Cannot view/add Users

EddieA · October 29, 2021, 6:34pm

On the “old” UI, I get the following, in red, at the top of the page: * Account provider generic error: SSSD exit code 1

On the cockpit UI, it just says “No users found”.

Looking in the logs I see:

Oct 29 11:28:43 Nethserver httpd: [ERROR] NethServer\Tool\UserProvider: Account provider generic error: SSSD exit code 1
Oct 29 11:28:43 Nethserver httpd: [ERROR] Could not resolve domain bogolinux.net
...
Oct 29 11:29:56 Nethserver cockpit-bridge: Could not resolve domain bogolinux.net

Yet my domain is bogolinux.net.

Selecting Domain accounts in the “old” UI gives:

NetBIOS domain name: DISCWORLD
LDAP server: 192.168.0.253
LDAP server name: nsdc-nethserver.bogolinux.net
Realm: BOGOLINUX.NET
Bind Path: dc=BOGOLINUX,dc=NET
LDAP port: 389
Server time: Fri, 29 Oct 2021 11:36:41 PDT
KDC server: 192.168.0.253
Server time offset: 0
Last machine account password change: Fri, 03 Mar 2017 16:15:43 PST

kinit: Cannot find KDC for realm "BOGOLINUX.NET" while getting initial credentials
kinit: Cannot find KDC for realm "BOGOLINUX.NET" while getting initial credentials

Cheers.

Andy_Wismer · October 29, 2021, 6:58pm

@EddieA

Hi Eddie

I’ve had that error several times in the past, at home and at some of my 30 clients.
Often unexpected, out of the blue. Sure some were recently modified, had an update or whatever. But often erroneous errors on the system, working a day earlier with no issues…

What almost always helped was doing a config restore, after confirming I had a good backup.

First verify backup status.
Delete your account provider
Restore an earlier config. This will reinstall the account provider - hopefully with the right, working config.
Reboot, and verify account provider is working, along with users and groups showing up.

Good Luck!

My 2 cents
Andy

The one where this did NOT help was where there was a dead disk in the Proxmox underneath…
Proxmox rarely need a reboot, and until then the disk “seemed” to work, while it did not!
We had to restore two days earlier from Proxmox backup, the later NethServer where partially worse corrupt…

EddieA · October 29, 2021, 7:11pm

Sorry, deliberately destroying a current configuration and restoring is not a solution.

Andy_Wismer · October 29, 2021, 7:17pm

A configuration replenished is neither destroying data, nor is it changing configuration at all.

All my customers having this issue confirm that for them this was a fast working repair.
I’ve also done this often enough to trust NethServers installation / reinstallation - or I would not use NethServer if I did not trust or verify a working disaster recovery.

But enjoy your solution, obviously the problem came from the same source or state…

To para-quote a pointy eared TV-Vulcan:
“A difference which makes no difference is not a difference…”

Ref: Alfred Korzybski | Memory Beta, non-canon Star Trek Wiki | Fandom

My 2 cents
Andy

EddieA · October 29, 2021, 7:26pm

This tells me to delete data.

But you just told me to delete something.

Obviously it is if it doesn’t work before hand and does after.

Who’s to say the “issue” isn’t now currently baked into my backups.

Which contradicts what you say earlier that restoring will fix my issue. Isn’t that a difference.

Andy_Wismer · October 29, 2021, 7:43pm

There are quite a few posts here on this forum which I have given the same advice, and one also had a disk error (actually both disks in the raid were defective!), for the others they confirmed it worked…

Deleting a defective configuration is NOT deleting the configuration that you (assumingly?) created, resulting in a working AD. At the moment you don’t have a working AD, and I don’t recall you telling about any vast modifications or stubborn updates done earlier…

It’s a fast way of restoring a working condition without any risk of losing data. You should have a working backup anyways!

I do planning, operating and support for about 30 clients, all using NethServer as AD in Proxmox.
As such I’m paranoid about trustworthy backups.

Proxmox backups all systems running on Proxmox.
Each System does their own Backups.
Trustworthy backups are ones where I’ve personally done a test or trial restore.
Backup Systems (NAS et Al) have their own independent backups, eg to a USB3 Disk
Backups “Offsite”.
Besides 1st generation, all other are untouchable from a windows system.

There’s an old german saying:
Trust is good, double checking is better!
I think that can be attributed to Josef, better known as Stalin!

But it’s never a bad idea to test a backup!

And it’s extremly rock solid protection against cryptolocking!

My 2 cents
Andy

EddieA · October 30, 2021, 2:41am

Ha. Turns out it was a slight misconfigure as a consequence of this.

The key part was this:

Oct 29 11:28:43 Nethserver httpd: [ERROR] Could not resolve domain bogolinux.net
...
Oct 29 11:29:56 Nethserver cockpit-bridge: Could not resolve domain bogolinux.net

This being a re-herring:

Oct 29 11:28:43 Nethserver httpd: [ERROR] NethServer\Tool\UserProvider: Account provider generic error: SSSD exit code 1

As I still have that message, but everything works correctly.

Cheers.