Account Provider Error 11

NethServer Version: V7 Final
Module: Samba
After uninstalling squid and nagios because of error messages (chown here in post 33) I get an Account Provider Error.
This is my message.log

Apr 10 09:23:19 GroupwareBackup httpd: [ERROR] NethServer\Tool\GroupProvider: AccountProvider_Error_11 
Apr 10 09:23:19 GroupwareBackup httpd: [ERROR] Resource temporarily unavailable 
Apr 10 09:23:40 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/10eth-unmapped exit code 9 
Apr 10 09:23:42 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/10green-dhcp exit code 9 
Apr 10 09:23:44 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9 
Apr 10 09:23:46 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/40nethserver-dc exit code 9 
Apr 10 09:23:49 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/40password_strength exit code 9 
Apr 10 09:23:51 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/40shorewall exit code 9 
Apr 10 09:23:53 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/70webtop exit code 9 
Apr 10 09:23:59 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/10eth-unmapped exit code 9 
Apr 10 09:24:01 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/10green-dhcp exit code 9 
Apr 10 09:24:05 GroupwareBackup admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9

Domain Accounts looks good:

NetBIOS domain name: MyDomain
LDAP server: 192.168.46.13
LDAP server name: nsdc-group841e8.MyDomain.de
Realm: MyDomain.DE
Bind Path: dc=MyDomain,dc=DE
LDAP port: 389
Server time: Mon, 10 Apr 2017 09:46:44 CEST
KDC server: 192.168.46.13
Server time offset: 0
Last machine account password change: Thu, 02 Feb 2017 14:22:27 CET
Join is OK
name: GROUPWAREBACKUP
objectSid: S-1-5-21-941630827-2008546738-974625130-1103
accountExpires: 9223372036854775807
sAMAccountName: GROUPWAREBACKUP$
pwdLastSet: 131305153470000000
dNSHostName: groupwarebackup.MyDomain.de
servicePrincipalName: HOST/GROUPWAREBACKUP
servicePrincipalName: HOST/groupwarebackup.MyDomain.de
servicePrincipalName: smtp/groupwarebackup
servicePrincipalName: smtp/groupwarebackup.MyDomain.de
servicePrincipalName: pop/groupwarebackup
servicePrincipalName: pop/groupwarebackup.MyDomain.de
servicePrincipalName: imap/groupwarebackup
servicePrincipalName: imap/groupwarebackup.MyDomain.de
servicePrincipalName: HTTP/groupwarebackup
servicePrincipalName: HTTP/groupwarebackup.MyDomain.de
whenChanged: 20170407225039.0Z
lastLogon: 131362840055328640
distinguishedName: CN=GROUPWAREBACKUP,CN=Computers,DC=MyDomain,DC=de

And the output of account-provider-test dump

{
   "startTls" : "",
   "bindUser" : "GROUPWAREBACKUP$",
   "userDN" : "dc=MyDomain,dc=de",
   "port" : 636,
   "isAD" : "1",
   "host" : "MyDomain.de",
   "groupDN" : "dc=MyDomain,dc=de",
   "isLdap" : "",
   "ldapURI" : "ldaps://MyDomain.de",
   "baseDN" : "dc=MyDomain,dc=de",
   "bindPassword" : "MyBindPassword",
   "bindDN" : "MyDomain\\GROUPWAREBACKUP$"
}

Has somebody an idea? Thanks in advance.

…I’m not sure of the meaning of “11”…

How many user/groups accounts do you have?

See also http://www.openldap.org/doc/admin24/appendix-ldap-result-codes.html#adminLimitExceeded%20(11)

1 Like

With administrator I have 4 users and one group.
Perhaps the group is the problem, it is domain admins with a space, but I can’t delete it.

Apr 10 10:39:21 GroupwareBackup esmith::event[5348]: Event: group-delete domain admins@MyDomain.de 
Apr 10 10:39:21 GroupwareBackup esmith::event[5348]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.152536] 
Apr 10 10:39:24 GroupwareBackup esmith::event[5348]: ERROR(ldb): Failed to remove group "domain admins" - error in module samldb: Other during LDB_DELETE (80) 
Apr 10 10:39:24 GroupwareBackup esmith::event[5348]: [ERROR] Deletion failed for group domain admins Apr 10 10:39:24 GroupwareBackup esmith::event[5348]: Action: /etc/e-smith/events/group-delete/S40nethserver-dc-group-delete FAILED: 3 [3.044701] 
Apr 10 10:39:24 GroupwareBackup esmith::event[5348]: [NOTICE] clearing sssd cache for group domain admins@MyDomain.de 
Apr 10 10:39:24 GroupwareBackup esmith::event[5348]: Action: /etc/e-smith/events/group-delete/S90nethserver-sssd-clear-cache SUCCESS [0.568618] 
Apr 10 10:39:24 GroupwareBackup esmith::event[5348]: Event: group-delete FAILED

I’ve found an other entry in messaage log too, which I don’t understand:

Apr 10 09:56:59 GroupwareBackup kernel: br0: received packet on ens3 with own address as source address

ok, it’s not a resource problem :slight_smile:

Could be a problem, but it’s not related to yours! Please, do not delete “domain admins”: it’s a AD default group!

