[Samba] sssd problems after dc1 is no longer online
steve
steve at steve-ss.com
Fri Jul 25 03:49:34 MDT 2014
On Fri, 2014-07-25 at 11:27 +0200, mourik jan heupink - merit wrote:
> Hi Rowland,
>
> >
> > I have removed a few lines for clarity, but it would seem that sssd
> > cannot bind to x.y.143.15 and it cannot find x.y.143.16.
> >
> > If you go further down in the log it shows that both servers are
> > offline, so I think before you go any further that these problems need
> > to be fixed.
> Yep, I saw those lines, but the servers are NOT offline: I can connect
> to both them. However: the x.y.143.16 is a kvm virtual machine running
> on the same host, so perhaps there are routing issues there, but the .15
> can be reached for sure from that machine.
>
> And generally: I have posted a mail on 9:59 today on this list that when
> using kinit and klist, things seem to work ok.
>
>
> > What is in /etc/krb5.conf and /etc/resolv.conf on the client ?
>
> root at epo:~# cat /etc/resolv.conf
> nameserver x.y.143.15
> nameserver x.y.143.16
> root at epo:~# cat /etc/krb5.conf
> [libdefaults]
> default_realm = SAMBA.COMPANY.COM
> dns_lookup_realm = true
> dns_lookup_kdc = true
> root at epo:~#
>
> I'm also in discussion with Stefan from sernet support, as it seems that
> some dns entries for dc3 (x.y.143.16) are missing. Perhaps that explains
> these issues as well. I guess that should be sorted first.
>
> However, given the fact that kinit/klist both work from this server, I'm
> surprised that sssd doesn't work. Also the rest of our AD seems to work
> perfectly, so there are no major issues.
>
> MJ
>
> >
> > Rowland
> >
Hi
>From the log snippets that Rowland posted, we know that sssd can't get
at the .16 server at least:
[sdap_async_sys_connect_done] (0x0020): connect failed [113][No route
to
host].
HTH,
Steve
More information about the samba
mailing list