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [sss_names_init_from_args] (0x0100): Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)]. (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [sss_fqnames_init] (0x0100): Found the pattern for domain name (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [USER][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [sssm_ldap_id_init] (0x0100): Service name for discovery set to ldap (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_get_common_options] (0x0100): Setting domain case-insensitive (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [_ad_servers_init] (0x0100): Added failover server hh16.hh3.site (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_get_auth_options] (0x0100): Option krb5_server set to hh16.hh3.site (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_get_auth_options] (0x0100): Option krb5_realm set to HH3.SITE (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_get_auth_options] (0x0100): Option krb5_use_kdcinfo set to true (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [check_and_export_options] (0x0100): ccache is of type FILE (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_dyndns_init] (0x0100): Dynamic DNS updates are on. Checking for nsupdate.. (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_set_ad_id_options] (0x0100): Option krb5_realm set to HH3.SITE (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_set_ad_id_options] (0x0100): Option ldap_krb5_keytab set to /etc/krb5.keytab (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [sdap_set_sasl_options] (0x0100): Will look for CATRAL$@HH3.SITE in /etc/krb5.keytab (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to CATRAL$ (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to HH3.SITE (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_set_search_bases] (0x0100): Option ldap_user_search_base set to dc=hh3,dc=site (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_set_search_bases] (0x0100): Option ldap_netgroup_search_base set to dc=hh3,dc=site (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [ad_set_search_bases] (0x0100): Option ldap_service_search_base set to dc=hh3,dc=site (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [USER][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][dc=hh3,dc=site][SUBTREE][] (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Sun Sep 29 13:17:42 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][OU=automount,DC=hh3,DC=site][SUBTREE][] (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Sun Sep 29 13:17:43 2013) [sssd] [client_registration] (0x0100): Received ID registration: (%BE_default,1) (Sun Sep 29 13:17:43 2013) [sssd] [mark_service_as_started] (0x0100): Now starting services! (Sun Sep 29 13:17:43 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [nss]: [10] (Sun Sep 29 13:17:43 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [nss]: [60] (Sun Sep 29 13:17:43 2013) [sssd] [start_service] (0x0100): Queueing service nss for startup (Sun Sep 29 13:17:43 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [pam]: [10] (Sun Sep 29 13:17:43 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [pam]: [60] (Sun Sep 29 13:17:43 2013) [sssd] [start_service] (0x0100): Queueing service pam for startup (Sun Sep 29 13:17:43 2013) [sssd] [get_ping_config] (0x0100): Time between service pings for [autofs]: [10] (Sun Sep 29 13:17:43 2013) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [autofs]: [60] (Sun Sep 29 13:17:43 2013) [sssd] [start_service] (0x0100): Queueing service autofs for startup (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Sun Sep 29 13:17:43 2013) [sssd[pam]] [monitor_common_send_id] (0x0100): (Sun Sep 29 13:17:43 2013) [sssd[nss]] [monitor_common_send_id] (0x0100): Sending ID: (pam,1) Sending ID: (nss,1) (Sun Sep 29 13:17:43 2013) [sssd[pam]] [sss_names_init_from_args] (0x0100): (Sun Sep 29 13:17:43 2013) [sssd[nss]] [sss_names_init_from_args] (0x0100): Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)]. (Sun Sep 29 13:17:43 2013) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:17:43 2013) [sssd[pam]] [sss_fqnames_init] (0x0100): Found the pattern for domain name (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x86b32f8] Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)]. (Sun Sep 29 13:17:43 2013) [sssd[nss]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:17:43 2013) [sssd[pam]] [dp_common_send_id] (0x0100): (Sun Sep 29 13:17:43 2013) [sssd[nss]] [sss_fqnames_init] (0x0100): Found the pattern for domain name (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x86b8310] Sending ID to DP: (1,PAM) (Sun Sep 29 13:17:43 2013) [sssd[nss]] [dp_common_send_id] (0x0100): (Sun Sep 29 13:17:43 2013) [sssd[autofs]] [monitor_common_send_id] (0x0100): Sending ID to DP: (1,NSS) Sending ID: (autofs,1) (Sun Sep 29 13:17:43 2013) [sssd[autofs]] [sss_names_init_from_args] (0x0100): Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)]. (Sun Sep 29 13:17:43 2013) [sssd[autofs]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Sun Sep 29 13:17:43 2013) [sssd[autofs]] [sss_fqnames_init] (0x0100): Found the pattern for domain name (Sun Sep 29 13:17:43 2013) [sssd[autofs]] [dp_common_send_id] (0x0100): Sending ID to DP: (1,autofs) (Sun Sep 29 13:17:43 2013) [sssd[pam]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [be_client_init] (0x0100): (Sun Sep 29 13:17:43 2013) [sssd] [client_registration] (0x0100): Received ID registration: (pam,1) (Sun Sep 29 13:17:43 2013) [sssd[pam]] [id_callback] (0x0100): Set-up Backend ID timeout [0x86b7ec0] Got id ack and version (1) from Monitor (Sun Sep 29 13:17:43 2013) [sssd] [client_registration] (0x0100): Received ID registration: (autofs,1) (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [client_registration] (0x0100): (Sun Sep 29 13:17:43 2013) [sssd[autofs]] [id_callback] (0x0100): Cancel DP ID timeout [0x86b32f8] Got id ack and version (1) from Monitor (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [PAM] (Sun Sep 29 13:17:43 2013) [sssd[pam]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x86b7ec0] (Sun Sep 29 13:17:43 2013) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [autofs] (Sun Sep 29 13:17:43 2013) [sssd[autofs]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Sun Sep 29 13:17:44 2013) [sssd[nss]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Sun Sep 29 13:17:44 2013) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x86b8310] (Sun Sep 29 13:17:44 2013) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [NSS] (Sun Sep 29 13:17:44 2013) [sssd] [client_registration] (0x0100): Received ID registration: (nss,1) (Sun Sep 29 13:17:44 2013) [sssd[nss]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Sun Sep 29 13:17:44 2013) [sssd[nss]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Sun Sep 29 13:17:46 2013) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [steve2] from [<ALL>] (Sun Sep 29 13:17:46 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [steve2@default] (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=steve2] (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'hh16.hh3.site' in files (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'resolving name' (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'name resolved' (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [sdap_set_search_base] (0x0100): Setting option [ldap_sudo_search_base] to [DC=hh3,DC=site]. (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][DC=hh3,DC=site][SUBTREE][] (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4] (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS' (Sun Sep 29 13:17:46 2013) [[sssd[ldap_child[2281]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [CATRAL $@HH3.SITE] (Sun Sep 29 13:17:46 2013) [[sssd[ldap_child[2281]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [default] (Sun Sep 29 13:17:46 2013) [[sssd[ldap_child[2281]]]] [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: CATRAL$@HH3.SITE (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [child_sig_handler] (0x0100): child [2281] finished successfully. (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'hh16.hh3.site' as 'working' (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'working' (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1107] (Sun Sep 29 13:17:46 2013) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [ad_dyndns_update_send] (0x0020): Requesting info for [steve2@default] Failed to parse ldap URI ((null))! (Sun Sep 29 13:17:46 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed [22]: Argumento inválido (Sun Sep 29 13:17:52 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:17:52 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:17:53 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:17:53 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:17:53 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:17:53 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping (Sun Sep 29 13:17:53 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:17:53 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:18:02 2013) [sssd] [service_send_ping] (0x0100): Pinging default (Sun Sep 29 13:18:02 2013) [sssd] [ping_check] (0x0100): Service default replied to ping (Sun Sep 29 13:18:03 2013) [sssd] [service_send_ping] (0x0100): Pinging nss (Sun Sep 29 13:18:03 2013) [sssd] [service_send_ping] (0x0100): Pinging pam (Sun Sep 29 13:18:03 2013) [sssd] [service_send_ping] (0x0100): Pinging autofs (Sun Sep 29 13:18:03 2013) [sssd] [ping_check] (0x0100): Service nss replied to ping (Sun Sep 29 13:18:03 2013) [sssd] [ping_check] (0x0100): Service pam replied to ping (Sun Sep 29 13:18:03 2013) [sssd] [ping_check] (0x0100): Service autofs replied to ping
Hi After a lot of trial and error, I came up with this:
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] #debug_level = 6 dyndns_update=true ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site
ldap_schema = ad id_provider = ad access_provider = ad enumerate = true cache_credentials = true auth_provider = ad chpass_provider = ad krb5_realm = hh3.site krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
getent passwd and domain logins now work but please note only by filling the cache with: enumerate = true
With: enumerate = false getent passwd <username> returns nothing
There messages still remain:
(Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Tue Oct 1 08:41:33 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-500] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1106] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1107] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1108] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1141] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1109] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111]
On Tue, Oct 01, 2013 at 08:42:54AM +0200, steve wrote:
Hi After a lot of trial and error, I came up with this:
I had a look at the log files you send.
About the 'Could not add new domain' log messages. These messages are expected if 'ldap_id_ampping=false' but I agree they are annoying and misleading, I'll try to fix that.
About the failing AD provider. I think the original issue is that the Global Catalog of your AD domain (it's a samba4 domain iirc) cannot be resolved. I'm currently not sure what is the reason here (failed CLDAP ping, failed DNS SRV lookup). Can you send log files with your original ipa_provider=ad configuration with a higher debug level (9 or 0xFFF0 would be best). If you think the size of the log files is not suitable for a mailing-list feel free to send them directly to me. I hope the log files will also show why SSSD is not falling back to use the LDAP port instead of the Global Catalog.
bye, Sumit
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] #debug_level = 6 dyndns_update=true ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site
ldap_schema = ad id_provider = ad access_provider = ad enumerate = true cache_credentials = true auth_provider = ad chpass_provider = ad krb5_realm = hh3.site krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
getent passwd and domain logins now work but please note only by filling the cache with: enumerate = true
With: enumerate = false getent passwd <username> returns nothing
There messages still remain:
(Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Tue Oct 1 08:41:33 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-500] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1106] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1107] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1108] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1141] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1109] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111]
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Wed, 2013-10-02 at 11:04 +0200, Sumit Bose wrote:
On Tue, Oct 01, 2013 at 08:42:54AM +0200, steve wrote:
Hi After a lot of trial and error, I came up with this:
I had a look at the log files you send.