Could be related to Linux container’s networking. But should not be related to your problem because your Domain Accounts page looks good!

Could execute (without any argument)

account-provider-test
# extended LDIF
#
# LDAPv3
# base <dc=MyDomain,dc=de> with scope baseObject
# filter: (objectClass=*)
# requesting: ALL
#

#MyDomain.de
dn: DC=MyDomain,DC=de
objectClass: top
objectClass: domain
objectClass: domainDNS
instanceType: 5
whenCreated: 20170202132128.0Z
uSNCreated: 8
name: MyDomain
objectGUID:: NQ/4MkYAQEGlifI1vK84tg==
objectSid:: AQQAAAAAAAUVAAAAayUgOLL9t3dqmRc6
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=MyDomain,DC=de
dc: MyDomain
auditingPolicy:: AAE=
creationTime: 131305152880000000
forceLogoff: -9223372036854775808
gPLink: [LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
 m,DC=MyDomain,DC=de;0]
isCriticalSystemObject: TRUE
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
minPwdLength: 7
modifiedCount: 1
modifiedCountAtLastProm: 0
msDS-AllUsersTrustQuota: 1000
msDS-Behavior-Version: 4
ms-DS-MachineAccountQuota: 10
msDS-NcType: 0
msDS-PerUserTrustQuota: 1
msDS-PerUserTrustTombstonesQuota: 10
nextRid: 1000
nTMixedDomain: 0
oEMInformation: Provisioned by SAMBA 4.4.5
pwdProperties: 1
pwdHistoryLength: 24
serverState: 1
systemFlags: -1946157056
uASCompat: 1
rIDManagerReference: CN=RID Manager$,CN=System,DC=MyDomain,DC=de
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=MyDomain,DC=de
wellKnownObjects: B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Progra
 m Data,DC=MyDomain,DC=de
wellKnownObjects: B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=MyDomain,DC=de
wellKnownObjects: B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrin
 cipals,DC=MyDomain,DC=de
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=
 MyDomain,DC=de
wellKnownObjects: B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=MyDomain,DC=de
wellKnownObjects: B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=MyDomain,DC=de
wellKnownObjects: B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=MyDomain,DC=
 de
wellKnownObjects: B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,
 DC=MyDomain,DC=de
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=MyDomain,
 DC=de
wellKnownObjects: B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=MyDomain,DC=d
 e
fSMORoleOwner: CN=NTDS Settings,CN=NSDC-GROUP841E8,CN=Servers,CN=Default-First
 -Site-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=de
msDs-masteredBy: CN=NTDS Settings,CN=NSDC-GROUP841E8,CN=Servers,CN=Default-Fir
 st-Site-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=de
msDS-IsDomainFor: CN=NTDS Settings,CN=NSDC-GROUP841E8,CN=Servers,CN=Default-Fi
 rst-Site-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=de
masteredBy: CN=NTDS Settings,CN=NSDC-GROUP841E8,CN=Servers,CN=Default-First-Si
 te-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=de
minPwdAge: 0
maxPwdAge: -155520000000000
whenChanged: 20170202132304.0Z
uSNChanged: 3725
distinguishedName: DC=MyDomain,DC=de

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
1 Like

Yes, everything is fine on that side!

We must investigate elsewhere… :thinking:

…looks strange: all todo scripts exit with the same error code!

Filesystem permissions on DB files? How does it looks like?

1 Like

Do you know what exit code 9 is?

I guess it’s “resource temporarly unavailable”

I might be wrong, of course :grin:

1 Like

This could be. The server is responding very slowly and if I try a shutdown now -r or a reboot at ui, it hangs and don’t come back.
Perhaps it’s responding to slow.

The todo scripts must finish in a few seconds otherwise are terminated.

It could explain those log messages…

It’s only a test environment, I’ll build a new host (at this time it’s ubuntu, not optimal) and reinstall nethserver.
So I have a reason to install Horde with my HowTo again and check if I write down everything right :stuck_out_tongue_winking_eye: