[Samba] sssd with ad backend and "ldap_id_mapping = false" refuse to start

Stefan Schäfer ml at fsproductions.de
Wed Aug 27 02:34:46 MDT 2014 

Hello,

we are using sssd version 1.12 on openSUSE 13.1 with Sernet-Samba 
Packages 4.1.11. Samba runs as a single AD DC

We have removed the complete openSUSE samba stuff before testing. sssd 
runs on the same machine as samba.

Our sssd config:

--------------------------------------------------------------------------------

[sssd]
services = nss, pam
config_file_version = 2
domains = invis-ad.loc
debug_level = 0x0370

# globale Cache Steuerung
# alle Angaben in Sekunden
# default = 120
enum_cache_timeout = 10

# default = 15
entry_negative_timeout = 5

[nss]

[pam]

[domain/invis-ad.loc]
# Domain bezogene Cache Steuerung
# Alle Angaben in Sekunden
# Default = entry_cache_timeout = 5400
entry_cache_user_timeout = 10
entry_cache_group_timeout = 10

# Using id_provider=ad sets the best defaults on its own
id_provider = ad
# In sssd, the default access provider is always 'permit'. The AD access
# provider by default checks for account expiration
access_provider = ad

# Uncomment to use POSIX attributes on the server
ldap_id_mapping = true

# Uncomment if the client machine hostname doesn't match the computer 
object on the DC.
#ad_hostname = invisad.invis-ad.loc

# Uncomment if DNS SRV resolution is not working
#ad_server = invisad.invis-ad.loc

# Uncomment if the domain section is named differently than your Samba 
domain
#ad_domain = invis-ad.loc

# Enumeration is discouraged for performance reasons.
enumerate = true

-----------------------------------------------------

With "ldap_id_mapping = true" everything works, getent passwd / group 
gets the user and group entries from our AD.

But we want to use the sfu attributes from the AD, therefore I tried  to 
switch to "ldap_id_mapping = true". After this sssd refuses to start. 
The logfile says:

(Wed Aug 27 10:18:11 2014) [sssd[be[invis-ad.loc]]] 
[load_backend_module] (0x0010): Error (5) in module (ad) initialization 
(sssm_ad_id_init)!
(Wed Aug 27 10:18:11 2014) [sssd[be[invis-ad.loc]]] [be_process_init] 
(0x0010): fatal error initializing data providers
(Wed Aug 27 10:18:11 2014) [sssd[be[invis-ad.loc]]] [main] (0x0010): 
Could not initialize backend [5]

Our smb.conf:

--------------------------------------------------------

[global]
         workgroup = INVIS-AD
         realm = invis-ad.loc
         netbios name = INVISAD
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbind, ntp_signd, kcc, dnsupdate
         idmap_ldb:use rfc2307 = yes

         .....

------------------------------------------------------------

Any Ideas why sssd crashes?


Stefan


-- 
www.invis-server.org

Stefan Schäfer
Ludwigstr. 1-3
63679 Schotten

More information about the samba mailing list