How nsswitch call sssd for credential?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm stuck with Kerberos - sssd - AD. I've tried a lot of things, with lot of googling, in LinuxMint, Ubuntu 16.04 and Debian 9. I have always the same result :
kinit usernameworks finemsktutil -u --computer-name $(hostname) --server ad-server.univ-frlooks goodldapsearch -Y GSSAPIworks fine
but getent passwd -s sss username does nothing nor id username!
I tried with a very minimalistic Debian 9 distribution with openssh-server, krb-5-user, msktutil, sssd and configuration files /etc/sssd/sssd.conf and /etc/krb5.conf. I did not change /etc/nsswitch as it seems to be right configuring with compact sss on passwd, group, shadow and gshadow.
It looks like that sss is never called. So I did not find any log that could help me to track the bug. I don't know if I miss a package or something else.
My question : How could I find out how nsswitch works and when it ask sssd to find a AD username?
debian active-directory kerberos sssd nsswitch
edited May 23 at 15:13
U880D
399314
asked May 18 at 14:42
JL M
1032
add a comment |Â
up vote
0
down vote
favorite
I'm stuck with Kerberos - sssd - AD. I've tried a lot of things, with lot of googling, in LinuxMint, Ubuntu 16.04 and Debian 9. I have always the same result :
kinit usernameworks finemsktutil -u --computer-name $(hostname) --server ad-server.univ-frlooks goodldapsearch -Y GSSAPIworks fine
but getent passwd -s sss username does nothing nor id username!
I tried with a very minimalistic Debian 9 distribution with openssh-server, krb-5-user, msktutil, sssd and configuration files /etc/sssd/sssd.conf and /etc/krb5.conf. I did not change /etc/nsswitch as it seems to be right configuring with compact sss on passwd, group, shadow and gshadow.
It looks like that sss is never called. So I did not find any log that could help me to track the bug. I don't know if I miss a package or something else.
My question : How could I find out how nsswitch works and when it ask sssd to find a AD username?
debian active-directory kerberos sssd nsswitch
edited May 23 at 15:13
U880D
399314
asked May 18 at 14:42
JL M
1032
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm stuck with Kerberos - sssd - AD. I've tried a lot of things, with lot of googling, in LinuxMint, Ubuntu 16.04 and Debian 9. I have always the same result :
kinit usernameworks finemsktutil -u --computer-name $(hostname) --server ad-server.univ-frlooks goodldapsearch -Y GSSAPIworks fine
but getent passwd -s sss username does nothing nor id username!
I tried with a very minimalistic Debian 9 distribution with openssh-server, krb-5-user, msktutil, sssd and configuration files /etc/sssd/sssd.conf and /etc/krb5.conf. I did not change /etc/nsswitch as it seems to be right configuring with compact sss on passwd, group, shadow and gshadow.
It looks like that sss is never called. So I did not find any log that could help me to track the bug. I don't know if I miss a package or something else.
My question : How could I find out how nsswitch works and when it ask sssd to find a AD username?
debian active-directory kerberos sssd nsswitch
edited May 23 at 15:13
U880D
399314
asked May 18 at 14:42
JL M
1032
I'm stuck with Kerberos - sssd - AD. I've tried a lot of things, with lot of googling, in LinuxMint, Ubuntu 16.04 and Debian 9. I have always the same result :
kinit usernameworks finemsktutil -u --computer-name $(hostname) --server ad-server.univ-frlooks goodldapsearch -Y GSSAPIworks fine
but getent passwd -s sss username does nothing nor id username!
I tried with a very minimalistic Debian 9 distribution with openssh-server, krb-5-user, msktutil, sssd and configuration files /etc/sssd/sssd.conf and /etc/krb5.conf. I did not change /etc/nsswitch as it seems to be right configuring with compact sss on passwd, group, shadow and gshadow.
It looks like that sss is never called. So I did not find any log that could help me to track the bug. I don't know if I miss a package or something else.
My question : How could I find out how nsswitch works and when it ask sssd to find a AD username?
debian active-directory kerberos sssd nsswitch
edited May 23 at 15:13
U880D
399314
asked May 18 at 14:42
JL M
1032
edited May 23 at 15:13
U880D
399314
edited May 23 at 15:13
U880D
399314
edited May 23 at 15:13
U880D
399314
399314
asked May 18 at 14:42
JL M
1032
asked May 18 at 14:42
JL M
1032
asked May 18 at 14:42
JL M
1032
1032
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
Have a look into Anatomy of SSSD user lookup for an overview of the lookup process or Troubleshooting Guide for how to get logs to see what might be wrong in the daemon.
For quick reference, you may need to add debug_level=10 into all sections in the sssd.conf file, restart sssd and re-run your tasks. Then look into /var/log/sssd*.
edited May 23 at 15:40
U880D
399314
answered May 20 at 18:34
jhrozek
26111
Right, in this case additional debug logging and reviewing the logs seems to be recommended.
– U880D
May 23 at 14:00
Thanks a lot. I did a very minimalistic configuration insssd.conffile,as said in Troubleshooting backend, and sssd start correctly with good information in/var/log/sssd/*. Now I can continue.
– JL M
May 25 at 7:44
Sometimes SSSD will not restart event if configuration files seem good and there is very little things in logs. This could be corrected by deleting the sssd pid file :rm /var/run/sssd.pid. This was my main problem/solution.
