On Thu, Nov 08, 2012 at 03:38:47PM +0000, Longina Przybyszewska wrote:
In /etc/sssd/sssd.conf
......
Ad_hostname = VICTORIA$(a)NAT.C.SDU.DK
......
It should be "ad_hostname" (note the capital A) and it's only useful for
specifying the machine hostname in case the output of hostname command
wouldn't reflect the real host name..
Does it work if you set:
ad_hostname = VICTORIA$
krb5_realm = NAT.C.SDU.DK
(VICTORIA$(a)NAT.C.SDU.DK was the one that worked for you, right?)
If it doesn't, can you raise debugging in the domain section, restart
the sssd, try again and look for lines that mention "ldap_child" ? You
would see the principal used there.
IT is obviously confusing about principal names...
Longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: 8. november 2012 10:54
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] startup problem/port status 0
On Tue, Nov 06, 2012 at 02:16:26PM +0000, Longina Przybyszewska wrote:
> Hi again,
> Thanks a lot for guiding me so far :)
>
> I have got sssd-1.9.2 package from Timo, Ubuntu sssd package maintainer for Ubuntu
Quantal.
>
> SSSD is configured against AD as auth/id - provider
>
> sssd.conf
>
> [sssd]
> debug_level = 0x1310
> config_file_version = 2
> services = nss, pam
> domains = nat.c.sdu.dk
>
> [nss]
> filter_groups = root
> filter_users = root
>
> [pam]
>
> [domain/nat.c.sdu.dk]
>
> debug_level = 0x1310
>
> enumerate = False
> min_id = 1000
> max_id = 20000
>
> auth_provider = ad
> id_provider = ad
> access_provider = ad
> chpass_provider = ad
>
> ad_server = nat.c.sdu.dk
> ad_hostname = testina4$.nat.c.sdu.dk
> ad_domain = nat.c.sdu.dk
>
>
> From log:
> (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]]
> [be_resolve_server_process] (0x0200): Found address for server
> nat.c.sdu.dk: [10.144.5.18] TTL 455 (Tue Nov 6 13:42:35 2012)
[sssd[be[nat.c.sdu.dk]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi,
user: testina4$ (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [fo_set_port_status]
(0x0100): Marking port 0 of server 'nat.c.sdu.dk' as 'not working (Tue Nov 6
13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [fo_resolve_service_send] (0x0100): Trying to
resolve service 'AD'
> (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [get_server_status] (0x1000):
Status of server 'nat.c.sdu.dk' is 'name resolved'
> (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [get_port_status] (0x1000): Port
status of port 0 for server 'nat.c.sdu.dk' is 'not working'
> (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]]
> [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Tue
> Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 1,11,Offline (Tue Nov 6
> 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [remove_krb5_info_files]
> (0x0200): Could not remove
> [/var/lib/sss/pubconf/kpasswdinfo.NAT.C.SDU.DK], [2][No such file or
> directory
>
There is not all the information in the log, raising the debug_level might provide more
info, but I think the problem is in the kinit.
Can you kinit as the principal specified in the ad_hostname and then ldapsearch the
directory?
Are you sure about the principal in ad_hostname? I think it is typically HOST$@DOMAIN,
your principal doesn't contain the at-sign.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users