All Groups and User in AD lost

capote · October 31, 2023, 9:33am

NethServer Version: 7.9

Hello,
Since my DokuWiki login is no longer working, I looked in my user/group administration.
You can imagine my shock: all groups and users are missing.

Log entries:

Within the old server manager–> Domain Accounts, I got:

NetBIOS domain name: DAHO
ads_connect: No logon servers are currently available to service the logon request.
ads_connect: No logon servers are currently available to service the logon request.
Didn't find the ldap server!

kinit: Cannot contact any KDC for realm 'AD.HOME.DARGELS.DE' while getting initial credentials
kinit: Cannot contact any KDC for realm 'AD.HOME.DARGELS.DE' while getting initial credentials
ads_connect: No logon servers are currently available to service the logon request.
ads_connect: No logon servers are currently available to service the logon request.

What can I do to fix it?

Sincerely, MArko

dnutan · October 31, 2023, 10:47am

Caused by SSSD service stopped.
The log shows something about a duplicate IP (unaware if related to the error or not).

For me, SSSD errors are usually hard to diagnose.

Andy shared a quick way to get AD working again by restoring config

capote · October 31, 2023, 10:59am

This one: Can't access all my shared folder - #10 by Andy_Wismer?

dnutan · October 31, 2023, 11:03am

Yes.

But first, just in case it is something easier, you might want to check which IP is duplicated (make sure it is not colliding with AD or container IP) and check sssd service status with systemctl (to get a bit more info on the cause), and try to restart sssd.

capote · October 31, 2023, 11:58am

systemctl status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-10-31 10:23:30 CET; 2h 31min ago
 Main PID: 17767 (sssd)
   CGroup: /system.slice/sssd.service
           ├─17767 /usr/sbin/sssd -i --logger=files
           ├─17771 /usr/libexec/sssd/sssd_be --domain home.dargels.de --uid 0 --gid 0 --logger=files
           ├─17772 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
           └─17773 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

Oct 31 10:23:29 DAHO-Nethserver.home.dargels.de systemd[1]: Starting System Security Services Daemon...
Oct 31 10:23:29 DAHO-Nethserver.home.dargels.de sssd[sssd][17767]: Starting up
Oct 31 10:23:29 DAHO-Nethserver.home.dargels.de sssd[be[home.dargels.de]][17771]: Starting up
Oct 31 10:23:30 DAHO-Nethserver.home.dargels.de sssd[nss][17772]: Starting up
Oct 31 10:23:30 DAHO-Nethserver.home.dargels.de sssd[pam][17773]: Starting up
Oct 31 10:23:30 DAHO-Nethserver.home.dargels.de systemd[1]: Started System Security Services Daemon.
Oct 31 10:23:31 DAHO-Nethserver.home.dargels.de sssd[be[home.dargels.de]][17771]: Backend is offline

I have already searched my eyes, I find (and I claim there are none) duplicate IP address. The DHCP, DNS are provided by OPNSense.
In the NS-DNS I have made the identical entries again.
There could have been transfer errors, but I have already checked that. Either I have tomatoes on the eyes, or there are really none.

dnutan · October 31, 2023, 12:31pm

other related services are nsdc and dnsmasq.
IPv6 ?

OK. Just glanced it on the logs, but seems it was reported earlier by snmp.

capote · October 31, 2023, 4:26pm

today

 cat messages | grep snmp
Oct 30 09:19:52 DAHO-Nethserver snmpd[1015]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 30 09:19:54 DAHO-Nethserver snmpd[1015]: NET-SNMP version 5.7.2
Oct 30 09:29:20 DAHO-Nethserver snmpd[1015]: IfIndex of an interface changed. Such interfaces will appear multiple times in IF-MIB.
Oct 31 00:16:03 DAHO-Nethserver snmpd[999]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 31 00:16:05 DAHO-Nethserver snmpd[999]: NET-SNMP version 5.7.2
Oct 31 00:26:26 DAHO-Nethserver snmpd[999]: Received TERM or STOP signal...  shutting down...
Oct 31 00:29:03 DAHO-Nethserver snmpd[1008]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 31 00:29:05 DAHO-Nethserver snmpd[1008]: NET-SNMP version 5.7.2
Oct 31 09:50:16 DAHO-Nethserver snmpd[1000]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 31 09:50:17 DAHO-Nethserver snmpd[1000]: NET-SNMP version 5.7.2

