[Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable

Markus Roth markusroth1983 at gmx.net
Mon Aug 25 14:32:42 MDT 2014 

Hi Steve, hi Rowland,

i don't know if i stored the shadow passwd in ad :-\ i think in on of our last mails i sould set this in the nsswitch.conf?

@Rowland
i changed ldap_id_mapping on true but with no result

@Steve
for the commands i get the following:

[root at server1 run]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 server1$@WINNET.LOCAL
   1 server1$@WINNET.LOCAL
   1 server1$@WINNET.LOCAL
   1 server1$@WINNET.LOCAL
   1 server1$@WINNET.LOCAL
[root at server1 run]# sssd -i -d3
(Mon Aug 25 22:15:04:201426 2014) [sssd] [server_setup] (0x0010): Error creating pidfile: /var/run/sssd! (17 [File exists])
[root at server1 run]# rm -dfr sssd.pid 
[root at server1 run]# sssd -i -d3
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0080): No SUDO module provided for [winnet.local] !!
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0080): No autofs module provided for [winnet.local] !!
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0020): No selinux module provided for [winnet.local] !!
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [be_process_init] (0x0020): No host info module provided for [winnet.local] !!
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [sdap_async_sys_connect_done] (0x0020): connect failed [111][Verbindungsaufbau abgelehnt].
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed.
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed.
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [ad_get_client_site_connect_done] (0x0080): Unable to connect to domain controller [server1.winnet.local:389]
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [sdap_async_sys_connect_done] (0x0020): connect failed [111][Verbindungsaufbau abgelehnt].
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed.
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed.
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Eingabe-/Ausgabefehler])
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
(Mon Aug 25 22:15:21 2014) [sssd[be[winnet.local]]] [ad_subdomains_get_conn_done] (0x0080): No AD server is available, cannot get the subdomain list while offline
(Mon Aug 25 22:15:21 2014) [sssd[nss]] [sss_mc_create_file] (0x0010): Failed to lock file /var/lib/sss/mc/passwd.
(Mon Aug 25 22:15:21 2014) [sssd[nss]] [sss_mc_create_file] (0x0010): Failed to lock file /var/lib/sss/mc/group.
(Mon Aug 25 22:18:40 2014) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 1, 11, Fast reply - offline
Will try to return what we have in cache
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sdap_async_sys_connect_done] (0x0020): connect failed [111][Verbindungsaufbau abgelehnt].
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed.
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed.
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [ad_get_client_site_connect_done] (0x0080): Unable to connect to domain controller [server1.winnet.local:389]
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sdap_async_sys_connect_done] (0x0020): connect failed [111][Verbindungsaufbau abgelehnt].
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed.
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed.
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC'
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sdap_async_sys_connect_done] (0x0020): connect failed [111][Verbindungsaufbau abgelehnt].
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed.
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed.
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Eingabe-/Ausgabefehler])
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request
(Mon Aug 25 22:18:40 2014) [sssd[be[winnet.local]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request
(Mon Aug 25 22:18:40 2014) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 3, 11, Internal Error (Maximale Anzahl an Versuchen für den Dienst erreicht)
Will try to return what we have in cache
(Mon Aug 25 22:18:40 2014) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 1, 11, Fast reply - offline

 

Gesendet: Montag, 25. August 2014 um 19:52 Uhr
Von: steve <steve at steve-ss.com>
An: "Markus Roth" <markusroth1983 at gmx.net>
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
On Mon, 2014-08-25 at 19:42 +0200, Markus Roth wrote:
> Hi Steve,
>
> ok so we have the problem :-) i can't see the AD-Users. I think some entries are missing in the sssd.conf? Here my configurations:
>
> sssd.conf
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = winnet.local
> [nss]
> [pam]
> [domain/winnet.local]
> id_provider = ad
> auth_provider = ad
> access_provider = ad
> ldap_id_mapping = False
> dyndns_update = True
>
> nsswitch.conf
>
> passwd: files sss
> shadow: files sss
Are you using shadow passwds in AD?

> group: files sss
>
> the links from rowlands configuration for winbind are still active.

klist -k
send the output

disable nscd

rm /var/lib/sss/db/*
sssd -i -d3
then on another terminal:
getent passwd <a-domain-user>
send the output from the first terminal



>
>
>
> Gesendet: Montag, 25. August 2014 um 18:17 Uhr
> Von: steve <steve at steve-ss.com>
> An: "Markus Roth" <markusroth1983 at gmx.net>
> Cc: samba at lists.samba.org
> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
> On Mon, 2014-08-25 at 17:53 +0200, Markus Roth wrote:
> > Hi Steve,
> >
> > yes i would take the script from Rowland with the winbind implementation. But for interest i would also learn the sssd implementation. Is this correct that i also should see the AD-Users with getent passwd like the winbind implementation?
> >
> Yes. You should see the domain users with getent passwd too.
>
> > Oh sorry in my sssd.conf the dns updates are still disabled for the last tests with rowlands script :-)
> That's OK then.
>

 

More information about the samba mailing list