On Wed, Oct 10, 2012 at 11:37 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Wed, Oct 10, 2012 at 10:34:46AM +0300, Aziz Sasmaz wrote: > > Hi, > > > > I use sssd on all servers in our infrastruceture. Most of them Redhat, > > Centos and debian. It works very well with these OSes. > > And we have some gentoo linux machines. I had some difficulties > > configuring sssd when I want to use ldaps > > > > [domain/LDAP] > > id_provider = ldap > > auth_provider = ldap > > chpass_provider = ldap > > ldap_schema = rfc2307 > > ldap_uri = ldaps://ldap.xxx.com > > ldap_chpass_uri = ldaps://ldap-provider.xxx.com > > ldap_search_base = dc=xxx,dc=com > > ldap_tls_reqcert = allow > > cache_credentials = true > > enumerate = true > > entry_cache_timeout = 5400 > > ldap_user_gecos = uid > > > > When I use ldap_uri = ldap or ldap_uri = ldaps getent works, but > logins > > are not working. There are interesting entries in log files; > > > > sssd_LDAP > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_new_service] (0x0080): > > Creating new service 'LDAP' > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_add_server] (0x0080): > > Adding new server 'ldap.xxx.com', to service 'LDAP' > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_new_service] (0x0080): > > Creating new service 'LDAP_CHPASS' > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [fo_add_server] (0x0080): > > Adding new server 'ldap-provider.xxx.com', to service 'LDAP_CHPASS' > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [sssm_ldap_sudo_init] > (0x0080): > > Sudo init handler called but SSSD is built without sudo support, ignoring > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [sssm_ldap_autofs_init] > > (0x0080): Autofs init handler called but SSSD is built without autofs > > support, ignoring > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [be_process_init] (0x0020): > No > > Session module provided for [LDAP] !! > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [be_process_init] (0x0020): > No > > host info module provided for [LDAP] !! > > (Wed Oct 10 10:19:33 2012) [sssd[be[LDAP]]] [main] (0x0020): Backend > > provider (LDAP) started! > > (Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [sdap_sys_connect_done] > > (0x0080): Failed to set LDAP SASL nocanon option to true. If your system > is > > configured to use SASL, LDAP operations might fail. > > (Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x0080): > > Bind result: Success(0), no errmsg set > > (Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [sdap_process_group_send] > > (0x0040): No Members. Done! > > (Wed Oct 10 10:19:43 2012) [sssd[be[LDAP]]] [sdap_process_group_send] > > (0x0040): No Members. Done! > > > > sssd_nss > > (Wed Oct 10 09:58:24 2012) [sssd[nss]] [nss_dp_reconnect_init] (0x0010): > > Could not reconnect to LDAP provider. > > (Wed Oct 10 09:58:54 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making > > reconnection attempt 8 to > > [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] > > (Wed Oct 10 09:58:54 2012) [sssd[nss]] [sbus_reconnect] (0x0020): Failed > to > > open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed > > to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection > > refused > > > > sssd_pam > > (Wed Oct 10 09:59:24 2012) [sssd[pam]] [pam_dp_reconnect_init] (0x0010): > > Could not reconnect to LDAP provider. > > (Wed Oct 10 09:59:54 2012) [sssd[pam]] [sbus_reconnect] (0x0080): Making > > reconnection attempt 10 to > > [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] > > (Wed Oct 10 09:59:54 2012) [sssd[pam]] [sbus_reconnect] (0x0020): Failed > to > > open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed > > to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection > > refused > > > > It says connection refused but there is no network issue with ldap > > servers, all ports opened. Could you pleasegive me advice resolving this > > issue? > > > > Thanks, > > > > AS > > Hi, > > the Connection Refused message does not describe a connection to the > server but rather connection via unix sockets between different parts of > the SSSD. Can you check the following for me? > > 1) ls -l /var/lib/sss/pipes/private/sbus-dp_LDAP > It should be a symlink pointing to > /var/lib/sss/pipes/private/sbus-dp_LDAP.$PID where $PID should > correspond to the PID number of the sssd_be process. > > 2) Does restart of the SSSD clear things up? > > 3) If not, can you paste or attache the DEBUG messages that the SSSD > prints after startup? > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > Yes there is symbolic link for that. root@admin01 ~# ls -l /var/lib/sss/pipes/private/sbus-dp_LDAP lrwxrwxrwx 1 root root 45 2012-10-10 10:29 /var/lib/sss/pipes/private/sbus-dp_LDAP -> /var/lib/sss/pipes/private/sbus-dp_LDAP.31432 sssd.log (Wed Oct 10 14:36:20 2012) [sssd] [monitor_quit] (0x0010): Monitor received Terminated: terminating children (Wed Oct 10 14:36:20 2012) [sssd] [monitor_quit] (0x0020): Terminating [LDAP][31432] (Wed Oct 10 14:36:20 2012) [sssd] [monitor_quit] (0x0020): Child [LDAP] exited gracefully (Wed Oct 10 14:36:20 2012) [sssd] [monitor_quit] (0x0020): Terminating [pam][31427] (Wed Oct 10 14:36:20 2012) [sssd] [monitor_quit] (0x0020): Child [pam] exited gracefully (Wed Oct 10 14:36:20 