Hi community!
I integrate sssd with Windows Active Directoy using ldaps and certificates without entering the linux servers into domain... and I can login sucessully on my linux servers
using correct groups and everythings going well.... but in the logs i'm still watching this kind of issues... what could be ?
[simple_check_get_groups_primary] (0x0040): Could not look up primary group [948600513]: [2][No such file or directory] uid=948609251(emper0r) gid=948600513 groups=948600513,948602187(vcenterfulladmin),948610184(linuxadmin)
this group numbers are from active directory...
the other thing is .. in that linux we have on /etc/resolv.conf the ip address of DNS where all records point ok but we receive this errors too.
(2021-03-12 14:13:10): [be[mydomain.local]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error
(2021-03-12 14:13:10): [be[mydomain.local]] [sdap_sudo_get_hostnames_done] (0x0040): Could not resolve fqdn for this machine, error [5]: Input/output error, resolver returned: [11]: Could not contact DNS servers
(2021-03-12 14:13:10): [be[mydomain.local]] [sdap_sudo_get_hostinfo_done] (0x0020): Unable to retrieve hostnames [5]: Input/output error
(2021-03-12 14:13:10): [be[mydomain.local]] [sdap_sudo_refresh_hostinfo_done] (0x0040): Unable to retrieve host information, host filter will be disabled [5]: Input/output error
Apart of this I can login into linux server with my user from AD specified on linuxadmin group, so works good!
OS: CentOS 8
Sssd versions
sssd-dbus-2.3.0-9.el8.x86_64
sssd-krb5-common-2.3.0-9.el8.x86_64
sssd-ldap-2.3.0-9.el8.x86_64
sssd-client-2.3.0-9.el8.x86_64
sssd-nfs-idmap-2.3.0-9.el8.x86_64
sssd-krb5-2.3.0-9.el8.x86_64
sssd-proxy-2.3.0-9.el8.x86_64
sssd-ipa-2.3.0-9.el8.x86_64
sssd-ad-2.3.0-9.el8.x86_64
sssd-tools-2.3.0-9.el8.x86_64
sssd-common-2.3.0-9.el8.x86_64
python3-sssdconfig-2.3.0-9.el8.noarch
sssd-kcm-2.3.0-9.el8.x86_64
sssd-common-pac-2.3.0-9.el8.x86_64
sssd-2.3.0-9.el8.x86_64
kernel: 4.18.0-240.1.1.el8_3.x86_64
Questo messaggio elettronico ed i suoi allegati sono riservati e tutelati dal segreto professionale. Sono rivolti esclusivamente al/ai destinatario/i identificato/i. Pertanto
ne è proibita la lettura, copiatura, divulgazione e utilizzazione da parte di chiunque altro non sia autorizzato. Se non siete il destinatario o avete ricevuto questo messaggio per errore, vi invitiamo a cancellare il messaggio ed eventuali allegati dandone
immediatamente comunicazione scritta a mezzo posta elettronica al mittente. I dati dell’interessato sono trattati da APKAPPA S.r.l. nel pieno rispetto del Regolamento (UE) 679/2016 e del D.Lgs. 196/2003 s.m.i. Informazioni dettagliate, anche in ordine al diritto
di accesso e agli altri diritti, sono disponibili sul sito www.apkappa.it nella sezione PRIVACY.
This message and its attachments are confidential and protected by professional secrecy. They are addressed exclusively to the identified recipient (s). Therefore reading,
copying, disclosure and use by anyone else who is not authorized is prohibited. If you are not the recipient or have received this message by mistake, we invite you to delete the message and any attachments by immediately sending written notice to the sender
by e-mail. The data of the interested party are processed by APKAPPA Srl in full compliance with the Regulation (EU) 679/2016 and the Legislative Decree 196/2003 s.m.i. Detailed information, including on the right of access and other rights, is available on
the website www.apkappa.it in the PRIVACY section