On 11/04/14 12:41, Lukas Slebodnik wrote:
On (11/04/14 12:03), Rowland Penny wrote:
On 11/04/14 11:10, Jakub Hrozek wrote:
On Fri, Apr 11, 2014 at 11:06:24AM +0100, Rowland Penny wrote:
On 11/04/14 10:44, Jakub Hrozek wrote:
On Fri, Apr 11, 2014 at 10:33:02AM +0100, Rowland Penny wrote:
On 10/04/14 22:53, Jakub Hrozek wrote: > On Thu, Apr 10, 2014 at 04:44:20PM +0100, Rowland Penny wrote: >> On 10/04/14 15:20, Jakub Hrozek wrote: >>> Hi, >>> >>> our current HOWTO[1] on connecting SSSD to an AD DC is outdated, >>> mostly because the page still only introduces the LDAP provider. Recently, me, >>> Sumit and Jeremy Agee wrote a new page that specifically advises to use >>> the AD provider and also use realmd for setup: >>> https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server >>> >>> We started a new page and kept the old one around mostly because pre-1.9 >>> versions still need the LDAP provider info. >>> >>> I'd like to get some review and feedback from our community so we can >>> link the wiki page from the front page or the documentation section. In >>> addition to the lists, I also CC-ed the individual contributors to the >>> original page directly..I hope that's fine. >>> >>> Thank you for your comments. >>> >>> [1] >>> https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20... >>> _______________________________________________ >>> sssd-users mailing list >>> sssd-users@lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> I have had a quick read through and it all seems ok apart from one >> thing, it seems to be based on the premise that there is only one AD >> server available, it doesn't mention the Samba 4 AD server at all >> and I can assure you that it does work with Samba 4. >> >> Rowland > Except where it doesn't because Samba 4 behaves differently from AD: > https://fedorahosted.org/sssd/ticket/2311 > > I'm not trying to bash Samba here, really, but the AD provider has so > far been tested only with real AD server. So what about saying something > along the lines of "AD compatible server implementations, notably Samba > 4 are currently not tested by the SSSD upstream, although we would > accept any upstream bug reports from setups with a Samba 4 server". > > On a side note, we're currently working on getting a Continuous Integration > setup up and running. It might be prudent to include a Samba 4 server in > the CI setup eventually (although probably not as a tier 1 priority) to > test against. > > Thanks for bringing Samba 4 up and for reading through the HOWTO! > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users Hi again, well one step forward and three backwards ;-)
I did have sssd in 'ad' mode working using the packages from Timo's ppa on Ubuntu 12.04, Just moved to 14.04 (after they fixed their broken samba packages) and ARRRRGHHH, you are right, sssd doesn't work any more.
Sigh, I will just have to wait until Ubuntu fix their 1.11.5 sssd packages.
Rowland
Are you sure you're hitting #2311? The bug would cause a sssd_be crash
ER, well no, all I can say is that installing sssd on Ubuntu 14.04 server by:
apt-get install sssd sssd-tools
and then setting up sssd.conf to use ad (a conf file that worked against sssd from Timo's 12.04 ppa) does not work, ps ax | grep [s]ssd returns just one line, syslog fills up with sssd trying to restart every minute or so, and the sssd logs are full of this:
(Fri Apr 11 09:32:38 2014) [sssd] [mt_svc_exit_handler] (0x0010): Process [example.com], definitely stopped!
I have now removed sssd, but I am willing to install it again, if you require more info.
Rowland
Yes please, logs would also be welcome. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, re-installed and sanitized logfiles attached.
Rowland
Log files contains nonly generic error message "Error (2) in module (ad) initialization (sssm_ad_id_init)!"
Please add debug_level = 7 into domain section. Resend log files if you don't find anything intresting.
Please change the subject of mail or send log files in new thread.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I take it all back, I am stupid ;-)
Once I scanned the new logfile, it dawned on me what I had forgotten to do, so I did it and now everything seems to be working ok.
Oh, you want to know what I forgot to do?
I forgot to export the keytab ;-)
Rowland