Replied directly with updated logs. There was a DNS issue caused by myself
during a frenzy of testing.
On Thu, Aug 31, 2017 at 10:47 AM, Michal Židek <mzidek(a)redhat.com> wrote:
I have the important part of logs now :)
Looking at the domain logs, this looks like a DNS or networking issue.
Are you sure you can resolve the
EXAMPLE.EXAMPLE.COM from the machine
with SSSD?
(Thu Aug 31 09:16:17 2017) [sssd[be[example.com]]]
[fo_resolve_service_done] (0x0020): Failed to resolve server '
EXAMPLE.EXAMPLE.COM': Domain name not found
(Thu Aug 31 09:16:17 2017) [sssd[be[example.com]]]
[set_server_common_status] (0x0100): Marking server 'EXAMPLE.EXAMPLE.COM'
as 'not working'
(Thu Aug 31 09:16:17 2017) [sssd[be[example.com]]]
[be_resolve_server_process] (0x0080): Couldn't resolve server (
EXAMPLE.EXAMPLE.COM), resolver returned [11]: Resource temporarily
unavailable
On 08/31/2017 04:38 PM, Michal Židek wrote:
> I forgot to say one think. You can sanitize the logs, but please
> sent the whole logs (not just parts) for the sssd_domain and
> sssd_nss logs (maybe you actually did this, but as I said,
> I do not see the mail with the attachment).
>
> Michal
>
> On 08/31/2017 04:31 PM, Michal Židek wrote:
>
>> Hi,
>>
>> I do not see the email where you sent the logs as attachment.
>> Maybe it is stuck in moderation (maybe the attachment was too big
>> or something). I only noticed you sent something thanks to your
>> last message. Can you please sent the logs directly to me?
>>
>> If the logs are too big, It will help if you stop sssd, delete the logs,
>> start sssd again and redo the test. This will keep the logs shorter.
>>
>> Thanks,
>>
>> Michal
>>
>> On 08/31/2017 03:45 PM, William Edsall wrote:
>>
>>> Further testing I think user1 may have been cached all along. I was not
>>> clearing cache while sssd was stopped.
>>>
>>> After stopping, clearing, starting - id user1 hangs. I then add
>>> ad_server and debug_level to sssd.conf and restart it. I can now id user1
>>> but I believe it's coming from cache.
>>>
>>> On Thu, Aug 31, 2017 at 9:28 AM, William Edsall <wedsall(a)gmail.com
>>> <mailto:wedsall@gmail.com>> wrote:
>>>
>>>
>>> Steps:
>>> left realm, joined realm as user1, added debug_level and ad_server
>>> to sssd.conf (it seems to hang when it runs into a dead ad_server),
>>> restarted nssd.
>>>
>>> I ran an id on user1, it returned data. No data for user2.
>>>
>>> I then cleared cache using: sss_cache -E, id'ed user1 again and data
>>> was returned. Still no data for user2.
>>>
>>>
>>> [sssd]
>>> domains =
example.com <
http://example.com>
>>> default_domain_suffix =
example.com <
http://example.com>
>>> config_file_version = 2
>>> services = nss, pam
>>>
>>>
>>> [
domain/example.com <
http://example.com>]
>>> debug_level = 9
>>> ad_domain =
example.com <
http://example.com>
>>> ad_server =
EXAMPLE.EXAMPLE.COM <
http://EXAMPLE.EXAMPLE.COM>
>>> krb5_realm =
EXAMPLE.COM <
http://EXAMPLE.COM>
>>> realmd_tags = manages-system joined-with-samba
>>> cache_credentials = True
>>> id_provider = ad
>>> krb5_store_password_if_offline = True
>>> default_shell = /bin/bash
>>> ldap_id_mapping = True
>>> use_fully_qualified_names = True
>>> fallback_homedir = /home/%u@%d
>>> access_provider = ad
>>>
>>>
>>> Logs:
>>> sssd_nss is ~700 of the following lines:
>>> (Thu Aug 31 09:21:05 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010):
>>> The Data Provider returned an error
>>> [org.freedesktop.sssd.Error.DataProvider.Offline]
>>>
>>> sssd_example.com.log (attached).
>>>
>>> On Thu, Aug 31, 2017 at 7:44 AM, Michal Židek <mzidek(a)redhat.com
>>> <mailto:mzidek@redhat.com>> wrote:
>>>
>>> On 08/30/2017 09:49 PM, William Edsall wrote:
>>>
>>> Hello list,
>>> I've configured sssd on Centos 7 with the very basics.
>>> I'm able to id my own user account, which was used to join
>>> the domain (via realm), but unable to id any other account.
>>> Does anything make sense about this? I should mention
>>> this is a very large (50,000+) corporate AD.
>>>
>>> Thanks
>>> William
>>>
>>>
>>>
>>> Hello,
>>>
>>> please provide sssd domain and sssd_nss logs with debug_level =
>>> 9
>>> as well as your SSSD configuration file.
>>>
>>> For more details see:
>>>
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
>>> <
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html>
>>>
>>> Michal
>>> _______________________________________________
>>> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>>> <mailto:sssd-users@lists.fedorahosted.org>
>>> To unsubscribe send an email to
>>> sssd-users-leave(a)lists.fedorahosted.org
>>> <mailto:sssd-users-leave@lists.fedorahosted.org>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>>>
>>> _______________________________________________
>> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>>
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org