AccountProvider_Error_1 direct after configuring Active Directory

,

Hello everybody,

i am new to NS, and wanted to install it on a acer homeserver.
Everything worked fine so far, but when i wanted to configure local AD i get the error “AccountProvider_Error_1” when i go to Dashboard or User and Groups.

Is there something i can do?
I already tried to restart the system.

Here i added the log ‘/var/log/messages’:

Feb 10 23:33:47 dc1 shorewall: Shorewall configuration compiled to /var/lib/shorewall/.start Feb 10 23:33:47 dc1 shorewall: Starting Shorewall.... Feb 10 23:33:48 dc1 shorewall: Initializing... Feb 10 23:33:48 dc1 shorewall: Processing /etc/shorewall/init ... Feb 10 23:33:48 dc1 shorewall: Processing /etc/shorewall/tcclear ... Feb 10 23:33:48 dc1 shorewall: Setting up Route Filtering... Feb 10 23:33:48 dc1 shorewall: Setting up Martian Logging... Feb 10 23:33:48 dc1 shorewall: Setting up Proxy ARP... Feb 10 23:33:48 dc1 shorewall: Preparing iptables-restore input... Feb 10 23:33:48 dc1 shorewall: Running /sbin/iptables-restore ... Feb 10 23:33:49 dc1 shorewall: IPv4 Forwarding Enabled Feb 10 23:33:49 dc1 shorewall: Processing /etc/shorewall/start ... Feb 10 23:33:49 dc1 shorewall: Processing /etc/shorewall/started ... Feb 10 23:33:49 dc1 logger: Shorewall started Feb 10 23:33:49 dc1 kernel: br0: port 1(enp9s0) entered forwarding state Feb 10 23:33:49 dc1 shorewall: done. Feb 10 23:33:49 dc1 systemd: Started Shorewall IPv4 firewall. Feb 10 23:33:59 dc1 kernel: br0: port 2(vb-nsdc) entered forwarding state Feb 10 23:34:00 dc1 chronyd[743]: Selected source 86.59.80.170 Feb 10 23:34:01 dc1 chronyd[743]: Selected source 86.59.113.114 Feb 10 23:34:02 dc1 kernel: perf: interrupt took too long (2537 > 2500), lowering kernel.perf_event_max_sample_rate to 78000 Feb 10 23:34:11 dc1 systemd: Starting Stop Read-Ahead Data Collection... Feb 10 23:34:11 dc1 systemd: Started Stop Read-Ahead Data Collection. Feb 10 23:34:12 dc1 kdumpctl: kexec: loaded kdump kernel Feb 10 23:34:12 dc1 kdumpctl: Starting kdump: [OK] Feb 10 23:34:12 dc1 systemd: Started Crash recovery kernel arming. Feb 10 23:34:12 dc1 systemd: Startup finished in 1.257s (kernel) + 5.059s (initrd) + 1min 183ms (userspace) = 1min 6.499s. Feb 10 23:35:15 dc1 httpd: [ERROR] NethServer\Tool\GroupProvider: AccountProvider_Error_1 Feb 10 23:35:15 dc1 httpd: [ERROR] Traceback (most recent call last):#012 File "<stdin>", line 3, in <module>#012KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP'#012Traceback (most recent call last):#012 File "<stdin>", line 3, in <module>#012KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP'#012(1) 00002020: Operation unavailable without authentication Feb 10 23:35:20 dc1 admin-todos: Traceback (most recent call last): Feb 10 23:35:20 dc1 admin-todos: File "<stdin>", line 3, in <module> Feb 10 23:35:20 dc1 admin-todos: KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP' Feb 10 23:35:21 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9 Feb 10 23:35:26 dc1 httpd: [WARNING] NethServer\Tool\GroupProvider: Account provider connection timed out Feb 10 23:35:26 dc1 httpd: [WARNING] Traceback (most recent call last):#012 File "<stdin>", line 3, in <module>#012KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP'#012Connection timed out Feb 10 23:35:41 dc1 kernel: perf: interrupt took too long (3221 > 3171), lowering kernel.perf_event_max_sample_rate to 62000 Feb 10 23:35:42 dc1 admin-todos: Traceback (most recent call last): Feb 10 23:35:42 dc1 admin-todos: File "<stdin>", line 3, in <module> Feb 10 23:35:42 dc1 admin-todos: KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP' Feb 10 23:35:42 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9 Feb 10 23:35:48 dc1 admin-todos: Traceback (most recent call last): Feb 10 23:35:48 dc1 admin-todos: File "<stdin>", line 3, in <module> Feb 10 23:35:48 dc1 admin-todos: KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP' Feb 10 23:35:48 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9 Feb 10 23:36:02 dc1 httpd: [ERROR] NethServer\Tool\UserProvider: AccountProvider_Error_1 Feb 10 23:36:02 dc1 httpd: [ERROR] Traceback (most recent call last):#012 File "<stdin>", line 3, in <module>#012KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP'#012Traceback (most recent call last):#012 File "<stdin>", line 3, in <module>#012KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP'#012(1) 00002020: Operation unavailable without authentication Feb 10 23:36:30 dc1 httpd: [ERROR] NethServer\Tool\GroupProvider: AccountProvider_Error_1 Feb 10 23:36:30 dc1 httpd: [ERROR] Traceback (most recent call last):#012 File "<stdin>", line 3, in <module>#012KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP'#012Traceback (most recent call last):#012 File "<stdin>", line 3, in <module>#012KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP'#012(1) 00002020: Operation unavailable without authentication Feb 10 23:36:34 dc1 admin-todos: Traceback (most recent call last): Feb 10 23:36:34 dc1 admin-todos: File "<stdin>", line 3, in <module> Feb 10 23:36:34 dc1 admin-todos: KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP' Feb 10 23:36:34 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9 Feb 10 23:36:55 dc1 sshd[3068]: reverse mapping checking getaddrinfo for macbook-strobl [10.0.0.50] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 10 23:37:00 dc1 sshd[3068]: Accepted password for root from 10.0.0.50 port 59112 ssh2 Feb 10 23:37:00 dc1 systemd: Created slice user-0.slice. Feb 10 23:37:00 dc1 systemd: Starting user-0.slice. Feb 10 23:37:00 dc1 systemd-logind: New session 1 of user root. Feb 10 23:37:00 dc1 systemd: Started Session 1 of user root. Feb 10 23:37:00 dc1 systemd: Starting Session 1 of user root. Feb 10 23:38:15 dc1 admin-todos: Traceback (most recent call last): Feb 10 23:38:15 dc1 admin-todos: File "<stdin>", line 3, in <module> Feb 10 23:38:15 dc1 admin-todos: KeyError: 'SECRETS/MACHINE_PASSWORD/WORKGROUP' Feb 10 23:38:15 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9 Feb 10 23:38:16 dc1 kernel: perf: interrupt took too long (4041 > 4026), lowering kernel.perf_event_max_sample_rate to 49000 Feb 10 23:38:57 dc1 dbus[741]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' Feb 10 23:38:57 dc1 dbus-daemon: dbus[741]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' Feb 10 23:38:57 dc1 systemd: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid argument. Feb 10 23:38:57 dc1 systemd: Starting Time & Date Service... Feb 10 23:38:57 dc1 dbus-daemon: dbus[741]: [system] Successfully activated service 'org.freedesktop.timedate1' Feb 10 23:38:57 dc1 dbus[741]: [system] Successfully activated service 'org.freedesktop.timedate1' Feb 10 23:38:57 dc1 systemd: Started Time & Date Service. Feb 10 23:48:10 dc1 systemd: Starting Cleanup of Temporary Directories... Feb 10 23:48:10 dc1 systemd: Started Cleanup of Temporary Directories.

Kind regards
Steve

2 Likes

I too have received this message. I tried different installations, but always the same problem. Saluti…

1 Like

Hi @stevest81, welcome to NethServer community and thanks for the background information: it helps to understand what happened!

Probably we didn’t join the domain. I guess the DC didn’t start at all. As it’s a new installation I suggest following this procedure:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-dc.html#factory-reset

Then go to Accounts Provider page, select a (different?) IP and START DC again.

More about local DC provider

http://docs.nethserver.org/en/v7/accounts.html#samba-active-directory-local-provider-installation

If you want to provide more information to investigate the problem, paste here the output of

config show nsdc
config show sssd
config show smb
db networks show

BTW we wish to improve these procedures: your feedback is welcome!

Hi,

thanks for your fast response! I really appreciate this!

Fyi:

I installed centOS on the physical machine, and then installed nethserver via command line.

I now retried to install (with new IP’s) with the same error as before!

Please find attached the infos you were asking for.

# config show nsdc
nsdc=service
    IpAddress=10.0.0.31
    bridge=br0
    status=enabled

# config show sssd
sssd=service
    AdDns=10.0.0.31
    LdapURI=
    Provider=ad
    status=enabled

# config show smb
smb=service
    DeadTime=10080
    Libwbclient=samba
    NetbiosAliasList=
    OsLevel=35
    ServerRole=WS
    Sid=
    TCPPorts=139,445
    UseClientDriver=yes
    UseCups=enabled
    WinsServerIP=
    Workgroup=
    access=green
    status=enabled

# db networks show
br0=bridge
    gateway=10.0.0.138
    ipaddr=10.0.0.30
    netmask=255.255.255.0
    role=green
enp9s0=ethernet
    FwInBandwidth=
    FwOutBandwidth=
    bridge=br0
    role=bridged
ppp0=xdsl-disabled
    AuthType=auto
    FwInBandwidth=
    FwOutBandwidth=
    Password=
    name=PPPoE
    provider=xDSL provider
    role=red
    user=

One more thing:

I can ping the nsdc on 10.0.0.31. So i think it got started.

Thanks in advance!
Steve

Hi,

i now tried to restart sssd.

Here is what i got:

[root@dc1 ~]# systemctl stop sssd
[root@dc1 ~]# systemctl start sssd
Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details.
[root@dc1 ~]# systemctl status sssd.service
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/sssd.service.d
           └─journal.conf
   Active: failed (Result: exit-code) since Sam 2017-02-11 12:53:49 CET; 18s ago
  Process: 2613 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=4)

Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Starting System Security Services Daemon...
Feb 11 12:53:49 dc1.strobl.lan sssd[2613]: SSSD couldn't load the configuration database [5]: Input/output error.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: sssd.service: control process exited, code=exited status=4
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Failed to start System Security Services Daemon.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Unit sssd.service entered failed state.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: sssd.service failed.
[root@dc1 ~]# journalctl -xe
-- 
-- A new session with the ID 1 has been created for the user root.
-- 
-- The leading process of the session is 2582.
Feb 11 12:53:39 dc1.strobl.lan systemd[1]: Started Session 1 of user root.
-- Subject: Unit session-1.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-1.scope has finished starting up.
-- 
-- The start-up result is done.
Feb 11 12:53:39 dc1.strobl.lan systemd[1]: Starting Session 1 of user root.
-- Subject: Unit session-1.scope has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-1.scope has begun starting up.
Feb 11 12:53:39 dc1.strobl.lan sshd[2582]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 11 12:53:44 dc1.strobl.lan polkitd[713]: Registered Authentication Agent for unix-process:2601:37708 (system bus name :1.20 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop
Feb 11 12:53:44 dc1.strobl.lan polkitd[713]: Unregistered Authentication Agent for unix-process:2601:37708 (system bus name :1.20, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_AT
Feb 11 12:53:49 dc1.strobl.lan polkitd[713]: Registered Authentication Agent for unix-process:2607:38184 (system bus name :1.21 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid argument.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Starting System Security Services Daemon...
-- Subject: Unit sssd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit sssd.service has begun starting up.
Feb 11 12:53:49 dc1.strobl.lan sssd[2613]: SSSD couldn't load the configuration database [5]: Input/output error.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: sssd.service: control process exited, code=exited status=4
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Failed to start System Security Services Daemon.
-- Subject: Unit sssd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit sssd.service has failed.
-- 
-- The result is failed.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Unit sssd.service entered failed state.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: sssd.service failed.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Reached target User and Group Name Lookups.
-- Subject: Unit nss-user-lookup.target has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit nss-user-lookup.target has finished starting up.
-- 
-- The start-up result is done.
Feb 11 12:53:49 dc1.strobl.lan systemd[1]: Starting User and Group Name Lookups.
-- Subject: Unit nss-user-lookup.target has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit nss-user-lookup.target has begun starting up.
Feb 11 12:53:49 dc1.strobl.lan polkitd[713]: Unregistered Authentication Agent for unix-process:2607:38184 (system bus name :1.21, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_AT
lines 2353-2408/2408 (END)

Hope this helps!

