I tried sssd in Ubuntu-Saucy ,clean installation, AD provider.
"+" sides: -can join AD with 'realm' : -auto created krb5.keytab for computer -auto created DNS entries for computer
"-" sides: -sssd on start auto generates buggy /etc/sssd/sssd.conf (white space before end of line in entry: realmd_tags = manages-system joined-with-samba; ) -cannot login as member@ad_domain from GUI login even if 'id member@ad_domain' cli can find out data
This is my auto configured config file: ----------------------------------------- [sssd] domains = a.c.example.com config_file_version = 2 services = nss, pam [domain/a.c.example.com] ad_domain = a.c.example.com krb5_realm = A.C.EXAMPLE.COM realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u access_provider = ad
Any ideas?
Best regards Longina
On Fri, Jan 24, 2014 at 10:42:34AM +0000, Longina Przybyszewska wrote:
I tried sssd in Ubuntu-Saucy ,clean installation, AD provider.
"+" sides: -can join AD with 'realm' : -auto created krb5.keytab for computer -auto created DNS entries for computer
"-" sides: -sssd on start auto generates buggy /etc/sssd/sssd.conf (white space before end of line in entry: realmd_tags = manages-system joined-with-samba; )
This sounds like a realmd issue, but it shouldn't matter, we fixed the libini bug which caused us to fail with trailing whitespace. Do you still see it?
-cannot login as member@ad_domain from GUI
^^^^ Can you log in from ssh or console?
login even if 'id member@ad_domain' cli can find out data
This is my auto configured config file:
[sssd] domains = a.c.example.com config_file_version = 2 services = nss, pam [domain/a.c.example.com] ad_domain = a.c.example.com krb5_realm = A.C.EXAMPLE.COM realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u access_provider = ad
Any ideas?
Not many without logs, sorry..
Ups. I just run into another strange problem - can not start sssd with working previously sssd.conf. This is my laptop - I worked at home yesterday, on my local account and home wireless network; At work, I turned off wireless, working on wired network, the same local account;
Wanted reset sssd - can't do that anymore.
alongina@longina-nb:~$ sudo sssd -i -d9 -f [sudo] password for alongina: (Fri Jan 24 12:43:54:927427 2014) [sssd[be[nat.c.sdu.dk]]] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Fri Jan 24 12:43:54:959764 2014) [sssd[nss]] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Fri Jan 24 12:43:54:959794 2014) [sssd[pam]] [ldb] (0x0400): server_sort:Unable to register control with rootdse! tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Best Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek Sent: 24. januar 2014 11:49 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] sssd-1.11.1 in Saucy
On Fri, Jan 24, 2014 at 10:42:34AM +0000, Longina Przybyszewska wrote:
I tried sssd in Ubuntu-Saucy ,clean installation, AD provider.
"+" sides: -can join AD with 'realm' : -auto created krb5.keytab for computer -auto created DNS entries for computer
"-" sides: -sssd on start auto generates buggy /etc/sssd/sssd.conf (white space before end of line in entry: realmd_tags = manages-system joined-with-samba; )
This sounds like a realmd issue, but it shouldn't matter, we fixed the libini bug which caused us to fail with trailing whitespace. Do you still see it?
-cannot login as member@ad_domain from GUI
^^^^ Can you log in from ssh or console?
login even if 'id member@ad_domain' cli can find out data
This is my auto configured config file:
[sssd] domains = a.c.example.com config_file_version = 2 services = nss, pam [domain/a.c.example.com] ad_domain = a.c.example.com krb5_realm = A.C.EXAMPLE.COM realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u access_provider = ad
Any ideas?
Not many without logs, sorry.. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Fri, Jan 24, 2014 at 11:54:18AM +0000, Longina Przybyszewska wrote:
Ups. I just run into another strange problem - can not start sssd with working previously sssd.conf. This is my laptop - I worked at home yesterday, on my local account and home wireless network; At work, I turned off wireless, working on wired network, the same local account;
Wanted reset sssd - can't do that anymore.
alongina@longina-nb:~$ sudo sssd -i -d9 -f [sudo] password for alongina: (Fri Jan 24 12:43:54:927427 2014) [sssd[be[nat.c.sdu.dk]]] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Fri Jan 24 12:43:54:959764 2014) [sssd[nss]] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Fri Jan 24 12:43:54:959794 2014) [sssd[pam]] [ldb] (0x0400): server_sort:Unable to register control with rootdse! tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Looks like Kerberos is misconfigured or perhaps the keytab is wrong?
If realmd is available, it's the easiest way to join a machine.
sssd-users@lists.fedorahosted.org