Hi,
On Sat, Oct 21, 2017 at 8:56 PM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Fri, Oct 20, 2017 at 04:39:54PM +0200, Jeremy Monnet wrote:
> Hi,
>
> I have that error message that I do not understand, because I have 2
ubuntu
> servers setup the same way (but 1 ubuntu 14.04 and 1 ubuntu 16.04).
Ubuntu
> 14 is working fine, I can authenticate and sudo just fine, Ubuntu 16 can
> list users and groups but I cannot authenticate nor sudo. And I see in
the
> sssd_domain.log :
>
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [fo_resolve_service_send]
> (0x0100): Trying to resolve service 'AD'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_server_status]
(0x1000):
> Status of server '<servername>' is 'name resolved'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_port_status] (0x1000):
> Port status of port 389 for server '<servername>' is 'not
working'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_server_status]
(0x1000):
> Status of server '<servername2>' is 'name resolved'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_port_status] (0x1000):
> Port status of port 389 for server '<servername2>' is 'not
working'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [fo_resolve_service_send]
> (0x0020): No available servers for service 'AD'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [be_resolve_server_done]
> (0x1000): Server resolution failed: 5
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [sdap_id_op_connect_done]
> (0x0020): Failed to connect, going offline (5 [Input/output error])
>
>
> Of course, port 389 is indeed reachable, and I have joined and re-joined
> the domain several times, deleted the object computer in AD, checked
> several times that the keytab was created, and that I could kinit with
it...
>
> One thing is that I join a child AD domain and tries to login with an
> account from the main domain, that is probably an issue, but as that work
> on the other Ubuntu with the same setup, I am stuck...
Can you show the whole log or the first time the not working message
appeared since sssd restart?
I have tried to sanitize the whole log file, but therareis too many
acccounts,
servers, etc appearing in the logs, so I will try to provide you
just the required snippets. In parallel I will open a new thread because I
am not sure of the setup I use, and I haven't been to find the recommended
way of configuring an AD auth in real life (i.e. with multiple domains,
firewalls blocking the ports, etc...).
So I have restarted sssd this morning, clearing the logs in between, and I
get :
root@server:/var/log/sssd# grep "Port status of port" sssd_<domain>.log
(Mon Oct 23 09:37:28 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 0 for server '(no name)' is 'neutral'
(Mon Oct 23 09:37:38 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 0 for server '(no name)' is 'neutral'
(Mon Oct 23 09:37:38 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is
'working'
(Mon Oct 23 09:39:12 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 0 for server '(no name)' is 'neutral'
(Mon Oct 23 09:39:12 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is
'neutral'
(Mon Oct 23 09:39:12 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad1>.<domain>' is 'not
working'
(Mon Oct 23 09:39:12 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is 'not
working'
(Mon Oct 23 09:39:12 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad1>.<domain>' is 'not
working'
(Mon Oct 23 09:39:12 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is 'not
working'
(Mon Oct 23 09:39:20 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is
'working'
(Mon Oct 23 09:39:20 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is
'working'
(Mon Oct 23 09:39:31 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is
'working'
(Mon Oct 23 09:40:31 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad2>.<domain>' is
'neutral'
(Mon Oct 23 09:40:31 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad1>.<domain>' is
'working'
(Mon Oct 23 09:40:31 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad1>.<domain>' is
'working'
(Mon Oct 23 09:42:38 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 3268 for server '<ad1>.<domain>' is
'neutral'
(Mon Oct 23 09:42:38 2017) [sssd[be[<domain>]]] [get_port_status] (0x1000):
Port status of port 389 for server '<ad1>.<domain>' is
'working'
In the attached snippet you will find all (Mon Oct 23 09:39:12 2017)
Thanks,
Jeremy