On 09/05/13 11:26, Jakub Hrozek wrote:
On Thu, May 09, 2013 at 08:34:50AM +0200, steve wrote:
On 08/05/13 23:53, Lukas Slebodnik wrote:
On (08/05/13 22:46), steve wrote:
Hi We have 1.10.0beta1 on lubuntu 13.04
We have added dyndns_update=true dyndns_refresh=1 to sssd.conf
We expect to see an update request after 1 minute, but nothing happens. Are we correct to expect this behaviour?
Cheers, Steve
From manual page "sssd-ad"
dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. Default: 86400 (24 hours)
It is not explicitelly written, but you could noticed, that default value is in seconds. (86400 seconds == 24 hours)
Hi. Thanks. I changed it to: dyndns_update=true dyndns_refresh=60
No DNS request is made. We have a Samba4 dc which accepts dns requests from the windows clients so it seems to be working. I have set the log level to 6 but nothing gets logged. I'm looking in: /usr/local/var/log/sssd, /var/log/sssd
It's starting OK and getent and user logins work fine, just not the dns update requests. sudo sssd -i -d3 (Thu May 9 08:25:32 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !!
Here is our sssd.conf. What are we missing to be able to trigger the dns update requests? [sssd] debug_level = 6 services = nss, pam config_file_version = 2 domains = default
[nss]
[pam]
[domain/default] debug_level=6 dyndns_update=true dyndns_refresh_interval=60 ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true #entry_cache_timeout = 60 id_provider = ldap
^^^^
Currently the dyndns updates are only supported with id_provider=ad or id_provider=ipa
Since you're using the POSIX attributes, you'd want to configure a domain similar to:
id_provider = ad ad_server = hh16.hh3.site ad_domain = HH3.SITE ldap_id_mapping = False
Hi OK. Changed that but then sssd crashes after the first DNS update and no update is performed: sudo sssd -i -d3 (Thu May 9 11:55:25 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:55:41 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:55:41 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:55:43 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:55:44 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:55:44 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:55:44 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:55:44 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:55:44 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:55:45 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:55:45 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:00 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:56:00 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:56:02 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:56:02 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:56:02 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:56:03 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:56:03 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:03 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:03 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:56:04 2013) [sssd] [tasks_check_handler] (0x0020): Child (default) not responding! (yet) (Thu May 9 11:56:04 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:04 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:04 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:04 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:05 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:56:07 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:07 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:21 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:56:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:56:23 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:56:23 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:56:23 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:56:24 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:56:24 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:24 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:24 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:56:25 2013) [sssd] [tasks_check_handler] (0x0020): Child (default) not responding! (yet) (Thu May 9 11:56:25 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:25 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:25 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:25 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:28 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:28 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:28 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:28 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:28 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:56:38 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 3 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:38 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 3 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:44 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:56:44 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:56:47 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:56:47 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:56:47 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:56:47 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:56:47 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:47 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:47 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:56:47 2013) [sssd] [mt_svc_exit_handler] (0x0010): Process [default], definitely stopped! (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0040): Returned with: 1 (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Terminating [pam][1997] (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Child [pam] exited gracefully (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Terminating [nss][1996] (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully steve@pinoso:~$
The DC (Samba4) communicates with the client OK, users can still login but under the old DNS: ldb_wrap open of secrets.ldb Kerberosg ldb_wrap open of secrets.ldb Kerberos: AS-REQ PINOSO$@HH3.SITE from ipv4:192.168.1.100:56874 for krbtgt/HH3.SITE@HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$@HH3.SITEg ldb_wrap open of secrets.ldb Kerberos: AS-REQ PINOSO$@HH3.SITE from ipv4:192.168.1.100:56874 for krbtgt/HH3.SITE@HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$@HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$@HH3.SITE Kerberos: AS-REQ PINOSO$@HH3.SITE from ipv4:192.168.1.100:58454 for krbtgt/HH3.SITE@HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$@HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$@HH3.SITE using arcfour-hmac-md5
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$@HH3.SITE Kerberos: AS-REQ PINOSO$@HH3.SITE from ipv4:192.168.1.100:58454 for krbtgt/HH3.SITE@HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$@HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$@HH3.SITE using arcfour-hmac-md5 : AS-REQ PINOSO$@HH3.SITE from ipv4:192.168.1.100:56874 for krbtgt/HH3.SITE@HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$@HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$@HH3.SITE Kerberos: AS-REQ PINOSO$@HH3.SITE from ipv4:192.168.1.100:58454 for krbtgt/HH3.SITE@HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$@HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$@HH3.SITE using arcfour-hmac-md5