On 11/04/14 11:10, Jakub Hrozek wrote:
On Fri, Apr 11, 2014 at 11:06:24AM +0100, Rowland Penny wrote:
On 11/04/14 10:44, Jakub Hrozek wrote:
On Fri, Apr 11, 2014 at 10:33:02AM +0100, Rowland Penny wrote:
On 10/04/14 22:53, Jakub Hrozek wrote:
On Thu, Apr 10, 2014 at 04:44:20PM +0100, Rowland Penny wrote:
On 10/04/14 15:20, Jakub Hrozek wrote: > Hi, > > our current HOWTO[1] on connecting SSSD to an AD DC is outdated, > mostly because the page still only introduces the LDAP provider. Recently, me, > Sumit and Jeremy Agee wrote a new page that specifically advises to use > the AD provider and also use realmd for setup: > https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server > > We started a new page and kept the old one around mostly because pre-1.9 > versions still need the LDAP provider info. > > I'd like to get some review and feedback from our community so we can > link the wiki page from the front page or the documentation section. In > addition to the lists, I also CC-ed the individual contributors to the > original page directly..I hope that's fine. > > Thank you for your comments. > > [1] > https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20... > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users I have had a quick read through and it all seems ok apart from one thing, it seems to be based on the premise that there is only one AD server available, it doesn't mention the Samba 4 AD server at all and I can assure you that it does work with Samba 4.
Rowland
Except where it doesn't because Samba 4 behaves differently from AD: https://fedorahosted.org/sssd/ticket/2311
I'm not trying to bash Samba here, really, but the AD provider has so far been tested only with real AD server. So what about saying something along the lines of "AD compatible server implementations, notably Samba 4 are currently not tested by the SSSD upstream, although we would accept any upstream bug reports from setups with a Samba 4 server".
On a side note, we're currently working on getting a Continuous Integration setup up and running. It might be prudent to include a Samba 4 server in the CI setup eventually (although probably not as a tier 1 priority) to test against.
Thanks for bringing Samba 4 up and for reading through the HOWTO! _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi again, well one step forward and three backwards ;-)
I did have sssd in 'ad' mode working using the packages from Timo's ppa on Ubuntu 12.04, Just moved to 14.04 (after they fixed their broken samba packages) and ARRRRGHHH, you are right, sssd doesn't work any more.
Sigh, I will just have to wait until Ubuntu fix their 1.11.5 sssd packages.
Rowland
Are you sure you're hitting #2311? The bug would cause a sssd_be crash
ER, well no, all I can say is that installing sssd on Ubuntu 14.04 server by:
apt-get install sssd sssd-tools
and then setting up sssd.conf to use ad (a conf file that worked against sssd from Timo's 12.04 ppa) does not work, ps ax | grep [s]ssd returns just one line, syslog fills up with sssd trying to restart every minute or so, and the sssd logs are full of this:
(Fri Apr 11 09:32:38 2014) [sssd] [mt_svc_exit_handler] (0x0010): Process [example.com], definitely stopped!
I have now removed sssd, but I am willing to install it again, if you require more info.
Rowland
Yes please, logs would also be welcome. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, re-installed and sanitized logfiles attached.
Rowland