Hi all,
I'm trying to set up SSSD on a workstation with no success. Operating
system is fully patched Ubuntu 14.04.3
Version info:
$ sssd --version
1.11.5
sssd.conf:
[sssd]
debug_level = 0x4000
config_file_version = 2
services = nss,pam
domains = FOO
[nss]
debug_level = 0xFFF0
filter_users = root
filter_groups = root
[pam]
[domains/FOO]
debug_level = 0xFFF0
auth_provider = krb5
krb5_server =
kdc.redacted.com
krb5_realm = REDACTED
cache_credentials = true
access_provider = simple
chpass_provider = krb5
id_provider = ldap
ldap_uri =
ldap://ldap.redacted.com
ldap_search_base = dc=redacted,dc=com
ldap_id_use_start_tls = true
ldap_sasl_mech = GSSAPI
sudo_provider = none
sssd.conf permissions:
$ sudo ls -al /etc/sssd/sssd.conf
-rw------- 1 root root 543 Aug 9 14:30 /etc/sssd/sssd.conf
Output when run from commandline:
$ sudo /usr/sbin/sssd -i -d7
(Sun Aug 9 15:01:19:105688 2015) [sssd] [ldb] (0x0400):
server_sort:Unable to register control with rootdse!
(Sun Aug 9 15:01:19:106021 2015) [sssd] [add_implicit_services]
(0x0040): id_provider is not set for domain [FOO], trying next domain.
(Sun Aug 9 15:01:19:106120 2015) [sssd] [confdb_get_domain_internal]
(0x0010): Unknown domain [FOO]
(Sun Aug 9 15:01:19:106154 2015) [sssd] [confdb_get_domains] (0x0010):
Error (2 [No such file or directory]) retrieving domain [FOO], skipping!
(Sun Aug 9 15:01:19:106186 2015) [sssd] [confdb_get_domains] (0x0010):
No properly configured domains, fatal error!
(Sun Aug 9 15:01:19:106210 2015) [sssd] [get_monitor_config] (0x0010):
No domains configured.
(Sun Aug 9 15:01:19:106255 2015) [sssd] [main] (0x0020): SSSD couldn't
load the configuration database.
Near as I can tell, the error about a missing id_provider is a baldfaced
lie--the `id_provider = ldap` line clearly exists in sssd.conf, and this
exact configuration is working on another fully patched Ubuntu 14.04.3
system on the same network--but I haven't a clue about the error's root
cause. I'm also unable to find any information about the missing file that
is causing the `No such file or directory` error. Based on some older posts
to this list, I tried installing and running ldbsearch on
`/var/lib/sss/db/config.ldb`:
$ sudo ldbsearch -H /var/lib/sss/db/config.ldb
server_sort:Unable to register control with rootdse!
# record 1
dn: cn=sssd,cn=config
cn: sssd
config_file_version: 2
debug_level: 0x4000
domains: FOO
services: nss,pam
distinguishedName: cn=sssd,cn=config
# record 2
dn: cn=config
version: 2
lastUpdate: 1439155822
distinguishedName: cn=config
# record 3
dn: cn=nss,cn=config
cn: nss
debug_level: 0xFFF0
filter_groups: root
filter_users: root
distinguishedName: cn=nss,cn=config
# record 4
dn: cn=FOO,cn=domains,cn=config
access_provider: simple
auth_provider: krb5
cache_credentials: true
chpass_provider: krb5
cn: FOO
debug_level: 0xFFF0
id_provider: ldap
krb5_realm: REDACTED
krb5_server:
kdc.redacted.com
ldap_id_use_start_tls: true
ldap_sasl_mech: GSSAPI
ldap_search_base: dc=redacted,dc=com
ldap_uri:
ldap://ldap.redacted.com
sudo_provider: none
distinguishedName: cn=FOO,cn=domains,cn=config
# record 5
dn: cn=pam,cn=config
cn: pam
distinguishedName: cn=pam,cn=config
# returned 5 records
# 5 entries
# 0 referrals
config.ldb permissions:
$ ls -al /var/lib/sss/db/config.ldb
-rw------- 1 root root 1286144 Aug 9 15:16 /var/lib/sss/db/config.ldb
So that seems to be in order. I examined the source code, but wasn't able
to trace the flow of execution past `confdb_get_param`
At this point, I know of no other troubleshooting or debugging options,
even after reading through the various related documents scattered about
the Internet. Looking at file access patterns with `strace` didn't yield
any useful information either. What else could be causing this issue?
Cheers,
-Caleb