On Wed, Oct 10, 2012 at 10:34:46AM +0300, Aziz Sasmaz wrote:
Hi,
I use sssd on all servers in our infrastruceture. Most of them Redhat,
Centos and debian. It works very well with these OSes.
And we have some gentoo linux machines. I had some difficulties
configuring sssd when I want to use ldaps
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_schema = rfc2307
ldap_uri =
ldaps://ldap.xxx.com
ldap_chpass_uri =
ldaps://ldap-provider.xxx.com
ldap_search_base = dc=xxx,dc=com
ldap_tls_reqcert = allow
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400
ldap_user_gecos = uid
When I use ldap_uri = ldap or ldap_uri = ldaps getent works, but logins
are not working. There are interesting entries in log files;
sssd_LDAP
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_new_service] (0x0080):
Creating new service 'LDAP'
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_add_server] (0x0080):
Adding new server 'ldap.xxx.com', to service 'LDAP'
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_new_service] (0x0080):
Creating new service 'LDAP_CHPASS'
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_add_server] (0x0080):
Adding new server 'ldap-provider.xxx.com', to service 'LDAP_CHPASS'
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [sssm_ldap_sudo_init] (0x0080):
Sudo init handler called but SSSD is built without sudo support, ignoring
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [sssm_ldap_autofs_init]
(0x0080): Autofs init handler called but SSSD is built without autofs
support, ignoring
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [be_process_init] (0x0020): No
Session module provided for [LDAP] !!
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [be_process_init] (0x0020): No
host info module provided for [LDAP] !!
(Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [main] (0x0020): Backend
provider (LDAP) started!
(Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [sdap_sys_connect_done]
(0x0080): Failed to set LDAP SASL nocanon option to true. If your system is
configured to use SASL, LDAP operations might fail.
(Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x0080):
Bind result: Success(0), no errmsg set
(Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [sdap_process_group_send]
(0x0040): No Members. Done!
(Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [sdap_process_group_send]
(0x0040): No Members. Done!
sssd_nss
(Wed Oct 10 09:58:24 2012) [sssd[nss]] [nss_dp_reconnect_init] (0x0010):
Could not reconnect to LDAP provider.
(Wed Oct 10 09:58:54 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making
reconnection attempt 8 to
[unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP]
(Wed Oct 10 09:58:54 2012) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to
open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed
to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection
refused
sssd_pam
(Wed Oct 10 09:59:24 2012) [sssd[pam]] [pam_dp_reconnect_init] (0x0010):
Could not reconnect to LDAP provider.
(Wed Oct 10 09:59:54 2012) [sssd[pam]] [sbus_reconnect] (0x0080): Making
reconnection attempt 10 to
[unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP]
(Wed Oct 10 09:59:54 2012) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to
open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed
to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection
refused
It says connection refused but there is no network issue with ldap
servers, all ports opened. Could you pleasegive me advice resolving this
issue?
Thanks,
AS
Hi,
the Connection Refused message does not describe a connection to the
server but rather connection via unix sockets between different parts of
the SSSD. Can you check the following for me?
1) ls -l /var/lib/sss/pipes/private/sbus-dp_LDAP
It should be a symlink pointing to
/var/lib/sss/pipes/private/sbus-dp_LDAP.$PID where $PID should
correspond to the PID number of the sssd_be process.
2) Does restart of the SSSD clear things up?
3) If not, can you paste or attache the DEBUG messages that the SSSD
prints after startup?