Okay, Thank you for helping!
krb5_child.log
(Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530 [main] (0x0400):
krb5_child started.
(Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530 [unpack_buffer] (0x1000):
total buffer size: [225]
(Fri Jan 27 15:53:36 2017) [[sssd[krb5_child[5530
Could you provide updated sssd_ and krb5_child logs from the
reproduced login failure after making that change?
It would be great if you can remove any existing logs first.
Kind regards,
Justin Stephenson
On 01/27/2017 03:30 PM, sonia.gilb...@hawaiianair.com wrote:
Thank you Justin for
Thank you Justin for responding. I checked the krb5.conf and it was not
configured for 'dns_lookup_kdc = true'. I added it in. I restarted sssd
service but still no change. Also along the way during this troubleshooting I
have no broken the authentication to the parent domain and am now
And I did check the obvious - googling for "clustered sssd" or "sssd and ctdb"
didn't come up with much useful in the last year (mostly a few threads that are
out of date from 2 or 3 years ago).
___
sssd-users mailing list --
We were noticing some strange problems in two node clustered (ctdb/samba) sssd,
cases in which both nodes joined AD fine, but "getent passwd " worked
for only a subset of the remote AD users on one node, but worked fine on the
other.The config seemed to be identical on the two nodes -
That's fine. I can wait for the fix. Good enough for now to know that it's
innocuous in our setup.
=G=
From: Jakub Hrozek
Sent: Friday, January 27, 2017 12:01 PM
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] Re: sssd
Dear Sumit,
thank you for your quick reply and the good hints.
Access works now as expected. The reason of the failure was one wrong
libwbclient link. Admins have to really be carefully, when switching to sssd's
libwbclient.so.
In parallel, I also switched the member server to Samba's
Hi Justin,
This is what I have:
root@perf-imglab08:~# cat /etc/ldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URIldap://ldap.example.com ldap://ldap-master.example.com:666
On Fri, Jan 27, 2017 at 02:20:39PM +, Galen Johnson wrote:
> I am indeed using id_provider=ldap. Thanks for the info. Reading through
> the linked issues, there appears to be no way to "turn them off" currently.
> Is that true or will we need to wait for an update? On a busy system, this
I am indeed using id_provider=ldap. Thanks for the info. Reading through the
linked issues, there appears to be no way to "turn them off" currently. Is
that true or will we need to wait for an update? On a busy system, this pumps
up the logs quite a bit.
thanks
=G=
Hello,
The problem appears to be here:
(Mon Jan 23 07:35:08 2017) [sssd[be[concordia.ca]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: gssapi, user: PERF-IMGLAB08$
(Mon Jan 23 07:35:08 2017) [sssd[be[concordia.ca]]] [ad_sasl_log]
(0x0040): SASL: GSSAPI Error: An invalid name was
On Thu, Jan 26, 2017 at 09:12:06PM -, smfre...@gmail.com wrote:
> We do see errors in the log, although not clear yet if the large number of
> them were due to sssd service not being restarted (we fixed that and still
> saw the same two errors in the logs - just not sure if as often)
>
>
On Fri, Jan 27, 2017 at 11:15:40AM -, rdrat...@yahoo.co.uk wrote:
> > On Wed, Jan 25, 2017 at 10:54:17PM -, smfrench(a)gmail.com wrote:
> >
> > It is sufficient in install sssd-libwbclient and make sure it is used
> > instead of Samba's libwbclient, use the alternatives command to check
>
> On Wed, Jan 25, 2017 at 10:54:17PM -, smfrench(a)gmail.com wrote:
>
> It is sufficient in install sssd-libwbclient and make sure it is used
> instead of Samba's libwbclient, use the alternatives command to check
> this.
>
I applied this hint on Arch Linux running smbd version 4.5.2 and
Hi Justin,
Thanks for answering. Here is an instance where it has a mark_offline event
(and everything that happens before it with the same time stamp.
(Mon Jan 23 07:35:08 2017) [sssd[be[concordia.ca]]]
[sdap_async_sys_connect_timeout] (0x0100): The LDAP connection timed out
(Mon Jan 23
15 matches
Mail list logo