About the 'Could not add new domain' log messages. These messages are expected if 'ldap_id_ampping=false' but I agree they are annoying and misleading, I'll try to fix that.
About the failing AD provider. I think the original issue is that the Global Catalog of your AD domain (it's a samba4 domain iirc) cannot be resolved. I'm currently not sure what is the reason here (failed CLDAP ping, failed DNS SRV lookup). Can you send log files with your original ipa_provider=ad configuration with a higher debug level (9 or 0xFFF0 would be best). If you think the size of the log files is not suitable for a mailing-list feel free to send them directly to me. I hope the log files will also show why SSSD is not falling back to use the LDAP port instead of the Global Catalog.
bye, Sumit
Hi Attached is a d9 log with enumerate = false.
Everything is working fine with: enumerate = true
But fails with: enumerate = false
If you could lose the: ldap_id_ampping=false errors (or as I now understand, not errors) That would make the log clearer
This is the only problem left. Thanks, Steve
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] #debug_level = 6 dyndns_update=true ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site
ldap_schema = ad id_provider = ad access_provider = ad enumerate = true cache_credentials = true auth_provider = ad chpass_provider = ad krb5_realm = hh3.site krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
getent passwd and domain logins now work but please note only by filling the cache with: enumerate = true
With: enumerate = false getent passwd <username> returns nothing
There messages still remain:
(Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Tue Oct 1 08:41:33 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-500] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1106] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1107] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1108] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1141] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1109] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111]
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Wed, Oct 02, 2013 at 04:06:40PM +0200, steve wrote:
On Wed, 2013-10-02 at 11:04 +0200, Sumit Bose wrote:
On Tue, Oct 01, 2013 at 08:42:54AM +0200, steve wrote:
Hi After a lot of trial and error, I came up with this:
I had a look at the log files you send.
About the 'Could not add new domain' log messages. These messages are expected if 'ldap_id_ampping=false' but I agree they are annoying and misleading, I'll try to fix that.
About the failing AD provider. I think the original issue is that the Global Catalog of your AD domain (it's a samba4 domain iirc) cannot be resolved. I'm currently not sure what is the reason here (failed CLDAP ping, failed DNS SRV lookup). Can you send log files with your original ipa_provider=ad configuration with a higher debug level (9 or 0xFFF0 would be best). If you think the size of the log files is not suitable for a mailing-list feel free to send them directly to me. I hope the log files will also show why SSSD is not falling back to use the LDAP port instead of the Global Catalog.
bye, Sumit
Hi Attached is a d9 log with enumerate = false.
Everything is working fine with: enumerate = true
But fails with: enumerate = false
If you could lose the: ldap_id_ampping=false errors (or as I now understand, not errors) That would make the log clearer
This is the only problem left. Thanks, Steve
Thank you for the logs. As you already suspected 'AD: properly initialize GC from ad_server option' should fix the issue of the not found GC. I've opened https://fedorahosted.org/sssd/ticket/2104 and https://fedorahosted.org/sssd/ticket/2105 to track the other issues I see.
bye, Sumit
On Wed, 2013-10-02 at 18:42 +0200, Sumit Bose wrote:
On Wed, Oct 02, 2013 at 04:06:40PM +0200, steve wrote:
On Wed, 2013-10-02 at 11:04 +0200, Sumit Bose wrote:
On Tue, Oct 01, 2013 at 08:42:54AM +0200, steve wrote:
Hi After a lot of trial and error, I came up with this:
I had a look at the log files you send.
About the 'Could not add new domain' log messages. These messages are expected if 'ldap_id_ampping=false' but I agree they are annoying and misleading, I'll try to fix that.
About the failing AD provider. I think the original issue is that the Global Catalog of your AD domain (it's a samba4 domain iirc) cannot be resolved. I'm currently not sure what is the reason here (failed CLDAP ping, failed DNS SRV lookup). Can you send log files with your original ipa_provider=ad configuration with a higher debug level (9 or 0xFFF0 would be best). If you think the size of the log files is not suitable for a mailing-list feel free to send them directly to me. I hope the log files will also show why SSSD is not falling back to use the LDAP port instead of the Global Catalog.
bye, Sumit
Hi Attached is a d9 log with enumerate = false.
Everything is working fine with: enumerate = true
But fails with: enumerate = false
If you could lose the: ldap_id_ampping=false errors (or as I now understand, not errors) That would make the log clearer
This is the only problem left. Thanks, Steve
Thank you for the logs. As you already suspected 'AD: properly initialize GC from ad_server option' should fix the issue of the not found GC. I've opened https://fedorahosted.org/sssd/ticket/2104 and https://fedorahosted.org/sssd/ticket/2105 to track the other issues I see.
Confirmed. The patch fixes the bug with: enumerate = false
Correct information is returned by getent and id.
Steve
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Rowland Penny -
steve -
Sumit Bose