[Samba] sssd with ad backend and "ldap_id_mapping = false" refuse to start

Stefan Schäfer ml at fsproductions.de
Thu Aug 28 01:35:31 MDT 2014 

Nobody an idea?

Stefan

Am 27.08.2014 10:34, schrieb Stefan Schäfer:
> Hello,
>
> we are using sssd version 1.12 on openSUSE 13.1 with Sernet-Samba 
> Packages 4.1.11. Samba runs as a single AD DC
>
> We have removed the complete openSUSE samba stuff before testing. sssd 
> runs on the same machine as samba.
>
> Our sssd config:
>
> -------------------------------------------------------------------------------- 
>
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = invis-ad.loc
> debug_level = 0x0370
>
> # globale Cache Steuerung
> # alle Angaben in Sekunden
> # default = 120
> enum_cache_timeout = 10
>
> # default = 15
> entry_negative_timeout = 5
>
> [nss]
>
> [pam]
>
> [domain/invis-ad.loc]
> # Domain bezogene Cache Steuerung
> # Alle Angaben in Sekunden
> # Default = entry_cache_timeout = 5400
> entry_cache_user_timeout = 10
> entry_cache_group_timeout = 10
>
> # Using id_provider=ad sets the best defaults on its own
> id_provider = ad
> # In sssd, the default access provider is always 'permit'. The AD access
> # provider by default checks for account expiration
> access_provider = ad
>
> # Uncomment to use POSIX attributes on the server
> ldap_id_mapping = true
>
> # Uncomment if the client machine hostname doesn't match the computer 
> object on the DC.
> #ad_hostname = invisad.invis-ad.loc
>
> # Uncomment if DNS SRV resolution is not working
> #ad_server = invisad.invis-ad.loc
>
> # Uncomment if the domain section is named differently than your Samba 
> domain
> #ad_domain = invis-ad.loc
>
> # Enumeration is discouraged for performance reasons.
> enumerate = true
>
> -----------------------------------------------------
>
> With "ldap_id_mapping = true" everything works, getent passwd / group 
> gets the user and group entries from our AD.
>
> But we want to use the sfu attributes from the AD, therefore I tried  
> to switch to "ldap_id_mapping = true". After this sssd refuses to 
> start. The logfile says:
>
> (Wed Aug 27 10:18:11 2014) [sssd[be[invis-ad.loc]]] 
> [load_backend_module] (0x0010): Error (5) in module (ad) 
> initialization (sssm_ad_id_init)!
> (Wed Aug 27 10:18:11 2014) [sssd[be[invis-ad.loc]]] [be_process_init] 
> (0x0010): fatal error initializing data providers
> (Wed Aug 27 10:18:11 2014) [sssd[be[invis-ad.loc]]] [main] (0x0010): 
> Could not initialize backend [5]
>
> Our smb.conf:
>
> --------------------------------------------------------
>
> [global]
>         workgroup = INVIS-AD
>         realm = invis-ad.loc
>         netbios name = INVISAD
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbind, ntp_signd, kcc, dnsupdate
>         idmap_ldb:use rfc2307 = yes
>
>         .....
>
> ------------------------------------------------------------
>
> Any Ideas why sssd crashes?
>
>
> Stefan
>
>


-- 
www.invis-server.org

Stefan Schäfer
Ludwigstr. 1-3
63679 Schotten

More information about the samba mailing list