On Thu, May 09, 2013 at 08:34:50AM +0200, steve wrote:
On 08/05/13 23:53, Lukas Slebodnik wrote:
On (08/05/13 22:46), steve wrote:
Hi We have 1.10.0beta1 on lubuntu 13.04
We have added dyndns_update=true dyndns_refresh=1 to sssd.conf
We expect to see an update request after 1 minute, but nothing happens. Are we correct to expect this behaviour?
Cheers, Steve
From manual page "sssd-ad"
dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. Default: 86400 (24 hours)
It is not explicitelly written, but you could noticed, that default value is in seconds. (86400 seconds == 24 hours)
Hi. Thanks. I changed it to: dyndns_update=true dyndns_refresh=60
No DNS request is made. We have a Samba4 dc which accepts dns requests from the windows clients so it seems to be working. I have set the log level to 6 but nothing gets logged. I'm looking in: /usr/local/var/log/sssd, /var/log/sssd
It's starting OK and getent and user logins work fine, just not the dns update requests. sudo sssd -i -d3 (Thu May 9 08:25:32 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !!
Here is our sssd.conf. What are we missing to be able to trigger the dns update requests? [sssd] debug_level = 6 services = nss, pam config_file_version = 2 domains = default
[nss]
[pam]
[domain/default] debug_level=6 dyndns_update=true dyndns_refresh_interval=60 ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true #entry_cache_timeout = 60 id_provider = ldap
^^^^
Currently the dyndns updates are only supported with id_provider=ad or id_provider=ipa
Since you're using the POSIX attributes, you'd want to configure a domain similar to:
id_provider = ad ad_server = hh16.hh3.site ad_domain = HH3.SITE ldap_id_mapping = False
auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_referrals = False ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
#ldap_default_bind_dn = cn=steve2,cn=Users,dc=dolores,dc=site #ldap_default_authtok_type = password #ldap_default_authtok = s2
ldap_sasl_mech = gssapi ldap_sasl_authid = PINOSO$@HH3.SITE ldap_krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel