Hi all,
I just used sssd in F19 and it does not seem to work with AD. The same config works fine with Centos 6 (sssd 1.9.2). Here is the log: [be_get_account_info] (0x0100): Got request for [4097][1][name=ovalousek] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-xxxxxxxxxxxxxxxxxxxxxxxxx]: [10] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-xxxxxxxxxxxxxxxxxxxxxxxxx] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC' (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,11,Internal Error (Have exhausted maximum number of retries for service)
What is wrong? Thanks,
Ondrej
Looks like this only happens if I specify the ad_server manually. If I let sssd do the DNS SRV discovery, it works OK. I still think it should work OK if I specify the AD sever to connect to...
Ondrej
________________________________ From: sssd-users-bounces@lists.fedorahosted.org [sssd-users-bounces@lists.fedorahosted.org] on behalf of Ondrej Valousek Sent: Wednesday, October 09, 2013 1:25 AM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] sssd 1.11 (F19) & AD not working
Hi all,
I just used sssd in F19 and it does not seem to work with AD. The same config works fine with Centos 6 (sssd 1.9.2). Here is the log: [be_get_account_info] (0x0100): Got request for [4097][1][name=ovalousek] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-xxxxxxxxxxxxxxxxxxxxxxxxx]: [10] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-xxxxxxxxxxxxxxxxxxxxxxxxx] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC' (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,11,Internal Error (Have exhausted maximum number of retries for service)
What is wrong? Thanks,
Ondrej
On Tue, Oct 08, 2013 at 11:33:45PM +0000, Ondrej Valousek wrote:
Looks like this only happens if I specify the ad_server manually. If I let sssd do the DNS SRV discovery, it works OK. I still think it should work OK if I specify the AD sever to connect to...
This is a know issue, if you set ad_server manually the Global Catalog is not initialized correctly. Updated packages (sssd-1.11.1-3) are already available for F20 and rawhide, I guess F19 updates will be coming soon.
bye, Sumit
Ondrej
From: sssd-users-bounces@lists.fedorahosted.org [sssd-users-bounces@lists.fedorahosted.org] on behalf of Ondrej Valousek Sent: Wednesday, October 09, 2013 1:25 AM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] sssd 1.11 (F19) & AD not working
Hi all,
I just used sssd in F19 and it does not seem to work with AD. The same config works fine with Centos 6 (sssd 1.9.2). Here is the log: [be_get_account_info] (0x0100): Got request for [4097][1][name=ovalousek] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-xxxxxxxxxxxxxxxxxxxxxxxxx]: [10] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-xxxxxxxxxxxxxxxxxxxxxxxxx] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC' (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD_GC' (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Tue Oct 8 19:17:18 2013) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,11,Internal Error (Have exhausted maximum number of retries for service)
What is wrong? Thanks,
Ondrej
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, Oct 09, 2013 at 09:08:05AM +0200, Sumit Bose wrote:
On Tue, Oct 08, 2013 at 11:33:45PM +0000, Ondrej Valousek wrote:
Looks like this only happens if I specify the ad_server manually. If I let sssd do the DNS SRV discovery, it works OK. I still think it should work OK if I specify the AD sever to connect to...
This is a know issue, if you set ad_server manually the Global Catalog is not initialized correctly. Updated packages (sssd-1.11.1-3) are already available for F20 and rawhide, I guess F19 updates will be coming soon.
bye, Sumit
I also submitted a F-19 update to updates-testing.
sssd-users@lists.fedorahosted.org