[SSSD-users] Re: account not authenticating in child domain

Okay, Thank you for helping! krb5_child.log (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530 [main] (0x0400): krb5_child started. (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530 [unpack_buffer] (0x1000): total buffer size: [225] (Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530

[SSSD-users] Re: account not authenticating in child domain

Could you provide updated sssd_ and krb5_child logs from the reproduced login failure after making that change? It would be great if you can remove any existing logs first. Kind regards, Justin Stephenson On 01/27/2017 03:30 PM, sonia.gilb...@hawaiianair.com wrote: Thank you Justin for

[SSSD-users] Re: account not authenticating in child domain

Thank you Justin for responding. I checked the krb5.conf and it was not configured for 'dns_lookup_kdc = true'. I added it in. I restarted sssd service but still no change. Also along the way during this troubleshooting I have no broken the authentication to the parent domain and am now

[SSSD-users] Re: sssd and clustering/ctdb

And I did check the obvious - googling for "clustered sssd" or "sssd and ctdb" didn't come up with much useful in the last year (mostly a few threads that are out of date from 2 or 3 years ago). ___ sssd-users mailing list --

[SSSD-users] sssd and clustering/ctdb

We were noticing some strange problems in two node clustered (ctdb/samba) sssd, cases in which both nodes joined AD fine, but "getent passwd " worked for only a subset of the remote AD users on one node, but worked fine on the other.The config seemed to be identical on the two nodes -

[SSSD-users] Re: sssd error message help

That's fine. I can wait for the fix. Good enough for now to know that it's innocuous in our setup. =G= From: Jakub Hrozek Sent: Friday, January 27, 2017 12:01 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd

[SSSD-users] Re: uid -> sid mapping in Samba with sssd

Dear Sumit, thank you for your quick reply and the good hints. Access works now as expected. The reason of the failure was one wrong libwbclient link. Admins have to really be carefully, when switching to sssd's libwbclient.so. In parallel, I also switched the member server to Samba's

[SSSD-users] Re: SSSD - user id mapping

Hi Justin, This is what I have: root@perf-imglab08:~# cat /etc/ldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URIldap://ldap.example.com ldap://ldap-master.example.com:666

[SSSD-users] Re: sssd error message help

On Fri, Jan 27, 2017 at 02:20:39PM +, Galen Johnson wrote: > I am indeed using id_provider=ldap. Thanks for the info. Reading through > the linked issues, there appears to be no way to "turn them off" currently. > Is that true or will we need to wait for an update? On a busy system, this

[SSSD-users] Re: sssd error message help

I am indeed using id_provider=ldap. Thanks for the info. Reading through the linked issues, there appears to be no way to "turn them off" currently. Is that true or will we need to wait for an update? On a busy system, this pumps up the logs quite a bit. thanks =G=

[SSSD-users] Re: SSSD - user id mapping

Hello, The problem appears to be here: (Mon Jan 23 07:35:08 2017) [sssd[be[concordia.ca]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: PERF-IMGLAB08$ (Mon Jan 23 07:35:08 2017) [sssd[be[concordia.ca]]] [ad_sasl_log] (0x0040): SASL: GSSAPI Error: An invalid name was

[SSSD-users] Re: excessive number of adcli-krb5 tmp files

On Thu, Jan 26, 2017 at 09:12:06PM -, smfre...@gmail.com wrote: > We do see errors in the log, although not clear yet if the large number of > them were due to sssd service not being restarted (we fixed that and still > saw the same two errors in the logs - just not sure if as often) > >

[SSSD-users] Re: uid -> sid mapping in Samba with sssd

On Fri, Jan 27, 2017 at 11:15:40AM -, rdrat...@yahoo.co.uk wrote: > > On Wed, Jan 25, 2017 at 10:54:17PM -, smfrench(a)gmail.com wrote: > > > > It is sufficient in install sssd-libwbclient and make sure it is used > > instead of Samba's libwbclient, use the alternatives command to check >

[SSSD-users] Re: uid -> sid mapping in Samba with sssd

> On Wed, Jan 25, 2017 at 10:54:17PM -, smfrench(a)gmail.com wrote: > > It is sufficient in install sssd-libwbclient and make sure it is used > instead of Samba's libwbclient, use the alternatives command to check > this. > I applied this hint on Arch Linux running smbd version 4.5.2 and

[SSSD-users] Re: SSSD - user id mapping

Hi Justin, Thanks for answering. Here is an instance where it has a mark_offline event (and everything that happens before it with the same time stamp. (Mon Jan 23 07:35:08 2017) [sssd[be[concordia.ca]]] [sdap_async_sys_connect_timeout] (0x0100): The LDAP connection timed out (Mon Jan 23