Hi all,
I'm trying to set up SSSD on a workstation with no success. Operating system is fully patched Ubuntu 14.04.3
Version info:
$ sssd --version 1.11.5
sssd.conf:
[sssd] debug_level = 0x4000 config_file_version = 2 services = nss,pam domains = FOO
[nss] debug_level = 0xFFF0 filter_users = root filter_groups = root
[pam]
[domains/FOO] debug_level = 0xFFF0 auth_provider = krb5 krb5_server = kdc.redacted.com krb5_realm = REDACTED cache_credentials = true
access_provider = simple chpass_provider = krb5
id_provider = ldap ldap_uri = ldap://ldap.redacted.com ldap_search_base = dc=redacted,dc=com ldap_id_use_start_tls = true ldap_sasl_mech = GSSAPI
sudo_provider = none
sssd.conf permissions:
$ sudo ls -al /etc/sssd/sssd.conf -rw------- 1 root root 543 Aug 9 14:30 /etc/sssd/sssd.conf
Output when run from commandline:
$ sudo /usr/sbin/sssd -i -d7 (Sun Aug 9 15:01:19:105688 2015) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Sun Aug 9 15:01:19:106021 2015) [sssd] [add_implicit_services] (0x0040): id_provider is not set for domain [FOO], trying next domain. (Sun Aug 9 15:01:19:106120 2015) [sssd] [confdb_get_domain_internal] (0x0010): Unknown domain [FOO] (Sun Aug 9 15:01:19:106154 2015) [sssd] [confdb_get_domains] (0x0010): Error (2 [No such file or directory]) retrieving domain [FOO], skipping! (Sun Aug 9 15:01:19:106186 2015) [sssd] [confdb_get_domains] (0x0010): No properly configured domains, fatal error! (Sun Aug 9 15:01:19:106210 2015) [sssd] [get_monitor_config] (0x0010): No domains configured. (Sun Aug 9 15:01:19:106255 2015) [sssd] [main] (0x0020): SSSD couldn't load the configuration database.
Near as I can tell, the error about a missing id_provider is a baldfaced lie--the `id_provider = ldap` line clearly exists in sssd.conf, and this exact configuration is working on another fully patched Ubuntu 14.04.3 system on the same network--but I haven't a clue about the error's root cause. I'm also unable to find any information about the missing file that is causing the `No such file or directory` error. Based on some older posts to this list, I tried installing and running ldbsearch on `/var/lib/sss/db/config.ldb`:
$ sudo ldbsearch -H /var/lib/sss/db/config.ldb server_sort:Unable to register control with rootdse! # record 1 dn: cn=sssd,cn=config cn: sssd config_file_version: 2 debug_level: 0x4000 domains: FOO services: nss,pam distinguishedName: cn=sssd,cn=config
# record 2 dn: cn=config version: 2 lastUpdate: 1439155822 distinguishedName: cn=config
# record 3 dn: cn=nss,cn=config cn: nss debug_level: 0xFFF0 filter_groups: root filter_users: root distinguishedName: cn=nss,cn=config
# record 4 dn: cn=FOO,cn=domains,cn=config access_provider: simple auth_provider: krb5 cache_credentials: true chpass_provider: krb5 cn: FOO debug_level: 0xFFF0 id_provider: ldap krb5_realm: REDACTED krb5_server: kdc.redacted.com ldap_id_use_start_tls: true ldap_sasl_mech: GSSAPI ldap_search_base: dc=redacted,dc=com ldap_uri: ldap://ldap.redacted.com sudo_provider: none distinguishedName: cn=FOO,cn=domains,cn=config
# record 5 dn: cn=pam,cn=config cn: pam distinguishedName: cn=pam,cn=config
# returned 5 records # 5 entries # 0 referrals
config.ldb permissions:
$ ls -al /var/lib/sss/db/config.ldb -rw------- 1 root root 1286144 Aug 9 15:16 /var/lib/sss/db/config.ldb
So that seems to be in order. I examined the source code, but wasn't able to trace the flow of execution past `confdb_get_param`
At this point, I know of no other troubleshooting or debugging options, even after reading through the various related documents scattered about the Internet. Looking at file access patterns with `strace` didn't yield any useful information either. What else could be causing this issue?
Cheers, -Caleb
On 08/10/2015 12:56 AM, Caleb wrote:
[sssd] debug_level = 0x4000 config_file_version = 2 services = nss,pam domains = FOO [nss] debug_level = 0xFFF0 filter_users = root filter_groups = root [pam] [domains/FOO]
please replace with "[domain/FOO]"
debug_level = 0xFFF0 auth_provider = krb5 krb5_server =kdc.redacted.com <http://kdc.redacted.com> krb5_realm = REDACTED cache_credentials = true access_provider = simple chpass_provider = krb5 id_provider = ldap ldap_uri = ldap://ldap.redacted.com <http://ldap.redacted.com> ldap_search_base = dc=redacted,dc=com ldap_id_use_start_tls = true ldap_sasl_mech = GSSAPI sudo_provider = none
It works! Thanks for the tip, I'd missed that completely.
On Mon, Aug 10, 2015 at 1:44 AM, Pavel Reichl preichl@redhat.com wrote:
On 08/10/2015 12:56 AM, Caleb wrote:
[sssd] debug_level = 0x4000 config_file_version = 2 services = nss,pam domains = FOO [nss] debug_level = 0xFFF0 filter_users = root filter_groups = root [pam] [domains/FOO]
please replace with "[domain/FOO]"
debug_level = 0xFFF0 auth_provider = krb5 krb5_server = kdc.redacted.com krb5_realm = REDACTED cache_credentials = true access_provider = simple chpass_provider = krb5 id_provider = ldap ldap_uri = ldap://ldap.redacted.com ldap_search_base = dc=redacted,dc=com ldap_id_use_start_tls = true ldap_sasl_mech = GSSAPI sudo_provider = none
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org