Hi again, Okay so i look at my sssd_MYDOMAIN log i get:
(Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_srv_done] (0x0400): Got answer. Processing... (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_srv_done] (0x0400): Got 5 servers (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [ad_get_dc_servers_done] (0x0400): Found 5 domain controllers in domain MYDOMAIN.ca (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [ad_srv_plugin_dcs_done] (0x0400): About to locate suitable site (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_send] (0x0400): Resolving host dc.MYDOMAIN.ca (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dc.MYDOMAIN.ca' in files (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dc.MYDOMAIN.ca' in files (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Tue Jun 25 16:17:17 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dc.MYDOMAIN.ca' in DNS (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://dc.MYDOMAIN.ca:389 (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_connect_host_done] (0x0400): Successful connection to ldap://dc.MYDOMAIN.ca:389 (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=MYDOMAIN.ca)(NtVer=\14\00\00\00))][]. (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [ad_get_client_site_done] (0x0400): Found site: Default-First-Site-Name (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [ad_srv_plugin_site_done] (0x0400): About to discover primary and backup servers (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [fo_discover_servers_send] (0x0400): Looking up primary servers (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'Default-First-Site-Name._sites.MYDOMAIN.ca' (Tue Jun 25 16:17:19 2019) [sssd[be[MYDOMAIN.ca]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.Default-First-Site-Name._sites.MYDOMAIN.ca' (Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached (Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [request_watch_destructor] (0x0400): Deleting request watch (Tue Jun 25 16:17:21 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error] Thanks! Thomas ________________________________________ From: Jakub Hrozek <[email protected]> Sent: Tuesday, June 25, 2019 3:56 PM To: [email protected] Subject: [SSSD-users] Re: id / getent not finding AD users On Tue, Jun 25, 2019 at 07:25:45PM +0000, Thomas Beaudry wrote: > Hi Jakub, > > Thanks for the link so i followed the troubleshooting and I notice i can't > reach the data provider mentioned in step 4 ("If the command is reaching the > NSS responder, does it get forwarded to the Data Provider?") > > > If i look at my sssd_nss log i get with a timestamp that matches my id > <username> command: > > (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): > name 'root' matched without domain, user is root > (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding > [NCE/USER/MYDOMAIN.ca/root] to negative cache permanently > (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): > name 'root' matched without domain, user is root > (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding > [NCE/GROUP/MYDOMAIN.ca/root] to negative cache permanently > (Tue Jun 25 15:14:16 2019) [sssd[nss]] [sss_dp_req_destructor] (0x0400): > Deleting request: [0x41eb90:[email protected]] > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [accept_fd_handler] (0x0400): Client > connected! > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Received client version [1]. > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Offered version [1]. > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running > command [17][SSS_NSS_GETPWNAM] with input [admin]. > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): > name 'admin' matched without domain, user is admin > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getbynam] (0x0100): > Requesting info for [admin] from [<ALL>] > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): > Requesting info for [[email protected]] > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a > LOCAL view, continuing with provided values. > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_issue_request] (0x0400): > Issuing request for [0x41d420:1:[email protected]] > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): > Creating request for [MYDOMAIN.ca][0x1001][FAST BE_REQ_USER][1][name=admin] The request gets forwarded to the data provider here.. > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): > Entering request [0x41d420:1:[email protected]] > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): > Unable to get information from Data Provider > Error: 1, 11, Fast reply - offline ..but the data provider replies immediately because it had switched to the offline mode. For one reason or another, sssd_be couldn't reach any of the configured or auto-discovered servers. > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [sss_dp_req_destructor] (0x0400): > Deleting request: [0x41d420:1:[email protected]] > (Tue Jun 25 15:14:41 2019) [sssd[nss]] [client_recv] (0x0200): Client > disconnected! > > > What would be the next step? I would suggest looking at the sssd_MYDOMAIN.log files and look for messages that contain strings like "marking server XYZ as NOT_WORKING" or "Going offline". Then look for the request a little earlier, that's what causes sssd to go offline. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