Steve

This looks strange!

Could you paste /etc/sssd/sssd.conf?

Then try to run sssd in debug mode, to catch what it spits out

  /usr/sbin/sssd -i -d7

/edit you said you installed on centos

Could you also paste the output of

 grep -E '(ERROR|FAIL)' /var/log/messages*

Hallo @davidep!

/etc/sssd/sssd.conf is empty!

[root@dc1 sssd]# /usr/sbin/sssd -i -d7
(Sat Feb 11 15:33:07:583606 2017) [sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory].
(Sat Feb 11 15:33:07:591713 2017) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
(Sat Feb 11 15:33:07:824274 2017) [sssd] [sss_ini_get_config] (0x0010): Failed to parse configuration. Error 5.
(Sat Feb 11 15:33:07:824473 2017) [sssd] [sss_ini_get_config] (0x0010): Errors detected while parsing: /etc/sssd/sssd.conf
(Sat Feb 11 15:33:07:824754 2017) [sssd] [sss_ini_config_print_errors] (0x0010): Error (8) on line 1: Failed to read line.
(Sat Feb 11 15:33:07:824989 2017) [sssd] [confdb_init_db] (0x0010): Failed to load configuration
(Sat Feb 11 15:33:07:825301 2017) [sssd] [confdb_setup] (0x0010): ConfDB initialization has failed [5]: Input/output error
(Sat Feb 11 15:33:07:825558 2017) [sssd] [load_configuration] (0x0010): Unable to setup ConfDB [5]: Input/output error
(Sat Feb 11 15:33:07:825732 2017) [sssd] [main] (0x0020): SSSD couldn’t load the configuration database.
[root@dc1 sssd]#

[root@dc1 sssd]# grep -E ‘(ERROR|FAIL)’ /var/log/messages*
Feb 11 11:27:22 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9
Feb 11 11:40:24 dc1 systemd: nsdc.service: main process exited, code=exited, status=1/FAILURE
Feb 11 11:40:24 dc1 systemd: nsdc.service: main process exited, code=exited, status=1/FAILURE
Feb 11 11:40:24 dc1 S02nethserver-dc-create-bridge: Action: /etc/e-smith/events/actions/adjust-services FAILED: 1 [2.250634]
Feb 11 11:40:50 dc1 S02nethserver-dc-create-bridge: Event: interface-update FAILED
Feb 11 11:40:50 dc1 esmith::event[10731]: Action: /etc/e-smith/events/nethserver-dc-save/S02nethserver-dc-create-bridge FAILED: 1 [51.312104]
Feb 11 11:42:16 dc1 esmith::event[10731]: [ERROR] DC join failed
Feb 11 11:42:16 dc1 esmith::event[10731]: Action: /etc/e-smith/events/nethserver-dc-save/S96nethserver-dc-join FAILED: 1 [20.507848]
Feb 11 11:42:39 dc1 esmith::event[10731]: Event: nethserver-dc-save FAILED
Feb 11 11:43:18 dc1 httpd: [ERROR] NethServer\Tool\GroupProvider: AccountProvider_Error_1
Feb 11 11:43:18 dc1 httpd: [ERROR] Traceback (most recent call last):#012 File “”, line 3, in #012KeyError: ‘SECRETS/MACHINE_PASSWORD/WORKGROUP’#012Traceback (most recent call last):#012 File “”, line 3, in #012KeyError: ‘SECRETS/MACHINE_PASSWORD/WORKGROUP’#012(1) 00002020: Operation unavailable without authentication
Feb 11 11:43:23 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9
Feb 11 11:44:28 dc1 httpd: [ERROR] NethServer\Tool\GroupProvider: AccountProvider_Error_1
Feb 11 11:44:28 dc1 httpd: [ERROR] Traceback (most recent call last):#012 File “”, line 3, in #012KeyError: ‘SECRETS/MACHINE_PASSWORD/WORKGROUP’#012Traceback (most recent call last):#012 File “”, line 3, in #012KeyError: ‘SECRETS/MACHINE_PASSWORD/WORKGROUP’#012(1) 00002020: Operation unavailable without authentication
Feb 11 11:44:33 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9
Feb 11 12:46:29 dc1 admin-todos: [ERROR] admin-todos: /etc/nethserver/todos.d/20admin-user exit code 9
Feb 11 12:46:40 dc1 httpd: [ERROR] NethServer\Tool\UserProvider: AccountProvider_Error_1
Feb 11 12:46:40 dc1 httpd: [ERROR] Traceback (most recent call last):#012 File “”, line 3, in #012KeyError: ‘SECRETS/MACHINE_PASSWORD/WORKGROUP’#012Traceback (most recent call last):#012 File “”, line 3, in #012KeyError: ‘SECRETS/MACHINE_PASSWORD/WORKGROUP’#012(1) 00002020: Operation unavailable without authentication

