Hi List,
I am experiencing a strange error with sssd-1.11.6-30 on RHEL-6 machine it produces error:
(Wed Apr 29 12:05:02 2015) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Referral(10), 0000202B: RefErr: DSID-03100742, data 0, 1 access points ref 1: 'ad.example.com'
(Wed Apr 29 12:05:02 2015) [sssd[be[default]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/output error (Wed Apr 29 12:05:02 2015) [sssd[be[default]]] [ad_subdomains_get_slave_domain_done] (0x0040): sdap_get_generic_send request failed.
And it also produces incomplete list of groups for user (via id -a)
Trying the same configuration on Centos-7 and sssd-1.12.2-58 is working just fine. My configuration:
[sssd] services = autofs, nss, pam config_file_version = 2 debug_level = 5
domains = default [nss]
[domain/default] debug_level = 5 ldap_id_mapping = False ad_domain = PRAGUE.AD.EXAMPLE.COM id_provider = ad auth_provider = ad chpass_provider = ad autofs_provider = ldap cache_credentials = True # ldap_sasl_authid = RH6HOST$@PRAGUE.AD.EXAMPLE.COM dns_discovery_domain = prague.ad.example.com krb5_realm = PRAGUE.AD.EXAMPLE.COM krb5_canonicalize = False # interval (in seconds) to renew Kerberos TGTs krb5_renew_interval = 3600 # request renewable Kerberos tickets krb5_renewable_lifetime = 30d ldap_sasl_mech = GSSAPI ldap_referrals = False ldap_autofs_entry_key = cn ldap_autofs_entry_object_class = nisObject ldap_autofs_entry_value = nisMapEntry ldap_autofs_map_name = nisMapName ldap_autofs_map_object_class = nisMap
Is there something wrong with my setup or the sssd is broken in RH-6? Please advise.
Thanks, Ondrej
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
On Wed, Apr 29, 2015 at 12:50:02PM +0000, Ondrej Valousek wrote:
Hi List,
I am experiencing a strange error with sssd-1.11.6-30 on RHEL-6 machine it produces error:
Do you have the latest updates installed?
(Wed Apr 29 12:05:02 2015) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Referral(10), 0000202B: RefErr: DSID-03100742, data 0, 1 access points ref 1: 'ad.example.com'
We didn't ignore referrals correctly until 1.12, I think. Since 1.12 is already working for you fine, 6.7 would magically solve your problem, we're upgrading to 1.12 there..
On (29/04/15 14:56), Jakub Hrozek wrote:
On Wed, Apr 29, 2015 at 12:50:02PM +0000, Ondrej Valousek wrote:
Hi List,
I am experiencing a strange error with sssd-1.11.6-30 on RHEL-6 machine it produces error:
Do you have the latest updates installed?
(Wed Apr 29 12:05:02 2015) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Referral(10), 0000202B: RefErr: DSID-03100742, data 0, 1 access points ref 1: 'ad.example.com'
We didn't ignore referrals correctly until 1.12, I think. Since 1.12 is already working for you fine, 6.7 would magically solve your problem, we're upgrading to 1.12 there..
It was fixed in upstream 1.11.7 commit e6c56ab04e9b3669a7f7a87e49752c22d72e8e8a Author: Jakub Hrozek jhrozek@redhat.com Date: Wed Aug 20 14:00:38 2014 +0200
LDAP: Ignore returned referrals if referral support is disabled
Reviewed-by: Pavel Reichl preichl@redhat.com (cherry picked from commit a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2)
sh$ $git tag --contains e6c56ab04e9b3669a7f7a87e49752c22d72e8e8a sssd-1_11_7
So you can test with back-ported version https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-11/
LS
Ok 1.11.7 fixes the problem indeed. Hope it will find its way into the official repo soon! Thanks guys for a quick reply!
Ondrej
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Lukas Slebodnik Sent: Wednesday, April 29, 2015 3:02 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] Referral problem with sssd on RHEL-6
On (29/04/15 14:56), Jakub Hrozek wrote:
On Wed, Apr 29, 2015 at 12:50:02PM +0000, Ondrej Valousek wrote:
Hi List,
I am experiencing a strange error with sssd-1.11.6-30 on RHEL-6 machine it produces error:
Do you have the latest updates installed?
(Wed Apr 29 12:05:02 2015) [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Referral(10), 0000202B: RefErr: DSID-03100742, data 0, 1 access points ref 1: 'ad.example.com'
We didn't ignore referrals correctly until 1.12, I think. Since 1.12 is already working for you fine, 6.7 would magically solve your problem, we're upgrading to 1.12 there..
It was fixed in upstream 1.11.7 commit e6c56ab04e9b3669a7f7a87e49752c22d72e8e8a Author: Jakub Hrozek jhrozek@redhat.com Date: Wed Aug 20 14:00:38 2014 +0200
LDAP: Ignore returned referrals if referral support is disabled
Reviewed-by: Pavel Reichl preichl@redhat.com (cherry picked from commit a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2)
sh$ $git tag --contains e6c56ab04e9b3669a7f7a87e49752c22d72e8e8a sssd-1_11_7
So you can test with back-ported version https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-11/
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
sssd-users@lists.fedorahosted.org