On 11/04/14 11:10, Jakub Hrozek wrote:
>On Fri, Apr 11, 2014 at 11:06:24AM +0100, Rowland Penny wrote:
>>On 11/04/14 10:44, Jakub Hrozek wrote:
>>>On Fri, Apr 11, 2014 at 10:33:02AM +0100, Rowland Penny wrote:
>>>>On 10/04/14 22:53, Jakub Hrozek wrote:
>>>>>On Thu, Apr 10, 2014 at 04:44:20PM +0100, Rowland Penny wrote:
>>>>>>On 10/04/14 15:20, Jakub Hrozek wrote:
>>>>>>>Hi,
>>>>>>>
>>>>>>>our current HOWTO[1] on connecting SSSD to an AD DC is
outdated,
>>>>>>>mostly because the page still only introduces the LDAP
provider. Recently, me,
>>>>>>>Sumit and Jeremy Agee wrote a new page that specifically
advises to use
>>>>>>>the AD provider and also use realmd for setup:
>>>>>>>https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
>>>>>>>
>>>>>>>We started a new page and kept the old one around mostly
because pre-1.9
>>>>>>>versions still need the LDAP provider info.
>>>>>>>
>>>>>>>I'd like to get some review and feedback from our
community so we can
>>>>>>>link the wiki page from the front page or the documentation
section. In
>>>>>>>addition to the lists, I also CC-ed the individual
contributors to the
>>>>>>>original page directly..I hope that's fine.
>>>>>>>
>>>>>>>Thank you for your comments.
>>>>>>>
>>>>>>>[1]
>>>>>>>https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server
>>>>>>>_______________________________________________
>>>>>>>sssd-users mailing list
>>>>>>>sssd-users(a)lists.fedorahosted.org
>>>>>>>https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>>>>>I have had a quick read through and it all seems ok apart from
one
>>>>>>thing, it seems to be based on the premise that there is only one
AD
>>>>>>server available, it doesn't mention the Samba 4 AD server at
all
>>>>>>and I can assure you that it does work with Samba 4.
>>>>>>
>>>>>>Rowland
>>>>>Except where it doesn't because Samba 4 behaves differently from
AD:
>>>>>https://fedorahosted.org/sssd/ticket/2311
>>>>>
>>>>>I'm not trying to bash Samba here, really, but the AD provider has
so
>>>>>far been tested only with real AD server. So what about saying
something
>>>>>along the lines of "AD compatible server implementations, notably
Samba
>>>>>4 are currently not tested by the SSSD upstream, although we would
>>>>>accept any upstream bug reports from setups with a Samba 4
server".
>>>>>
>>>>>On a side note, we're currently working on getting a Continuous
Integration
>>>>>setup up and running. It might be prudent to include a Samba 4 server
in
>>>>>the CI setup eventually (although probably not as a tier 1 priority)
to
>>>>>test against.
>>>>>
>>>>>Thanks for bringing Samba 4 up and for reading through the HOWTO!
>>>>>_______________________________________________
>>>>>sssd-users mailing list
>>>>>sssd-users(a)lists.fedorahosted.org
>>>>>https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>>>Hi again, well one step forward and three backwards ;-)
>>>>
>>>>I did have sssd in 'ad' mode working using the packages from
Timo's
>>>>ppa on Ubuntu 12.04, Just moved to 14.04 (after they fixed their
>>>>broken samba packages) and ARRRRGHHH, you are right, sssd doesn't
>>>>work any more.
>>>>
>>>>Sigh, I will just have to wait until Ubuntu fix their 1.11.5 sssd
packages.
>>>>
>>>>Rowland
>>>Are you sure you're hitting #2311? The bug would cause a sssd_be crash
>>ER, well no, all I can say is that installing sssd on Ubuntu 14.04
>>server by:
>>
>>apt-get install sssd sssd-tools
>>
>>and then setting up sssd.conf to use ad (a conf file that worked
>>against sssd from Timo's 12.04 ppa) does not work, ps ax | grep
>>[s]ssd returns just one line, syslog fills up with sssd trying to
>>restart every minute or so, and the sssd logs are full of this:
>>
>>(Fri Apr 11 09:32:38 2014) [sssd] [mt_svc_exit_handler] (0x0010):
>>Process [
example.com], definitely stopped!
>>
>>I have now removed sssd, but I am willing to install it again, if
>>you require more info.
>>
>>Rowland
>Yes please, logs would also be welcome.
>_______________________________________________
>sssd-users mailing list
>sssd-users(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, re-installed and sanitized logfiles attached.
Rowland
Log files contains nonly generic error message "Error (2) in module (ad)
initialization (sssm_ad_id_init)!"
Please add debug_level = 7 into domain section.
Resend log files if you don't find anything intresting.
Please change the subject of mail or send log files in new thread.
LS