earlier

cat messages-20231029 | grep snmp
Oct 23 02:13:45 DAHO-Nethserver snmpd[1022]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 23 02:13:46 DAHO-Nethserver snmpd[1022]: NET-SNMP version 5.7.2
Oct 23 16:04:59 DAHO-Nethserver snmpd[998]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 23 16:05:01 DAHO-Nethserver snmpd[998]: NET-SNMP version 5.7.2
Oct 23 16:40:46 DAHO-Nethserver snmpd[992]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 23 16:40:47 DAHO-Nethserver snmpd[992]: NET-SNMP version 5.7.2
Oct 23 17:23:23 DAHO-Nethserver snmpd[1004]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 23 17:23:24 DAHO-Nethserver snmpd[1004]: NET-SNMP version 5.7.2
Oct 23 18:44:57 DAHO-Nethserver snmpd[1008]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 23 18:44:58 DAHO-Nethserver snmpd[1008]: NET-SNMP version 5.7.2
Oct 29 16:11:20 DAHO-Nethserver snmpd[1004]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 29 16:11:22 DAHO-Nethserver snmpd[1004]: NET-SNMP version 5.7.2

cat messages-20231022 | grep snmp
Oct 15 17:51:23 DAHO-Nethserver snmpd[1023]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 15 17:51:25 DAHO-Nethserver snmpd[1023]: NET-SNMP version 5.7.2
Oct 22 00:05:52 DAHO-Nethserver snmpd[1029]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 22 00:05:54 DAHO-Nethserver snmpd[1029]: NET-SNMP version 5.7.2

cat messages-20231011| grep snmp
Sep 24 23:04:10 DAHO-Nethserver snmpd[1009]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Sep 24 23:04:12 DAHO-Nethserver snmpd[1009]: NET-SNMP version 5.7.2
Oct 10 23:00:18 DAHO-Nethserver snmpd[1006]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Oct 10 23:00:19 DAHO-Nethserver snmpd[1006]: NET-SNMP version 5.7.2
[root@DAHO-Nethserver log]# cat messages-20230924 | grep snmp
Sep 22 04:44:40 DAHO-Nethserver yum[14099]: Updated: net-snmp-libs.x86_64 1:5.7.2-49.el7_9.3
Sep 22 04:44:40 DAHO-Nethserver yum[14099]: Updated: net-snmp-agent-libs.x86_64 1:5.7.2-49.el7_9.3
Sep 22 04:44:43 DAHO-Nethserver yum[14099]: Updated: net-snmp.x86_64 1:5.7.2-49.el7_9.3
Sep 22 04:44:43 DAHO-Nethserver yum[14099]: Updated: net-snmp-utils.x86_64 1:5.7.2-49.el7_9.3
Sep 22 04:46:41 DAHO-Nethserver snmpd[1036]: Received TERM or STOP signal...  shutting down...
Sep 22 04:46:46 DAHO-Nethserver snmpd[10490]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Sep 22 04:46:47 DAHO-Nethserver snmpd[10490]: NET-SNMP version 5.7.2
Sep 22 04:51:43 DAHO-Nethserver nms: PUTNOTIF host=DAHO-Nethserver.home.dargels.de plugin=service plugin_instance=snmpd type=stopped severity=okay time=1695205564 message="snmpd is running"
Sep 22 04:51:43 DAHO-Nethserver nms: PUTNOTIF host=DAHO-Nethserver.home.dargels.de plugin=service plugin_instance=snmpd type=stopped severity=failure time=1695350801 message="snmpd is stopped"
Sep 23 23:28:46 DAHO-Nethserver snmpd[995]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Sep 23 23:28:47 DAHO-Nethserver snmpd[995]: NET-SNMP version 5.7.2

