yes ping is responding
if i view at the domain account is written this now
NetBIOS domain name: xxx
ads_connect: No logon servers
ads_connect: No logon servers
Didn’t find the ldap server!
ads_connect: No logon servers
Join to domain is not valid: No logon servers
ads_connect: No logon servers
ads_connect: No logon servers
The container seems good, let’s see the “client” side… What does the Server Manager report at page “Status > Domain accounts”?
/cc @support_team
Let’s see dnsmasq:
systemctl status dnsmasq
â dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2016-12-12 20:06:06 CET; 12h ago
Main PID: 1190 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
ââ1190 /usr/sbin/dnsmasq -k
Dec 13 06:08:32 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPREQUEST(br0) 192.168.100.150 00:04:20:2a:50:91
Dec 13 06:08:32 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPACK(br0) 192.168.100.150 00:04:20:2a:50:91 SqueezeboxRadio
Dec 13 07:45:01 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPREQUEST(br0) 192.168.100.109 e8:50:8b:0a:b8:6a
Dec 13 07:45:01 sxxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPACK(br0) 192.168.100.109 e8:50:8b:0a:b8:6a android-2dec71c06455d059
Dec 13 08:17:35 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPDISCOVER(br0) b8:ee:65:ac:37:0b
Dec 13 08:17:35 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPOFFER(br0) 192.168.100.112 b8:ee:65:ac:37:0b
Dec 13 08:17:35 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPREQUEST(br0) 192.168.100.112 b8:ee:65:ac:37:0b
Dec 13 08:17:35 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPACK(br0) 192.168.100.112 b8:ee:65:ac:37:0b Rainer-Notebook
Dec 13 08:18:29 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPREQUEST(br0) 192.168.100.112 b8:ee:65:ac:37:0b
Dec 13 08:18:29 xxx.xxx.xxx dnsmasq-dhcp[1190]: DHCPACK(br0) 192.168.100.112 b8:ee:65:ac:37:0b Rainer-Notebook
What is the nethserver-sssd version?
rpm -q nethserver-sssd
What does this command say?
realm list
Please check also:
host -t SRV _ldap._tcp.$(hostname -d) $(config getprop nsdc IpAddress)
host -t SRV _ldap._tcp.$(hostname -d) 127.0.0.1
What provider do you have? AD container, too?
nethserver-ssd version is nethserver-sssd-1.0.8-1.ns7.noarch
realm list says
compu-max.lan
type: kerberos
realm-name: COMPU-MAX.LAN
domain-name: compu-max.lan
configured: kerberos-member
server-software: active-directory
client-software: winbind
required-package: oddjob-mkhomedir
required-package: oddjob
required-package: samba-winbind-clients
required-package: samba-winbind
required-package: samba-common-tools
login-formats: COMPU-MAX%U
login-policy: allow-any-login
compu-max.lan
type: kerberos
realm-name: COMPU-MAX.LAN
domain-name: compu-max.lan
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U@compu-max.lan
login-policy: allow-realm-logins
host -t SRV _ldap._tcp.$(hostname -d) $(config getprop nsdc IpAddress)
Using domain server:
Name: 192.168.100.1
Address: 192.168.100.1#53
Aliases:
_ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan.
host -t SRV _ldap._tcp.$(hostname -d) $(config getprop nsdc IpAddress)
Using domain server:
Name: 192.168.100.1
Address: 192.168.100.1#53
Aliases:
_ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan.
[root@sbs ~]# Using domain server:
-bash: Using: command not found
[root@sbs ~]# Name: 192.168.100.1
-bash: Name:: command not found
[root@sbs ~]# Address: 192.168.100.1#53
-bash: Address:: command not found
[root@sbs ~]# Aliases:
-bash: Aliases:: command not found
[root@sbs ~]#
[root@sbs ~]# _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan.
-bash: _ldap._tcp.compu-max.lan: command not found
[root@sbs ~]# host -t SRV _ldap._tcp.$(hostname -d) 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
_ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan.
this are entrys from messages during and after the updates:
systemd-nspawn: Failed to create directory /var/lib/machines/nsdc//sys/fs/selinux: Read-only file system
sbs winbindd[2669]: [2016/12/12 11:33:26.593372, 0] …/source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Dec 12 11:33:26 sbs winbindd[2669]: Kinit for SBS$@COMPU-MAX.LAN to access cifs/nsdc-sbs.compu-max.lan@COMPU-MAX.LAN failed: Preauthentication failed
Dec 12 11:33:26 sbs winbindd[2669]: [2016/12/12 11:33:26.939050, 0] …/source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
sbs [sssd[ldap_child[3345]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection.
You said kinit
failed. Let’s see
cat /etc/krb5.conf
dont get it all in one screen, outpost is:
required-package: samba-common-tools login-formats: COMPU-MAX\%U login-policy: allow-any-login compu-max.lan type: kerberos realm-name: COMPU-MAX.LAN domain-name: compu-max.lan configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools login-formats: %U@compu-max.lan login-policy: allow-realm-logins [root@sbs ~]# compu-max.lan realm-name: COMPU-MAX.LAN -bash: compu-max.lan: command not found [root@sbs ~]# type: kerberos -bash: type:: command not found [root@sbs ~]# realm-name: COMPU-MAX.LAN -bash: realm-name:: command not found [root@sbs ~]# domain-name: compu-max.lan -bash: domain-name:: command not found [root@sbs ~]# configured: kerberos-member -bash: configured:: command not found client-software: winbind [root@sbs ~]# server-software: active-directory -bash: server-software:: command not found [root@sbs ~]# client-software: winbind -bash: client-software:: command not found [root@sbs ~]# required-package: oddjob-mkhomedir required-package: samba-winbind-clients required-package: samba-winbind -bash: required-package:: command not found [root@sbs ~]# required-package: oddjob required-package: samba-common-tools login-formats: COMPU-MAX\%U -bash: required-package:: command not found [root@sbs ~]# required-package: samba-winbind-clients -bash: required-package:: command not found compu-max.lan [root@sbs ~]# required-package: samba-winbind type: kerberos realm-name: COMPU-MAX.LAN -bash: required-package:: command not found domain-name: compu-max.lan [root@sbs ~]# required-package: samba-common-tools -bash: required-package:: command not found [root@sbs ~]# login-formats: COMPU-MAX\%U server-software: active-directory -bash: login-formats:: command not found [root@sbs ~]# login-policy: allow-any-login client-software: sssd -bash: login-policy:: command not found required-package: oddjob [root@sbs ~]# compu-max.lan required-package: oddjob-mkhomedir required-package: sssd -bash: compu-max.lan: command not found [root@sbs ~]# type: kerberos -bash: type:: command not found [root@sbs ~]# realm-name: COMPU-MAX.LAN -bash: realm-name:: command not found [root@sbs ~]# domain-name: compu-max.lan -bash: domain-name:: command not found [root@sbs ~]# configured: kerberos-member -bash: configured:: command not found [root@sbs ~]# server-software: active-directory required-package: samba-common-tools login-formats: %U@compu-max.lan -bash: server-software:: command not found [root@sbs ~]# client-software: sssd -bash: client-software:: command not found [root@sbs ~]# required-package: oddjob -bash: required-package:: command not found [root@sbs ~]# required-package: oddjob-mkhomedir -bash: required-package:: command not found [root@sbs ~]# required-package: sssd -bash: required-package:: command not found [root@sbs ~]# required-package: adcli -bash: required-package:: command not found [root@sbs ~]# required-package: samba-common-tools -bash: required-package:: command not found [root@sbs ~]# login-formats: %U@compu-max.lan -bash: login-formats:: command not found [root@sbs ~]# login-policy: allow-realm-logins -bash: login-policy:: command not found [root@sbs ~]# host -t SRV _ldap._tcp.$(hostname -d) $(config getprop nsdc IpAddress) Using domain server: Name: 192.168.100.1 Address: 192.168.100.1#53 Aliases: _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. [root@sbs ~]# host -t SRV _ldap._tcp.$(hostname -d) $(config getprop nsdc IpAddress) Using domain server: Name: 192.168.100.1 Address: 192.168.100.1#53 Aliases: _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. [root@sbs ~]# Using domain server: -bash: Using: command not found [root@sbs ~]# Name: 192.168.100.1 -bash: Name:: command not found [root@sbs ~]# Address: 192.168.100.1#53 -bash: Address:: command not found [root@sbs ~]# Aliases: -bash: Aliases:: command not found [root@sbs ~]# [root@sbs ~]# _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. -bash: _ldap._tcp.compu-max.lan: command not found [root@sbs ~]# host -t SRV _ldap._tcp.$(hostname -d) 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. [root@sbs ~]# host -t SRV _ldap._tcp.$(hostname -d) $(config getprop nsdc IpAddress) Name: 192.168.100.1 Address: 192.168.100.1#53 Aliases: _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. [root@sbs ~]# Using domain server: -bash: Using: command not found Using domain server: Name: 192.168.100.1 Address: 192.168.100.1#53 Aliases: _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. [root@sbs ~]# Using domain server: -bash: Using: command not found [root@sbs ~]# Name: 192.168.100.1 -bash: Name:: command not found [root@sbs ~]# Address: 192.168.100.1#53 -bash: Address:: command not found [root@sbs ~]# Aliases: -bash: Aliases:: command not found [root@sbs ~]# [root@sbs ~]# _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. -bash: _ldap._tcp.compu-max.lan: command not found [root@sbs ~]# [root@sbs ~]# Using domain server: -bash: [root@sbs: command not found [root@sbs ~]# -bash: Using: command not found -bash: -bash:: command not found [root@sbs ~]# [root@sbs ~]# Name: 192.168.100.1 -bash: [root@sbs: command not found [root@sbs ~]# -bash: Name:: command not found -bash: -bash:: command not found [root@sbs ~]# [root@sbs ~]# Address: 192.168.100.1#53 -bash: [root@sbs: command not found [root@sbs ~]# -bash: Address:: command not found -bash: -bash:: command not found [root@sbs ~]# [root@sbs ~]# Aliases: -bash: [root@sbs: command not found [root@sbs ~]# -bash: Aliases:: command not found -bash: -bash:: command not found [root@sbs ~]# [root@sbs ~]# -bash: [root@sbs: command not found [root@sbs ~]# [root@sbs ~]# _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. -bash: [root@sbs: command not found [root@sbs ~]# -bash: _ldap._tcp.compu-max.lan: command not found -bash: -bash:: command not found [root@sbs ~]# [root@sbs ~]# host -t SRV _ldap._tcp.$(hostname -d) 127.0.0.1 -bash: [root@sbs: command not found [root@sbs ~]# Using domain server: -bash: Using: command not found [root@sbs ~]# Name: 127.0.0.1 -bash: Name:: command not found [root@sbs ~]# Address: 127.0.0.1#53 -bash: Address:: command not found [root@sbs ~]# Aliases: -bash: Aliases:: command not found [root@sbs ~]# [root@sbs ~]# _ldap._tcp.compu-max.lan has SRV record 0 100 389 nsdc-sbs.compu-max.lan. -bash: _ldap._tcp.compu-max.lan: command not found [root@sbs ~]# cat /etc/krb5.conf # Configuration snippets may be placed in this directory as well includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM [root@sbs ~]# cat /etc/krb5.conf # Configuration snippets may be placed in this directory as well includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM [root@sbs ~]# cls -bash: cls: command not found
Please comment that line with a #
character, then go back to Server Manager “Domain accounts” page.
Yes, AD container.
realm list:
[root@ns7test ~]# realm list
ns7.lan
type: kerberos
realm-name: NS7.LAN
domain-name: ns7.lan
configured: kerberos-member
server-software: active-directory
client-software: winbind
required-package: oddjob-mkhomedir
required-package: oddjob
required-package: samba-winbind-clients
required-package: samba-winbind
required-package: samba-common-tools
login-formats: NS7\%U
login-policy: allow-any-login
ns7.lan
type: kerberos
realm-name: NS7.LAN
domain-name: ns7.lan
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U@ns7.lan
login-policy: allow-realm-logins
Same line “includedir” in krb5.conf? Do you have the File server module too?
not sure what you mean, sorry
Run the following commands:
cp /etc/krb5.conf /etc/krb5.conf.orig
sed -i 's/includedir/#includedir/' /etc/krb5.conf
diff -u /etc/krb5.conf.orig /etc/krb5.conf
— /etc/krb5.conf.orig 2016-12-13 10:02:44.247340581 +0100
+++ /etc/krb5.conf 2016-12-13 10:02:53.767187443 +0100
@@ -1,5 +1,5 @@
Configuration snippets may be placed in this directory as well
-includedir /etc/krb5.conf.d/
+#includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
Ok now try again the “Domain accounts” page…
NetBIOS domain name: COMPU-MAX
ads_connect: No logon servers
ads_connect: No logon servers
Didn’t find the ldap server!
ads_connect: No logon servers
Join to domain is not valid: No logon servers
ads_connect: No logon servers
ads_connect: No logon servers
My krb5.conf looks identical to @hucky 's.
[root@ns7test samba]# cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
Just a hint for Kai: if you format the copied text with this (red arrow) you get it like mine above.
Much better to read