On Wed, Oct 02, 2013 at 04:06:40PM +0200, steve wrote:
On Wed, 2013-10-02 at 11:04 +0200, Sumit Bose wrote:
On Tue, Oct 01, 2013 at 08:42:54AM +0200, steve wrote:
Hi After a lot of trial and error, I came up with this:
I had a look at the log files you send.
About the 'Could not add new domain' log messages. These messages are expected if 'ldap_id_ampping=false' but I agree they are annoying and misleading, I'll try to fix that.
About the failing AD provider. I think the original issue is that the Global Catalog of your AD domain (it's a samba4 domain iirc) cannot be resolved. I'm currently not sure what is the reason here (failed CLDAP ping, failed DNS SRV lookup). Can you send log files with your original ipa_provider=ad configuration with a higher debug level (9 or 0xFFF0 would be best). If you think the size of the log files is not suitable for a mailing-list feel free to send them directly to me. I hope the log files will also show why SSSD is not falling back to use the LDAP port instead of the Global Catalog.
bye, Sumit
Hi Attached is a d9 log with enumerate = false.
Everything is working fine with: enumerate = true
But fails with: enumerate = false
If you could lose the: ldap_id_ampping=false errors (or as I now understand, not errors) That would make the log clearer
This is the only problem left. Thanks, Steve
Thank you for the logs. As you already suspected 'AD: properly initialize GC from ad_server option' should fix the issue of the not found GC. I've opened https://fedorahosted.org/sssd/ticket/2104 and https://fedorahosted.org/sssd/ticket/2105 to track the other issues I see.
bye, Sumit