Author Topic: Actual Zentyal 6.1 SSSD configuration example via direct LDAP connection  (Read 1292 times)

murz

  • Zen Apprentice
  • *
  • Posts: 37
  • Karma: +1/-0
    • View Profile
Can anybody provide fresh working SSSD configuration example, that works with current Zentyal 6.1 server via LDAP login and password, without generating host Kerberos ticket?

I have found https://wiki.zentyal.org/wiki/SSSD but seems it is too old because not working on Zentyal default setup.
It was work for me on Zentyal 4.x and Ubuntu 14.04, but not work on new Zentyal 6.x and Ubuntu 18.04 clients.

Also I have found https://wiki.zentyal.org/wiki/Authenticating_Linux_client_against_Samba but it works via generating Kerberos ticket for each host, that is too expensive.

Does anybody have any fresh sssd.conf, that works well with direct connection to Zentyal 6.x LDAP, without generating Kerberos ticket?

murz

  • Zen Apprentice
  • *
  • Posts: 37
  • Karma: +1/-0
    • View Profile
Re: Actual Zentyal 6.1 SSSD configuration example via direct LDAP connection
« Reply #1 on: January 09, 2020, 08:24:39 pm »
The main problem is that SSSD shows "Can't contact LDAP server" after sucessfull connection, here is verbose output:
Code: [Select]
(Thu Jan  9 22:20:42 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_id_op_connect_done] (0x4000): caching successful connection after 1 notifies
(Thu Jan  9 22:20:42 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [be_run_unconditional_online_cb] (0x4000): List of unconditional online callbacks is empty, nothing to do.
(Thu Jan  9 22:20:42 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
(Thu Jan  9 22:20:42 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: sh[0x55f6cc49c710], connected[1], ops[0x55f6cc4f7ad0], ldap[0x55f6cc4eebf0]
(Thu Jan  9 22:20:42 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Thu Jan  9 22:20:42 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: sh[0x55f6cc49c710], connected[1], ops[0x55f6cc4f7ad0], ldap[0x55f6cc4eebf0]
(Thu Jan  9 22:20:42 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://org.mycompany.com/CN=Configuration,DC=org,DC=mycompany,DC=com] with fd [22].
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_rebind_proc] (0x1000): Successfully bind to [ldap://org.mycompany.com/CN=Configuration,DC=org,DC=mycompany,DC=com].
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://org.mycompany.com/CN=Configuration,DC=org,DC=mycompany,DC=com
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: sh[0x55f6cc49c710], connected[1], ops[0x55f6cc4f7ad0], ldap[0x55f6cc4eebf0]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://org.mycompany.com/DC=DomainDnsZones,DC=org,DC=mycompany,DC=com
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: sh[0x55f6cc49c710], connected[1], ops[0x55f6cc4f7ad0], ldap[0x55f6cc4eebf0]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_REFERENCE]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_get_generic_ext_add_references] (0x1000): Additional References: ldap://org.mycompany.com/DC=ForestDnsZones,DC=org,DC=mycompany,DC=com
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: sh[0x55f6cc49c710], connected[1], ops[0x55f6cc4f7ad0], ldap[0x55f6cc4eebf0]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [be_ptask_online_cb] (0x0400): Back end is online
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [be_ptask_enable] (0x0080): Task [SUDO Smart Refresh]: already enabled
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x2000): Trace: sh[0x55f6cc49c710], connected[1], ops[0x55f6cc4f7ad0], ldap[0x55f6cc4eebf0]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_handle_release] (0x2000): Trace: sh[0x55f6cc49c710], connected[1], ops[0x55f6cc4f7ad0], ldap[0x55f6cc4eebf0], destructor_lock[0], release_memory[0]
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [remove_connection_callback] (0x4000): Successfully removed connection callback.
(Thu Jan  9 22:20:43 2020) [sssd[be[ORG.DIGITERRA.PRO]]] [sdap_op_destructor] (0x1000): Abandoning operation 3