Thank you for your effort in advance!

Steve

1 Like

Quite strange.
Type:
expand-template /etc/sssd/sssd.conf
to re-create it.
I’m not sure it will be enough to fix the problem.

Did not fix the problem, but now we have a config:

root@dc1 sssd]# less sssd.conf

================= DO NOT MODIFY THIS FILE =================

Manual changes will be lost when this file is regenerated.

Please read the developer’s guide, which is available

at https://dev.nethesis.it/projects/nethserver/wiki/NethServer

original work from http://www.contribs.org/development/

Copyright © 2013 Nethesis S.r.l.

http://www.nethesis.it - support@nethesis.it

[sssd]
domains = strobl.lan, legacy
config_file_version = 2
services = nss, pam

[domain/strobl.lan]
use_fully_qualified_names = True
id_provider = ad
access_provider = ad
ad_domain = strobl.lan
krb5_realm = STROBL.LAN
krb5_store_password_if_offline = True
ldap_id_mapping = True
ad_maximum_machine_account_password_age = 0
cache_credentials = True
override_homedir = /var/lib/nethserver/home/%u
default_shell = /usr/libexec/openssh/sftp-server
realmd_tags = manages-system joined-with-samba

[domain/legacy]
use_fully_qualified_names = False
id_provider = ad
access_provider = ad
ad_domain = strobl.lan
krb5_realm = STROBL.LAN
krb5_store_password_if_offline = True
ldap_id_mapping = True
ad_maximum_machine_account_password_age = 0
cache_credentials = True
override_homedir = /var/lib/nethserver/home/%u
default_shell = /usr/libexec/openssh/sftp-server

[nss]
sssd.conf (END)

An empty sssd.conf means no DC start procedure was run.

Did you repeat the DC configuration from Accounts provider page, after the “factory reset” procedure?

Factory reset stops and cleans up the DC config and accounts DB. You need to start again the DC thereafter.

I know it’s complex. We’re working to simplify this!

Hi!

I followed the instructions on this page exactly until the error occurs.
Which is the place where i start the DC and then open the user and groups to enable admin.
Here the error occurs!

I did the Start the DC for sure.

After that the systems state was the described in the messages above.

So should i do a factory reset and then try to restart the DC?

I only want to make sure, that we do not mess up the system completely…

After this reconfiguration i restartet the sssd service and found the following 2 new log-entries:

[root@dc1 ~]# systemctl status sssd.service
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: failed (Result: exit-code) since Sam 2017-02-11 17:58:33 CET; 2h 5min ago
Process: 3429 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=1/FAILURE)