2012) [sssd] [monitor_quit] (0x0020): Terminating [nss][31426] (Wed Oct 10 14:36:20 2012) [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully (Wed Oct 10 14:36:20:589089 2012) [sssd] [check_file] (0x0020): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory]. (Wed Oct 10 14:36:20:633661 2012) [sssd] [server_setup] (0x0080): Becoming a daemon. (Wed Oct 10 14:36:20 2012) [sssd] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb (Wed Oct 10 14:36:20 2012) [sssd] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-monitor,guid=d3ba0ac37f6674615dd1026b50755db4 (Wed Oct 10 14:36:20 2012) [sssd] [monitor_service_init] (0x0080): Initializing D-BUS Service (Wed Oct 10 14:36:20 2012) [sssd] [monitor_service_init] (0x0080): Initializing D-BUS Service (Wed Oct 10 14:36:20 2012) [sssd] [monitor_service_init] (0x0080): Initializing D-BUS Service sssd_nss.log (Wed Oct 10 14:36:20 2012) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Wed Oct 10 14:36:20 2012) [sssd[nss]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb (Wed Oct 10 14:36:20 2012) [sssd[nss]] [sss_process_init] (0x0020): Responder Initialization complete (Wed Oct 10 14:36:20 2012) [sssd[nss]] [nss_process_init] (0x0020): NSS Initialization complete (Wed Oct 10 14:36:30 2012) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Wed Oct 10 14:36:31 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:36:31 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:36:31 2012) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Wed Oct 10 14:36:40 2012) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Wed Oct 10 14:36:41 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:36:41 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:36:41 2012) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Wed Oct 10 14:36:50 2012) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Wed Oct 10 14:36:51 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:36:51 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:36:51 2012) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Wed Oct 10 14:37:00 2012) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Wed Oct 10 14:37:01 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:37:01 2012) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:37:04 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:37:04 2012) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:37:14 2012) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 3 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:37:14 2012) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:37:14 2012) [sssd[nss]] [nss_dp_reconnect_init] (0x0010): Could not reconnect to LDAP provider. (Wed Oct 10 14:37:15 2012) [sssd[nss]] [sbus_conn_send] (0x0020): D-BUS not connected (Wed Oct 10 14:37:15 2012) [sssd[nss]] [sss_dp_internal_get_send] (0x0020): D-BUS send failed. (Wed Oct 10 14:37:15 2012) [sssd[nss]] [sss_dp_issue_request] (0x0020): The request has disappeared? (Wed Oct 10 14:37:15 2012) [sssd[nss]] [sss_dp_get_account_send] (0x0040): Could not issue DP request [5]: Input/output error (Wed Oct 10 14:37:15 2012) [sssd[nss]] [nss_cmd_initgroups_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 5, (null) Will try to return what we have in cache sssd_pam.log (Wed Oct 10 14:36:51 2012) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Wed Oct 10 14:37:00 2012) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Wed Oct 10 14:37:01 2012) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:37:01 2012) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:37:04 2012) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:37:04 2012) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:37:14 2012) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 3 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:37:14 2012) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:37:14 2012) [sssd[pam]] [pam_dp_reconnect_init] (0x0010): Could not reconnect to LDAP provider. (Wed Oct 10 14:37:17 2012) [sssd[pam]] [sbus_conn_send] (0x0020): D-BUS not connected (Wed Oct 10 14:37:17 2012) [sssd[pam]] [sss_dp_internal_get_send] (0x0020): D-BUS send failed. (Wed Oct 10 14:37:17 2012) [sssd[pam]] [sss_dp_issue_request] (0x0020): The request has disappeared? (Wed Oct 10 14:37:17 2012) [sssd[pam]] [sss_dp_get_account_send] (0x0040): Could not issue DP request [5]: Input/output error (Wed Oct 10 14:37:17 2012) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 5, (null) (Wed Oct 10 14:37:17 2012) [sssd[pam]] [sbus_conn_send] (0x0020): D-BUS not connected (Wed Oct 10 14:37:44 2012) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 4 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:37:44 2012) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:37:44 2012) [sssd[pam]] [pam_dp_reconnect_init] (0x0010): Could not reconnect to LDAP provider. (Wed Oct 10 14:38:14 2012) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 5 to [unix:path=/var/lib/sss/pipes/private/sbus-dp_LDAP] (Wed Oct 10 14:38:14 2012) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /var/lib/sss/pipes/private/sbus-dp_LDAP: Connection refused (Wed Oct 10 14:38:14 2012) [sssd[pam]] [pam_dp_reconnect_init] (0x0010): Could not reconnect to LDAP provider. Thanks, AS
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
