On Thu, Nov 08, 2012 at 03:38:47PM +0000, Longina Przybyszewska wrote: > In /etc/sssd/sssd.conf > > ...... > Ad_hostname = [email protected] > ......
It should be "ad_hostname" (note the capital A) and it's only useful for specifying the machine hostname in case the output of hostname command wouldn't reflect the real host name.. Does it work if you set: ad_hostname = VICTORIA$ krb5_realm = NAT.C.SDU.DK ([email protected] was the one that worked for you, right?) If it doesn't, can you raise debugging in the domain section, restart the sssd, try again and look for lines that mention "ldap_child" ? You would see the principal used there. > IT is obviously confusing about principal names... > > Longina > > > > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jakub Hrozek > Sent: 8. november 2012 10:54 > To: [email protected] > Subject: Re: [SSSD-users] startup problem/port status 0 > > On Tue, Nov 06, 2012 at 02:16:26PM +0000, Longina Przybyszewska wrote: > > Hi again, > > Thanks a lot for guiding me so far :) > > > > I have got sssd-1.9.2 package from Timo, Ubuntu sssd package maintainer for > > Ubuntu Quantal. > > > > SSSD is configured against AD as auth/id - provider > > > > sssd.conf > > > > [sssd] > > debug_level = 0x1310 > > config_file_version = 2 > > services = nss, pam > > domains = nat.c.sdu.dk > > > > [nss] > > filter_groups = root > > filter_users = root > > > > [pam] > > > > [domain/nat.c.sdu.dk] > > > > debug_level = 0x1310 > > > > enumerate = False > > min_id = 1000 > > max_id = 20000 > > > > auth_provider = ad > > id_provider = ad > > access_provider = ad > > chpass_provider = ad > > > > ad_server = nat.c.sdu.dk > > ad_hostname = testina4$.nat.c.sdu.dk > > ad_domain = nat.c.sdu.dk > > > > > > From log: > > (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] > > [be_resolve_server_process] (0x1000): Saving the first resolved server > > (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] > > [be_resolve_server_process] (0x0200): Found address for server > > nat.c.sdu.dk: [10.144.5.18] TTL 455 (Tue Nov 6 13:42:35 2012) > > [sssd[be[nat.c.sdu.dk]]] [sasl_bind_send] (0x0100): Executing sasl bind > > mech: gssapi, user: testina4$ (Tue Nov 6 13:42:35 2012) > > [sssd[be[nat.c.sdu.dk]]] [fo_set_port_status] (0x0100): Marking port 0 of > > server 'nat.c.sdu.dk' as 'not working (Tue Nov 6 13:42:35 2012) > > [sssd[be[nat.c.sdu.dk]]] [fo_resolve_service_send] (0x0100): Trying to > > resolve service 'AD' > > (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [get_server_status] > > (0x1000): Status of server 'nat.c.sdu.dk' is 'name resolved' > > (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [get_port_status] > > (0x1000): Port status of port 0 for server 'nat.c.sdu.dk' is 'not working' > > (Tue Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] > > [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Tue > > Nov 6 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [acctinfo_callback] > > (0x0100): Request processed. Returned 1,11,Offline (Tue Nov 6 > > 13:42:35 2012) [sssd[be[nat.c.sdu.dk]]] [remove_krb5_info_files] > > (0x0200): Could not remove > > [/var/lib/sss/pubconf/kpasswdinfo.NAT.C.SDU.DK], [2][No such file or > > directory > > > > There is not all the information in the log, raising the debug_level might > provide more info, but I think the problem is in the kinit. > > Can you kinit as the principal specified in the ad_hostname and then > ldapsearch the directory? > > Are you sure about the principal in ad_hostname? I think it is typically > HOST$@DOMAIN, your principal doesn't contain the at-sign. > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
