Learn more about these different git repos.
Other Git URLs
When I specify ad_site in my config, and then run: netstat -alp | grep sss
I see sssd_be process is connected to an ldap server not corresponding to the site I have specified
From logs:
(Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.dublin.ad.s3group.com' (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x248edb0] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [PAM] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dcpra2.dublin.ad.s3group.com' in files (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dcpra2.dublin.ad.s3group.com' in files (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dcpra2.dublin.ad.s3group.com' in DNS (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x248da80] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [NSS] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.Dublin._sites.dublin.ad.s3group.com' (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.dublin.ad.s3group.com'
That's bad - I have specified "ad_site = Dublin" so we should rather search in:
_ldap._tcp.Dublin._sites.dublin.ad.s3group.com
looks like this parameter is happily ignored
_comment0: From logs: (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.dublin.ad.s3group.com' (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x248edb0] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [PAM] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dcpra2.dublin.ad.s3group.com' in files (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dcpra2.dublin.ad.s3group.com' in files (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dcpra2.dublin.ad.s3group.com' in DNS (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Cancel DP ID timeout [0x248da80] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [client_registration] (0x0100): Added Frontend client [NSS] (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.Dublin._sites.dublin.ad.s3group.com' (Thu Aug 20 11:03:44 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.dublin.ad.s3group.com'
looks like this parameter is happily ignored => 1440066689059067
Can you provide full logs please?
log file sssd_default.log
Log attached. My configuration: [domain/default] debug_level = 5 ldap_id_mapping = False ad_domain = DUBLIN.AD.S3GROUP.COM
ad_site = Dublin id_provider = ad auth_provider = ad chpass_provider = ad autofs_provider = ldap cache_credentials = True dns_discovery_domain = dublin.ad.s3group.com krb5_realm = DUBLIN.AD.S3GROUP.COM
Note that forest root domain is ad.s3group.com.
Can you increase the debug level, say to 0x3ff0? Unfortunately this level does not contain information I was looking for. Thank you.
cc: => pbrezina
log file sssd_default.log.gz
log file attached (debug level= 0x3ff0). Different machine, so "ad_site = Prague" here.
Hi, the logs says that you are connecting to the right server.
(Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_get_dc_servers_send] (0x0400): Looking up domain controllers in domain dublin.ad.s3group.com (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_getsrv_done] (0x1000): Using TTL [600] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [request_watch_destructor] (0x0400): Deleting request watch (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_srv_done] (0x0400): Got answer. Processing... (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_srv_done] (0x0400): Got 15 servers (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_get_dc_servers_done] (0x0400): Found 15 domain controllers in domain dublin.ad.s3group.com (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_srv_plugin_dcs_done] (0x0400): About to locate suitable site (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_connect_host_send] (0x0400): Resolving host dcpra.dublin.ad.s3group.com (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_step] (0x2000): Querying files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dcpra.dublin.ad.s3group.com' in files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_step] (0x2000): Querying files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dcpra.dublin.ad.s3group.com' in files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dcpra.dublin.ad.s3group.com' in DNS (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [request_watch_destructor] (0x0400): Deleting request watch (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://dcpra.dublin.ad.s3group.com:389 (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://dcpra.dublin.ad.s3group.com:389/??base] with fd [23]. (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_connect_host_done] (0x0400): Successful connection to ldap://dcpra.dublin.ad.s3group.com:389 (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_print_server] (0x2000): Searching 192.168.60.12 (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(DnsDomain=dublin.ad.s3group.com)(NtVer=\14\00\00\00))][]. (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [netlogon] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1 (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x1109c90], connected[1], ops[0x1109b20], ldap[0x1100850] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_parse_entry] (0x1000): OriginalDN: []. (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_parse_range] (0x2000): No sub-attributes for [netlogon] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x1109c90], connected[1], ops[0x1109b20], ldap[0x1100850] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_handle_release] (0x2000): Trace: sh[0x1109c90], connected[1], ops[(nil)], ldap[0x1100850], destructor_lock[0], release_memory[0] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_get_client_site_done] (0x0400): Found site: Prague (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_srv_plugin_site_done] (0x2000): Ignoring AD site found by DNS discovery: 'Prague', using configured value: 'Prague' instead. (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_srv_plugin_site_done] (0x0400): About to discover primary and backup servers (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_servers_send] (0x0400): Looking up primary servers (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'Prague._sites.dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.Prague._sites.dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_getsrv_done] (0x1000): Using TTL [458] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [request_watch_destructor] (0x0400): Deleting request watch (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_srv_done] (0x0400): Got answer. Processing... (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_srv_done] (0x0400): Got 2 servers (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_servers_primary_done] (0x0400): Looking up backup servers (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_getsrv_done] (0x1000): Using TTL [600] (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [request_watch_destructor] (0x0400): Deleting request watch (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_srv_done] (0x0400): Got answer. Processing... (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_discover_srv_done] (0x0400): Got 15 servers (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_srv_plugin_servers_done] (0x0400): Got 2 primary and 15 backup servers (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'dcpra2.