cat messages-20230920 | grep snmp
Sep 14 09:45:23 DAHO-Nethserver snmpd[1035]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Sep 14 09:45:28 DAHO-Nethserver snmpd[1035]: NET-SNMP version 5.7.2
Sep 15 05:43:43 DAHO-Nethserver snmpd[1026]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Sep 15 05:43:44 DAHO-Nethserver snmpd[1026]: NET-SNMP version 5.7.2
Sep 20 12:26:00 DAHO-Nethserver snmpd[1036]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Sep 20 12:26:02 DAHO-Nethserver snmpd[1036]: NET-SNMP version 5.7.2

cat messages-20230806 | grep snmp
Aug  2 06:00:48 DAHO-Nethserver nms: PUTNOTIF host=DAHO-Nethserver.home.dargels.de plugin=service plugin_instance=snmpd type=stopped severity=okay time=1689495400 message="snmpd is running"
Aug  2 13:10:28 DAHO-Nethserver snmpd[1003]: Received TERM or STOP signal...  shutting down...
Aug  2 13:12:29 DAHO-Nethserver snmpd[1035]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Aug  2 13:12:30 DAHO-Nethserver snmpd[1035]: NET-SNMP version 5.7.2
Aug  2 20:31:35 DAHO-Nethserver snmpd[1041]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Aug  2 20:31:37 DAHO-Nethserver snmpd[1041]: NET-SNMP version 5.7.2
Aug  4 02:11:19 DAHO-Nethserver snmpd[1012]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Aug  4 02:11:20 DAHO-Nethserver snmpd[1012]: NET-SNMP version 5.7.2
Aug  4 23:57:25 DAHO-Nethserver snmpd[1017]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Aug  4 23:57:26 DAHO-Nethserver snmpd[1017]: NET-SNMP version 5.7.2

big jump back

[root@DAHO-Nethserver log]# cat messages-20230402 | grep snmp
Mar 27 18:55:17 DAHO-Nethserver snmpd[989]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Mar 27 18:55:19 DAHO-Nethserver snmpd[989]: NET-SNMP version 5.7.2
Mar 31 00:00:59 DAHO-Nethserver snmpd[1001]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Mar 31 00:01:00 DAHO-Nethserver snmpd[1001]: NET-SNMP version 5.7.2

bigger jump back


[root@DAHO-Nethserver log]# cat messages-20230101 | grep snmp
Dec 27 17:26:10 DAHO-Nethserver snmpd[1012]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Dec 27 17:26:12 DAHO-Nethserver snmpd[1012]: NET-SNMP version 5.7.2
Dec 27 19:00:29 DAHO-Nethserver snmpd[1025]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Dec 27 19:00:31 DAHO-Nethserver snmpd[1025]: NET-SNMP version 5.7.2

jump to the 1st log

[root@DAHO-Nethserver log]# cat messages-20220918 | grep snmp
Sep 17 04:39:20 DAHO-Nethserver snmpd[1021]: Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB
Sep 17 04:39:21 DAHO-Nethserver snmpd[1021]: NET-SNMP version 5.7.2

I hope you can read more from this than I can.
I only see that an alleged duplicate IP address has always been complained about.

Thank you, Marko

capote · October 31, 2023, 4:30pm

systemctl status nsdc
● nsdc.service - NethServer Domain Controller container
   Loaded: loaded (/usr/lib/systemd/system/nsdc.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-10-31 09:50:16 CET; 7h ago
     Docs: man:systemd-nspawn(1)
 Main PID: 988 (systemd-nspawn)
   Status: "Container running."
   CGroup: /machine.slice/nsdc.service
           ├─ 988 /usr/bin/systemd-nspawn --quiet --keep-unit --boot --network-bridge=br0 --machine=nsdc --capability...
           ├─1005 /usr/lib/systemd/systemd
           └─system.slice
             ├─console-getty.service
             │ └─1527 /sbin/agetty --noclear --keep-baud console 115200,38400,9600 vt220
             ├─systemd-logind.service
             │ └─1518 /usr/lib/systemd/systemd-logind
             ├─dbus.service
             │ └─1438 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
             ├─ntpd.service
             │ └─1495 /usr/sbin/ntpd -u ntp:ntp -g
             └─systemd-journald.service
               └─1235 /usr/lib/systemd/systemd-journald

Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: [  OK  ] Started Network Service.
Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: [  OK  ] Reached target Network.
Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: [  OK  ] Started Samba domain controller daemon.
Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: [  OK  ] Started Login Service.
Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: [  OK  ] Reached target Multi-User System.
Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: [  OK  ] Reached target Graphical Interface.
Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: Starting Update UTMP about System Runlevel Ch......
Oct 31 09:50:19 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: [  OK  ] Started Update UTMP about System Run...es.
Oct 31 09:50:20 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: CentOS Linux 7 (Core)
Oct 31 09:50:20 DAHO-Nethserver.home.dargels.de systemd-nspawn[988]: Kernel 3.10.0-1160.102.1.el7.x86_64 on an x86_64
Hint: Some lines were ellipsized, use -l to show in full.

systemctl status dnsmasq
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-10-31 12:50:37 CET; 4h 39min ago
 Main PID: 21971 (dnsmasq)
   CGroup: /system.slice/dnsmasq.service
           └─21971 /usr/sbin/dnsmasq -k

Oct 31 12:50:37 DAHO-Nethserver.home.dargels.de systemd[1]: Started DNS caching server..
Oct 31 12:50:37 DAHO-Nethserver.home.dargels.de dnsmasq[21971]: started, version 2.76 cachesize 4000
Oct 31 12:50:37 DAHO-Nethserver.home.dargels.de dnsmasq[21971]: compile time options: IPv6 GNU-getopt DBus no-i18n...ify
Oct 31 12:50:37 DAHO-Nethserver.home.dargels.de dnsmasq-tftp[21971]: TFTP root is /var/lib/tftpboot
Oct 31 12:50:37 DAHO-Nethserver.home.dargels.de dnsmasq[21971]: using nameserver 192.168.3.11#53 for domain ad.hom....de
Oct 31 12:50:37 DAHO-Nethserver.home.dargels.de dnsmasq[21971]: using nameserver 192.168.3.1#53
Oct 31 12:50:37 DAHO-Nethserver.home.dargels.de dnsmasq[21971]: read /etc/hosts - 40 addresses
Hint: Some lines were ellipsized, use -l to show in full.

capote · October 31, 2023, 4:36pm

my IPs within /etc/hosts

192.168.3.1        
192.168.3.11       	ad.home.dargels.de ad
192.168.3.11       	nsdc-daho-d5dbc.ad.home.dargels.de
192.168.3.111      
192.168.3.112      
192.168.3.113      
192.168.3.12       
192.168.3.13       
192.168.3.14       
192.168.3.15       
192.168.3.151      
192.168.3.152      
192.168.3.154      
192.168.3.155      
192.168.3.157      
192.168.3.158      
192.168.3.159      
192.168.3.16       
192.168.3.161      
192.168.3.162      
192.168.3.163      
192.168.3.164      
192.168.3.165      
192.168.3.166      
192.168.3.167      
192.168.3.2        
192.168.3.20       
192.168.3.201      
192.168.3.202      
192.168.3.31       
192.168.3.61       
192.168.3.62       
192.168.3.63       
192.168.3.70       
192.168.3.8        
192.168.3.9        
192.168.3.91       
192.168.3.92

Leases on OPNSense (active and inactive):

192.168.3.8
192.168.3.9
192.168.3.12
192.168.3.13
192.168.3.14
192.168.3.15
192.168.3.16
192.168.3.17
192.168.3.20
192.168.3.31
192.168.3.61
192.168.3.62
192.168.3.63
192.168.3.70
192.168.3.80
192.168.3.91
192.168.3.92
192.168.3.110
192.168.3.111
192.168.3.112
192.168.3.113
192.168.3.114
192.168.3.115
192.168.3.151
192.168.3.152
192.168.3.154
192.168.3.155
192.168.3.156
192.168.3.157
192.168.3.158
192.168.3.159
192.168.3.161
192.168.3.162
192.168.3.163
192.168.3.164
192.168.3.165
192.168.3.166
192.168.3.167
192.168.3.200
192.168.3.201
192.168.3.202
192.168.3.205
192.168.3.210
192.168.3.211

capote · November 1, 2023, 9:54am

ok, I restored the last available cronjob configuration. Users and groups are still not available after that.

Then I restarted the NSCD service. Whoosh, the users and groups are available again.

Thank you, @mrmarkuz, for the hint.