On (11/04/14 12:03), Rowland Penny wrote:
> On 11/04/14 11:10, Jakub Hrozek wrote:
>> On Fri, Apr 11, 2014 at 11:06:24AM +0100, Rowland Penny wrote:
>>> On 11/04/14 10:44, Jakub Hrozek wrote:
>>>> On Fri, Apr 11, 2014 at 10:33:02AM +0100, Rowland Penny wrote:
>>>>> On 10/04/14 22:53, Jakub Hrozek wrote:
>>>>>> On Thu, Apr 10, 2014 at 04:44:20PM +0100, Rowland Penny wrote:
>>>>>>> On 10/04/14 15:20, Jakub Hrozek wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> our current HOWTO[1] on connecting SSSD to an AD DC is
outdated,
>>>>>>>> mostly because the page still only introduces the LDAP
provider. Recently, me,
>>>>>>>> Sumit and Jeremy Agee wrote a new page that specifically
advises to use
>>>>>>>> the AD provider and also use realmd for setup:
>>>>>>>>
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
>>>>>>>>
>>>>>>>> We started a new page and kept the old one around mostly
because pre-1.9
>>>>>>>> versions still need the LDAP provider info.
>>>>>>>>
>>>>>>>> I'd like to get some review and feedback from our
community so we can
>>>>>>>> link the wiki page from the front page or the
documentation section. In
>>>>>>>> addition to the lists, I also CC-ed the individual
contributors to the
>>>>>>>> original page directly..I hope that's fine.
>>>>>>>>
>>>>>>>> Thank you for your comments.
>>>>>>>>
>>>>>>>> [1]
>>>>>>>>
https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate...
>>>>>>>> _______________________________________________
>>>>>>>> sssd-users mailing list
>>>>>>>> sssd-users(a)lists.fedorahosted.org
>>>>>>>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>>>>>> I have had a quick read through and it all seems ok apart
from one
>>>>>>> thing, it seems to be based on the premise that there is only
one AD
>>>>>>> server available, it doesn't mention the Samba 4 AD
server at all
>>>>>>> and I can assure you that it does work with Samba 4.
>>>>>>>
>>>>>>> Rowland
>>>>>> Except where it doesn't because Samba 4 behaves differently
from AD:
>>>>>>
https://fedorahosted.org/sssd/ticket/2311
>>>>>>
>>>>>> I'm not trying to bash Samba here, really, but the AD
provider has so
>>>>>> far been tested only with real AD server. So what about saying
something
>>>>>> along the lines of "AD compatible server implementations,
notably Samba
>>>>>> 4 are currently not tested by the SSSD upstream, although we
would
>>>>>> accept any upstream bug reports from setups with a Samba 4
server".
>>>>>>
>>>>>> On a side note, we're currently working on getting a
Continuous Integration
>>>>>> setup up and running. It might be prudent to include a Samba 4
server in
>>>>>> the CI setup eventually (although probably not as a tier 1
priority) to
>>>>>> test against.
>>>>>>
>>>>>> Thanks for bringing Samba 4 up and for reading through the
HOWTO!
>>>>>> _______________________________________________
>>>>>> sssd-users mailing list
>>>>>> sssd-users(a)lists.fedorahosted.org
>>>>>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>>>> Hi again, well one step forward and three backwards ;-)
>>>>>
>>>>> I did have sssd in 'ad' mode working using the packages from
Timo's
>>>>> ppa on Ubuntu 12.04, Just moved to 14.04 (after they fixed their
>>>>> broken samba packages) and ARRRRGHHH, you are right, sssd
doesn't
>>>>> work any more.
>>>>>
>>>>> Sigh, I will just have to wait until Ubuntu fix their 1.11.5 sssd
packages.
>>>>>
>>>>> Rowland
>>>> Are you sure you're hitting #2311? The bug would cause a sssd_be
crash
>>> ER, well no, all I can say is that installing sssd on Ubuntu 14.04
>>> server by:
>>>
>>> apt-get install sssd sssd-tools
>>>
>>> and then setting up sssd.conf to use ad (a conf file that worked
>>> against sssd from Timo's 12.04 ppa) does not work, ps ax | grep
>>> [s]ssd returns just one line, syslog fills up with sssd trying to
>>> restart every minute or so, and the sssd logs are full of this:
>>>
>>> (Fri Apr 11 09:32:38 2014) [sssd] [mt_svc_exit_handler] (0x0010):
>>> Process [
example.com], definitely stopped!
>>>
>>> I have now removed sssd, but I am willing to install it again, if
>>> you require more info.
>>>
>>> Rowland
>> Yes please, logs would also be welcome.
>> _______________________________________________
>> sssd-users mailing list
>> sssd-users(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> OK, re-installed and sanitized logfiles attached.
>
> Rowland
Log files contains nonly generic error message "Error (2) in module (ad)
initialization (sssm_ad_id_init)!"
Please add debug_level = 7 into domain section.
Resend log files if you don't find anything intresting.
Please change the subject of mail or send log files in new thread.
LS
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users OK, I take it all back,
I am stupid ;-)
Once I scanned the new logfile, it dawned on me what I had forgotten to
do, so I did it and now everything seems to be working ok.
Oh, you want to know what I forgot to do?
I forgot to export the keytab ;-)
Rowland