On Fri, Oct 20, 2017 at 04:39:54PM +0200, Jeremy Monnet wrote:
> Hi,
>
> I have that error message that I do not understand, because I have 2 ubuntu
> servers setup the same way (but 1 ubuntu 14.04 and 1 ubuntu 16.04). Ubuntu
> 14 is working fine, I can authenticate and sudo just fine, Ubuntu 16 can
> list users and groups but I cannot authenticate nor sudo. And I see in the
> sssd_domain.log :
>
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [fo_resolve_service_send]
> (0x0100): Trying to resolve service 'AD'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_server_status] (0x1000):
> Status of server '<servername>' is 'name resolved'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_port_status] (0x1000):
> Port status of port 389 for server '<servername>' is 'not working'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_server_status] (0x1000):
> Status of server '<servername2>' is 'name resolved'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [get_port_status] (0x1000):
> Port status of port 389 for server '<servername2>' is 'not working'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [fo_resolve_service_send]
> (0x0020): No available servers for service 'AD'
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [be_resolve_server_done]
> (0x1000): Server resolution failed: 5
> (Fri Oct 20 16:27:29 2017) [sssd[be[domain]]] [sdap_id_op_connect_done]
> (0x0020): Failed to connect, going offline (5 [Input/output error])
>
>
> Of course, port 389 is indeed reachable, and I have joined and re-joined
> the domain several times, deleted the object computer in AD, checked
> several times that the keytab was created, and that I could kinit with it...
>
> One thing is that I join a child AD domain and tries to login with an
> account from the main domain, that is probably an issue, but as that work
> on the other Ubuntu with the same setup, I am stuck...

Can you show the whole log or the first time the not working message
appeared since sssd restart?