Hi again,
Okay so i look at my sssd_MYDOMAIN log i get:
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_srv_done] (0x0400): Got
answer. Processing...
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_srv_done] (0x0400): Got 5
servers
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [ad_get_dc_servers_done] (0x0400):
Found 5 domain controllers in domain MYDOMAIN.ca
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [ad_srv_plugin_dcs_done] (0x0400):
About to locate suitable site
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_send] (0x0400):
Resolving host dc.MYDOMAIN.ca
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'dc.MYDOMAIN.ca' in files
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'dc.MYDOMAIN.ca' in files
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_next] (0x0200):
No more address families to retry
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'dc.MYDOMAIN.ca' in DNS
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_resolv_done]
(0x0400): Connecting to ldap://dc.MYDOMAIN.ca:389
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sss_ldap_init_send] (0x0400): Setting
6 seconds timeout for connecting
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_done] (0x0400):
Successful connection to ldap://dc.MYDOMAIN.ca:389
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(&(DnsDomain=MYDOMAIN.ca)(NtVer=\14\00\00\00))][].
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_get_generic_op_finished]
(0x0400): Search result: Success(0), no errmsg set
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [ad_get_client_site_done] (0x0400):
Found site: Default-First-Site-Name
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [ad_srv_plugin_site_done] (0x0400):
About to discover primary and backup servers
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_servers_send] (0x0400):
Looking up primary servers
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_discover_srv_next_domain]
(0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain
'Default-First-Site-Name._sites.MYDOMAIN.ca'
(Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_getsrv_send] (0x0100): Trying
to resolve SRV record of '_ldap._tcp.Default-First-Site-Name._sites.MYDOMAIN.ca'
(Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [fo_resolve_service_timeout] (0x0080):
Service resolving timeout reached
(Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_id_op_connect_done] (0x0020):
Failed to connect, going offline (5 [Input/output error]
Thanks!
Thomas
________________________________________
From: Jakub Hrozek <jhrozek(a)redhat.com>
Sent: Tuesday, June 25, 2019 3:56 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: id / getent not finding AD users
On Tue, Jun 25, 2019 at 07:25:45PM +0000, Thomas Beaudry wrote:
Hi Jakub,
Thanks for the link so i followed the troubleshooting and I notice i can't reach the
data provider mentioned in step 4 ("If the command is reaching the NSS responder,
does it get forwarded to the Data Provider?")
If i look at my sssd_nss log i get with a timestamp that matches my id <username>
command:
(Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'root' matched without domain, user is root
(Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding
[NCE/USER/MYDOMAIN.ca/root] to negative cache permanently
(Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'root' matched without domain, user is root
(Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding
[NCE/GROUP/MYDOMAIN.ca/root] to negative cache permanently
(Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting
request: [0x41eb90:domains@MYDOMAIN.ca]
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client
version [1].
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version
[1].
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command
[17][SSS_NSS_GETPWNAM] with input [admin].
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'admin' matched without domain, user is admin
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for
[admin] from [<ALL>]
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting
info for [admin(a)MYDOMAIN.ca]
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view,
continuing with provided values.
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x41d420:1:admin@MYDOMAIN.ca]
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating
request for [MYDOMAIN.ca][0x1001][FAST BE_REQ_USER][1][name=admin]
The request gets forwarded to the data provider here..
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x41d420:1:admin@MYDOMAIN.ca]
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to
get information from Data Provider
Error: 1, 11, Fast reply - offline
..but the data provider replies immediately because it had switched to
the offline mode. For one reason or another, sssd_be couldn't reach any
of the configured or auto-discovered servers.
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_req_destructor]
(0x0400): Deleting request: [0x41d420:1:admin@MYDOMAIN.ca]
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
What would be the next step?
I would suggest looking at the sssd_MYDOMAIN.log files and look for
messages that contain strings like "marking server XYZ as NOT_WORKING"
or "Going offline". Then look for the request a little earlier, that's
what causes sssd to go offline.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...