If you suspect adcli you can try git: https://cgit.freedesktop.org/realmd/adcli/log/ It was over a year since 0.9.0 was released.
On Fri, 2020-11-20 at 10:03 -0600, Spike White wrote: All, This is just an annoyance that occurs periodically and we can't figure out why. We know how to remediate once seen. Every now and then, on a new build the sssd join/configure will fail. For example, a server provisioner today built 10 boxes and 2 failed. Upon closer inspection, we see that AD domain has machine accounts with funky names. For example, these three VMs were built. ausflinfsfdcap01 - 03. 01 and 02 built fine, sssd installed, adcli join succeeded, life was good. We find the usual machine accounts in the usual OU. CN=ausflinfsfdcap01, CN=ausflinfsfdcap02 On 03, the adcli join failed. In AD, we find the following funky machine accounts (in the usual OU): CN=AUSFLINFSFDCAP0\0ACNF:5020ab3d-243a-4ef1-827b-d421c0dcf3d0 CN=AUSFLINFSFDCAP0 This first machine account name is fairly typical when this failure occurs. This second I've never seen this particular type of funky name server. I.e., a truncated hostname. When I try adcli join again right now, it will fail (because of these funky named machine accounts). I delete these funky machine accounts via ldapdelete. Example: ldapdelete -H ldap://ausdcamer.example.com<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fausdcamer.example.com%2F&data=04%7C01%7Cjoakim.tjernlund%40infinera.com%7Cc1459add16c34f34cd7e08d88d6de3fb%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C1%7C637414850404407583%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=1qotocgtjFKwJb6hdUA8oTIFPNfPAwCEjDXXAjHPwqA%3D&reserved=0> 'CN=AUSFLINFSFDCAP0\0ACNF:5020ab3d-243a-4ef1-827b-d421c0dcf3d0,OU=Servers,OU=UNIX,DC=example,DC=com' then I delete /etc/krb5.keytab file (if it exists) and re-run the adcli join -- which then succeeds. So like I say -- we know how to work around this failure mode. It's just a nuisance at this point. Usually occurs << 10% of builds. But does anyone know why these funky-named machine accounts arise? And how to avoid this? Spike _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=04%7C01%7Cjoakim.tjernlund%40infinera.com%7Cc1459add16c34f34cd7e08d88d6de3fb%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C1%7C637414850404437441%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=C3AIYDKIIyQ6GAWvn6VsU1De9cB7gTNKP%2Bz5UUSpBWQ%3D&reserved=0 List Guidelines: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=04%7C01%7Cjoakim.tjernlund%40infinera.com%7Cc1459add16c34f34cd7e08d88d6de3fb%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C1%7C637414850404437441%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OPXgQnYNDvfpqRhz1fpvZGzq0IGpcZFR6VV7FjGVTCY%3D&reserved=0 List Archives: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=04%7C01%7Cjoakim.tjernlund%40infinera.com%7Cc1459add16c34f34cd7e08d88d6de3fb%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C1%7C637414850404437441%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=xC6SRSAXeiwM93PEkLaa5E8EoZ5xpW5CFyJ5xnRHz3M%3D&reserved=0
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
