On Fri, Mar 29, 2013 at 02:46:41PM +0000, Rowland Penny wrote:
On 29/03/13 12:51, Jakub Hrozek wrote:
>^^ Which fails after the service resolution via DNS failed.
>
>Does authentication work if you set krb5_server to adserver.domain.lan ?
No, but the line in /var/log/auth.log has changed to:
Mar 29 13:46:57 mint-VirtualBox mdm[1065]: pam_sss(mdm:auth):
Request to sssd failed. Broken pipe
Hmm, Broken Pipe usually means the process on the other hand was
terminated unexpectedly which usually translates to "crashed". Can you
check syslog if any of the sss processes (the PAM responder probably)
crashed during processing the request.
Or is it possible to get the debug logs to see what's wrong?
DNS appears to be working:
adserver.domain.lan with ipaddress 192.168.0.10 is the samba4 AD
server running Bind 9.9.1
The client mint-VirtualBox gets its DNS info via DHCP from the samba4 server
/etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.0.10
search domain.lan
hostname
mint-VirtualBox
hostname -f
mint-VirtualBox.domain.lan
host -t SRV _ldap._tcp.domain.lan.
_ldap._tcp.domain.lan has SRV record 0 100 389 adserver.domain.lan.
I see, can you also check if the Kerberos service records are correctly
resolvable? (They shouldn't be needed in case you set krb5_server
manually):
host -t SRV _kerberos._udp.domain.lan
host -t A adserver.domain.lan.
adserver.domain.lan has address 192.168.0.10
host -t A mint-VirtualBox.domain.lan.
mint-VirtualBox.domain.lan has address 192.168.0.183
Thanks for your help so far and if you have any other thoughts how I
can get it to work, they would be very much appreciated.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users