My AD-admin affirms that the problem with Linux clients is - that they recognize AD/ldap server as DNS server; they should be able to recognize automatically the right DNS servers
Stripping sssd.conf doesn't help; Client still chooses DNS another server from pool of ldap/ad servers, with the same effect: non responding server for nsupdate How can I force sssd to choose the right DNS server? There is 'dns_discovery_domain' option, but it means thet client configuration will differ per domain Our AD structure is forest with trusted subdomains, and Global Catalog. Best, Longina -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of steve Sent: 23. juni 2014 13:07 To: [email protected] Subject: Re: [SSSD-users] 1.11.5 ddns failure on Ubuntu 14.04[SOLVED] On Mon, 2014-06-23 at 09:09 +0000, Longina Przybyszewska wrote: > Ok. > 2 cases: > > 1. The first server is the server chosen automatically by service discovery > - obviously doesn't answer. Hi Narrow it down. Set the primary dns on your client to be a dns server which you know for certain is handling your ad domain. For now remove other dns entries and strip sssd of anything apart from ad. /etc/hosts 127.0.0.1 catral.hh3.site catral localhost /etc/resolv.conf search hh3.site nameserver 192.168.1.16 sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad access_provider = ad auth_provider = ad ldap_id_mapping = false e.g. here is an openSUSE client running 1.11.5 joined to the domain hh3.site. The DC at 192.168.1.16 is also running bind for this domain. A session on catral with a common error;) catral:/home/steve # nsupdate -g > update delete catral.hh3.site. in A > send tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Ticket expired. catral:/home/steve # kinit -kt /etc/krb5.keytab CATRAL$ catral:/home/steve # nsupdate -g > update delete catral.hh3.site. in A > send > update add catral.hh3.site. 3600 in A 192.168.1.25 > send > quit catral:/home/steve # nslookup catral Server: 192.168.1.16 Address: 192.168.1.16#53 Name: catral.hh3.site Address: 192.168.1.25 If you haven't got the dns exactly right, you may need some tweaks in sssd.conf to get you there: http://linuxcostablanca.blogspot.com.es/2014/05/sssd-autofs-with-ad-backend.html HTH Steve _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