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'dcpra.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcwro1.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcwro3.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcsjc2.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcsjc3.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dccork2.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dclis1.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcwro7.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcdub1.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dccork1.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcwro2.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcduba.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Server 'dcpra.dublin.ad.s3group.com:389' for service 'AD' is already present (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Server 'dcpra2.dublin.ad.s3group.com:389' for service 'AD' is already present (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dcphil1.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_user_data_cmp] (0x1000): Comparing LDAP with LDAP (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [fo_add_server_to_list] (0x0400): Inserted backup server 'dclisaa.dublin.ad.s3group.com:389' to service 'AD' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'resolved' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [get_server_status] (0x1000): Status of server 'dcpra2.dublin.ad.s3group.com' is 'name not resolved' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_step] (0x2000): Querying files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'dcpra2.dublin.ad.s3group.com' in files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'dcpra2.dublin.ad.s3group.com' as 'resolving name' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_step] (0x2000): Querying files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'dcpra2.dublin.ad.s3group.com' in files (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'dcpra2.dublin.ad.s3group.com' in DNS (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [request_watch_destructor] (0x0400): Deleting request watch (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'dcpra2.dublin.ad.s3group.com' as 'name resolved' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [be_resolve_server_process] (0x0200): Found address for server dcpra2.dublin.ad.s3group.com: [192.168.60.209] TTL 1793 (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://dcpra2.dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://dcpra2.dublin.ad.s3group.com' (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Thu Aug 27 16:00:07 2015) [sssd[be[default]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://dcpra2.dublin.ad.s3group.com:389/??base] with fd [23].
Can you send me the output of netstat -alp | grep sss ?
Well, check the logs later on:
(Thu Aug 27 16:18:04 2015) [sssd[be[default]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://dcsjc3.dublin.ad.s3group.com:389 (Thu Aug 27 16:18:04 2015) [sssd[be[default]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Thu Aug 27 16:18:08 2015) [sssd[be[default]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [sdap_handle_release] (0x2000): Trace: sh[0x239f760], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_me mory[0] (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [be_resolve_server_done] (0x1000): Server resolution failed: 14 (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [be_mark_offline] (0x2000): Going offline!
I mean - mostly it gets connected after all, but there are times when sssd goes offline because it tries to connect to the wrong DC. With ad_site configured, this should never happen.
Ondrej
_comment0: Well, check the logs later on: (Thu Aug 27 16:18:04 2015) [sssd[be[default]]] [sdap_connect_host_resolv_done] (0x0400): Connecting to ldap://dcsjc3.dublin.ad.s3group.com:389 (Thu Aug 27 16:18:04 2015) [sssd[be[default]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting (Thu Aug 27 16:18:08 2015) [sssd[be[default]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [sdap_handle_release] (0x2000): Trace: sh[0x239f760], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_me mory[0] (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [be_resolve_server_done] (0x1000): Server resolution failed: 14 (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Thu Aug 27 16:18:10 2015) [sssd[be[default]]] [be_mark_offline] (0x2000): Going offline!
Ondrej => 1441282971490299
Hi, the service resolution has several steps:
1) Obtain list of domain controllers - no matter which site. 2) Connect to a dc and send "ldap ping", we will get site name and forest name. 3) Resolve service from site.
The failures you see come from step 2). Even if a site is set manually, we still have to do step 2) to obtain forest name. Maybe we can allow both of it to be set manually or we can prefer dc from configured site in this step.
Are those domain controllers just timing out or are they completely unreachable?
Hi, Ok I understand. The DCs are timing out because they are on a different geographic region so firewall is dropping access to them - firewall only allows inter-DC communication for replication purposes. I think if we preferred site-local DCs for step 2) it would make a most sense here.
This is probably also related to #2702
Yes, I agree. Thank you!
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.13.2
owner: somebody => pbrezina
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1273802 (Red Hat Enterprise Linux 6)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1273802 1273802]
We would like to release the 1.13.2 tarball soon and this ticket is not a release blocker, therefore I'm moving it out of 1.13.2 into 1.13.3
milestone: SSSD 1.13.2 => SSSD 1.13.3
We would like to release the 1.13.3 tarball soon and this ticket is not a release blocker, therefore I'm moving it out of 1.13.3 into 1.13.4
milestone: SSSD 1.13.3 => SSSD 1.13.4
patch: 0 => 1
resolution: => fixed status: new => closed
Metadata Update from @ondrejv2: - Issue assigned to pbrezina - Issue set to the milestone: SSSD 1.13.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3806
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.