Feb 11 17:58:31 dc1.strobl.lan sssd[pam][3442]: Starting up
Feb 11 17:58:32 dc1.strobl.lan sssd[be[legacy]][3443]: Starting up
Feb 11 17:58:32 dc1.strobl.lan sssd[be[strobl.lan]][3444]: Starting up
Feb 11 17:58:33 dc1.strobl.lan sssd[be[legacy]][3443]: Failed to read keytab [default]: Datei oder Verzeichnis nicht gefunden
Feb 11 17:58:33 dc1.strobl.lan sssd[be[strobl.lan]][3444]: Failed to read keytab [default]: Datei oder Verzeichnis nicht gefunden
Feb 11 17:58:33 dc1.strobl.lan sssd[3430]: Exiting the SSSD. Could not restart critical service [legacy].
Feb 11 17:58:33 dc1.strobl.lan systemd[1]: sssd.service: control process exited, code=exited status=1
Feb 11 17:58:33 dc1.strobl.lan systemd[1]: Failed to start System Security Services Daemon.
Feb 11 17:58:33 dc1.strobl.lan systemd[1]: Unit sssd.service entered failed state.
Feb 11 17:58:33 dc1.strobl.lan systemd[1]: sssd.service failed.

[root@dc1 ~]# journalctl -xe
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit session-10.scope has begun starting up.
Feb 11 20:01:01 dc1.strobl.lan CROND[3550]: (root) CMD (run-parts /etc/cron.hourly)
Feb 11 20:01:01 dc1.strobl.lan run-parts(/etc/cron.hourly)[3553]: starting 0anacron
Feb 11 20:01:01 dc1.strobl.lan run-parts(/etc/cron.hourly)[3559]: finished 0anacron
Feb 11 20:01:01 dc1.strobl.lan systemd[1]: Removed slice user-0.slice.
– Subject: Unit user-0.slice has finished shutting down
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit user-0.slice has finished shutting down.
Feb 11 20:01:01 dc1.strobl.lan systemd[1]: Stopping user-0.slice.
– Subject: Unit user-0.slice has begun shutting down
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit user-0.slice has begun shutting down.
Feb 11 20:03:21 dc1.strobl.lan sshd[3563]: reverse mapping checking getaddrinfo for macbook-strobl [10.0.0.50] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 11 20:03:25 dc1.strobl.lan sshd[3563]: Accepted password for root from 10.0.0.50 port 64486 ssh2
Feb 11 20:03:25 dc1.strobl.lan systemd[1]: Created slice user-0.slice.
– Subject: Unit user-0.slice has finished start-up
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit user-0.slice has finished starting up.

– The start-up result is done.
Feb 11 20:03:25 dc1.strobl.lan systemd[1]: Starting user-0.slice.
– Subject: Unit user-0.slice has begun start-up
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit user-0.slice has begun starting up.
Feb 11 20:03:25 dc1.strobl.lan systemd-logind[729]: New session 11 of user root.
– Subject: A new session 11 has been created for user root
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
– Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat

– A new session with the ID 11 has been created for the user root.

– The leading process of the session is 3563.
Feb 11 20:03:25 dc1.strobl.lan systemd[1]: Started Session 11 of user root.
– Subject: Unit session-11.scope has finished start-up
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit session-11.scope has finished starting up.

– The start-up result is done.
Feb 11 20:03:25 dc1.strobl.lan systemd[1]: Starting Session 11 of user root.
– Subject: Unit session-11.scope has begun start-up
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit session-11.scope has begun starting up.
Feb 11 20:03:25 dc1.strobl.lan sshd[3563]: pam_unix(sshd:session): session opened for user root by (uid=0)

Many thanks for your effort!
Steve

1 Like

Exactly, I confirm!

AFAIK it’s a reproducible procedure: can run multiple times.

Two things I noticed on your system:

  • CentOS install
  • German system language (?) I always ran DC in English systems. Some messages are expected in English, I’m afraid a different system language could find problems! I’ll try to reproduce this condition next week.

To change the system language see

 localectl

https://www.freedesktop.org/software/systemd/man/localectl.html

Ok, so I will do a factory reset, change the os language to English and restart the DC.

Kind regards
Steve

1 Like

Hi @ all of you!

finally i managed to get the DC running!

Thank you so much @davidep and @filippo_carletti!
You guy’s are great!

What i did:

  1. Change locale to en_US
  2. Factory reset the DC
  3. expand-template /etc/sssd/sssd.conf
  4. restart DC

Now it works fine!

Thank you all once again!

Best regards
Steve

3 Likes

It seems the problem originated from this bug:

The system language and nethserver-dc should not responsible for it!

Workaround

run the following command after nethserver-install

signal-event system-init

8 posts were split to a new topic: AccountProvider_Error_1