– JL M
Jun 4 at 8:48
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Have a look into Anatomy of SSSD user lookup for an overview of the lookup process or Troubleshooting Guide for how to get logs to see what might be wrong in the daemon.
For quick reference, you may need to add debug_level=10 into all sections in the sssd.conf file, restart sssd and re-run your tasks. Then look into /var/log/sssd*.
edited May 23 at 15:40
U880D
399314
answered May 20 at 18:34
jhrozek
26111
Right, in this case additional debug logging and reviewing the logs seems to be recommended.
– U880D
May 23 at 14:00
Thanks a lot. I did a very minimalistic configuration insssd.conffile,as said in Troubleshooting backend, and sssd start correctly with good information in/var/log/sssd/*. Now I can continue.
– JL M
May 25 at 7:44
Sometimes SSSD will not restart event if configuration files seem good and there is very little things in logs. This could be corrected by deleting the sssd pid file :rm /var/run/sssd.pid. This was my main problem/solution.
– JL M
Jun 4 at 8:48
add a comment |Â
up vote
2
down vote
accepted
Have a look into Anatomy of SSSD user lookup for an overview of the lookup process or Troubleshooting Guide for how to get logs to see what might be wrong in the daemon.
For quick reference, you may need to add debug_level=10 into all sections in the sssd.conf file, restart sssd and re-run your tasks. Then look into /var/log/sssd*.
edited May 23 at 15:40
U880D
399314
answered May 20 at 18:34
jhrozek
26111
Right, in this case additional debug logging and reviewing the logs seems to be recommended.
– U880D
May 23 at 14:00
Thanks a lot. I did a very minimalistic configuration insssd.conffile,as said in Troubleshooting backend, and sssd start correctly with good information in/var/log/sssd/*. Now I can continue.
– JL M
May 25 at 7:44
Sometimes SSSD will not restart event if configuration files seem good and there is very little things in logs. This could be corrected by deleting the sssd pid file :rm /var/run/sssd.pid. This was my main problem/solution.
– JL M
Jun 4 at 8:48
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Have a look into Anatomy of SSSD user lookup for an overview of the lookup process or Troubleshooting Guide for how to get logs to see what might be wrong in the daemon.
For quick reference, you may need to add debug_level=10 into all sections in the sssd.conf file, restart sssd and re-run your tasks. Then look into /var/log/sssd*.
edited May 23 at 15:40
U880D
399314
answered May 20 at 18:34
jhrozek
26111
Have a look into Anatomy of SSSD user lookup for an overview of the lookup process or Troubleshooting Guide for how to get logs to see what might be wrong in the daemon.
For quick reference, you may need to add debug_level=10 into all sections in the sssd.conf file, restart sssd and re-run your tasks. Then look into /var/log/sssd*.
edited May 23 at 15:40
U880D
399314
answered May 20 at 18:34
jhrozek
26111
edited May 23 at 15:40
U880D
399314
edited May 23 at 15:40
U880D
399314
edited May 23 at 15:40
U880D
399314
399314
answered May 20 at 18:34
jhrozek
26111
answered May 20 at 18:34
jhrozek
26111
answered May 20 at 18:34
jhrozek
26111
26111
Right, in this case additional debug logging and reviewing the logs seems to be recommended.
– U880D
May 23 at 14:00
Thanks a lot. I did a very minimalistic configuration insssd.conffile,as said in Troubleshooting backend, and sssd start correctly with good information in/var/log/sssd/*. Now I can continue.
– JL M
May 25 at 7:44
Sometimes SSSD will not restart event if configuration files seem good and there is very little things in logs. This could be corrected by deleting the sssd pid file :rm /var/run/sssd.pid. This was my main problem/solution.
– JL M
Jun 4 at 8:48
add a comment |Â
Right, in this case additional debug logging and reviewing the logs seems to be recommended.
– U880D
May 23 at 14:00
Thanks a lot. I did a very minimalistic configuration insssd.conffile,as said in Troubleshooting backend, and sssd start correctly with good information in/var/log/sssd/*. Now I can continue.
– JL M
May 25 at 7:44
Sometimes SSSD will not restart event if configuration files seem good and there is very little things in logs. This could be corrected by deleting the sssd pid file :rm /var/run/sssd.pid. This was my main problem/solution.
– JL M
Jun 4 at 8:48
Right, in this case additional debug logging and reviewing the logs seems to be recommended.
– U880D
May 23 at 14:00
Right, in this case additional debug logging and reviewing the logs seems to be recommended.
– U880D
May 23 at 14:00
Thanks a lot. I did a very minimalistic configuration in
sssd.conf file,as said in Troubleshooting backend, and sssd start correctly with good information in /var/log/sssd/*. Now I can continue.– JL M
May 25 at 7:44
Thanks a lot. I did a very minimalistic configuration in
sssd.conf file,as said in Troubleshooting backend, and sssd start correctly with good information in /var/log/sssd/*. Now I can continue.– JL M
May 25 at 7:44
Sometimes SSSD will not restart event if configuration files seem good and there is very little things in logs. This could be corrected by deleting the sssd pid file :
rm /var/run/sssd.pid. This was my main problem/solution.– JL M
Jun 4 at 8:48
Sometimes SSSD will not restart event if configuration files seem good and there is very little things in logs. This could be corrected by deleting the sssd pid file :
rm /var/run/sssd.pid. This was my main problem/solution.– JL M
Jun 4 at 8:48
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f444628%2fhow-nsswitch-call-sssd-for-credential%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
