Hi list,
I have some trouble with sssd after upgrading from Debian Jessie (stable) to Stretch (testing).
I'm using sssd with LDAP (OpenLDAP servers running Debian Jessie) for NSS and PAM.
NSS works just fine. getent passwd|group does return all users and groups stored in LDAP.
PAM doesn't work. I get this error in the log:
[sssd[be[LDAP]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'ldap2.Domain.TLD' as 'working' [sssd[be[LDAP]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=someuser,ou=user,dc=Sub,dc=Domain,dc=TLD [sssd[be[LDAP]]] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server]
/var/log/auth.log: sshd[13510]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.200.11 user=someuser sshd[13510]: pam_sss(sshd:auth): received for user someuser: 4 (System error)
Old version: 1.11.7-3 (Debian) New version: 1.14.1-1 (Debian)
I'm pretty sure that the connection to the LDAP server does work for NSS. After stopping sssd, deleting /var/lib/sss/db/* and starting sssd again it does fetch all users and groups from the directory.
Any idea what's wrong?
Cheers, Sascha
On (24/10/16 16:04), Sascha Frey wrote:
Hi list,
I have some trouble with sssd after upgrading from Debian Jessie (stable) to Stretch (testing).
I'm using sssd with LDAP (OpenLDAP servers running Debian Jessie) for NSS and PAM.
NSS works just fine. getent passwd|group does return all users and groups stored in LDAP.
PAM doesn't work. I get this error in the log:
[sssd[be[LDAP]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'ldap2.Domain.TLD' as 'working' [sssd[be[LDAP]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=someuser,ou=user,dc=Sub,dc=Domain,dc=TLD [sssd[be[LDAP]]] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server]
/var/log/auth.log: sshd[13510]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.200.11 user=someuser sshd[13510]: pam_sss(sshd:auth): received for user someuser: 4 (System error)
Old version: 1.11.7-3 (Debian) New version: 1.14.1-1 (Debian)
It's known bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840617 https://fedorahosted.org/sssd/ticket/3189 You might to downgrade to 1.13.x on testing
I am tring to reproduce it. Could you tell me what kind/version of LDAP server do you use?
If you have an openLDAP then could you try to reproduce with freeIPA or Active Directory?
LS
sssd-users@lists.fedorahosted.org
-
Lukas Slebodnik -
Sascha Frey