Hi again,
Okay so i look at my sssd_MYDOMAIN log i get:
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_srv_done] (0x0400): Got answer. Processing... (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_srv_done] (0x0400): Got 5 servers (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [ad_get_dc_servers_done] (0x0400): Found 5 domain controllers in domain MYDOMAIN.ca (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [ad_srv_plugin_dcs_done] (0x0400): About to locate suitable site (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_send] (0x0400): Resolving host dc.MYDOMAIN.ca (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dc.MYDOMAIN.ca' in files (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dc.MYDOMAIN.ca' in files (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dc.MYDOMAIN.ca' in DNS (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://dc.MYDOMAIN.ca:389 (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_done] (0x0400): Successful connection to ldap://dc.MYDOMAIN.ca:389 (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=MYDOMAIN.ca)(NtVer=\14\00\00\00))][]. (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [ad_get_client_site_done] (0x0400): Found site: Default-First-Site-Name (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [ad_srv_plugin_site_done] (0x0400): About to discover primary and backup servers (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_servers_send] (0x0400): Looking up primary servers (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'Default-First-Site-Name._sites.MYDOMAIN.ca' (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.Default-First-Site-Name._sites.MYDOMAIN.ca' (Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached (Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]
Thanks! Thomas ________________________________________ From: Jakub Hrozek jhrozek@redhat.com Sent: Tuesday, June 25, 2019 3:56 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: id / getent not finding AD users
On Tue, Jun 25, 2019 at 07:25:45PM +0000, Thomas Beaudry wrote:
Hi Jakub,
Thanks for the link so i followed the troubleshooting and I notice i can't reach the data provider mentioned in step 4 ("If the command is reaching the NSS responder, does it get forwarded to the Data Provider?")
If i look at my sssd_nss log i get with a timestamp that matches my id <username> command:
(Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/MYDOMAIN.ca/root] to negative cache permanently (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/MYDOMAIN.ca/root] to negative cache permanently (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41eb90:domains@MYDOMAIN.ca] (Tue Jun 25 15:14:41 2019) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17][SSS_NSS_GETPWNAM] with input [admin]. (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'admin' matched without domain, user is admin (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [admin] from [<ALL>] (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [admin@MYDOMAIN.ca] (Tue Jun 25 15:14:41 2019) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values. (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41d420:1:admin@MYDOMAIN.ca] (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [MYDOMAIN.ca][0x1001][FAST BE_REQ_USER][1][name=admin]
The request gets forwarded to the data provider here..
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41d420:1:admin@MYDOMAIN.ca] (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 1, 11, Fast reply - offline
..but the data provider replies immediately because it had switched to the offline mode. For one reason or another, sssd_be couldn't reach any of the configured or auto-discovered servers.
(Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41d420:1:admin@MYDOMAIN.ca] (Tue Jun 25 15:14:41 2019) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
What would be the next step?
I would suggest looking at the sssd_MYDOMAIN.log files and look for messages that contain strings like "marking server XYZ as NOT_WORKING" or "Going offline". Then look for the request a little earlier, that's what causes sssd to go offline. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...