Copied NSDC - Account provider generic error: SSSD exit code 1

OK it’s not SOGo. I installed a new server copied the nsdc folder and the problem is there too. with a clean AD SOGo works. So something is wrong with my Active Directory.
I get an error on the user list: Account provider generic error: SSSD exit code 1
Looked up several error reports here in the forum.
The command:
/usr/libexec/nethserver/list-users administrator
returns:
(Connection timed out): IO::Socket::INET6: connect: timeout
any idea how i fix my AD?

Is the AD container running?

systemctl status nsdc -l

Do you see errors in /var/log/messages ?

EDIT:

I moved our posts to a new support topic…

yes the container is running, i have it on a second machine. no messages in messages…
i can log into the ad from a windows machine. I can run kinit admnistrator, so the AD is kind of working.
the only problem is that SOGo gets timeout. Can I backup the AD information (User, ACL, …) and import it into a fresh installation?

So you are using remote AD and join a Nethserver with SOGO on it to a second Nethserver AD? Just to fully understand…

Do you have set the same domain names on both servers?

This would be possible with Nethserver backup/restore (disaster recovery).

https://docs.nethserver.org/en/v7/disaster_recovery.html#disaster-recovery

I have one production server and the AD was installed via yum -y install nethserver-dc. this computer has the problmems with AD.

I installed a test server with nethserver-dc and sogo. I copied /var/lib/machines/nsdc from the production server to the test server.

After that I couldn`t login to SOGo, got the “Account provider generic error: SSSD exit code 1” under Management -> users and groups
and the command “/usr/libexec/nethserver/list-users administrator” returns the error message “(Connection timed out): IO::Socket::INET6: connect: timeout”.

Then i deinstalled the domain, deleted /var/lib/machines/nsdc and installed a fresh domain on the testserver. after that sogo worked, no SSSD Id error and thelist-user returned the users.

There must be something wrong with the machine “nsdc” on the production server. I don’t want to delete it, because my user, ACL and Mail would probably get lost.

I need a way to fix the DC installation.

Since I didn’t change any configuration on the test server it can’t a firewall or networking issue.

Any ideas?

Hi

Do you have a working backup of the prod machine?
Is it running native on hardware or virtualized eg with Proxmox?

Both would give you options to recover your system/AD - but also a recovery to what you have at the moment.

Assuming your Production Server is running native, directly on hardware. That means you don’t have options like snapshot or live backup underneath your NethServer, to save the whole box.

I would make - if possible - a clone of that production machine using clonezilla or whatever - to another, spare box or big USB disk… (Just so’s you’re covered, in case a disk dies at the moment or whatever goes wrong.).

You can also then try to transfer the machine using Backup / Restore…
Or repair the AD with config reastore. Make a config save, then delete the AD. Restore the config, that will reinstall the AD, usually working correctly!

My 2 cents
Andy

1 Like

Well, no the complete AD is destroyed. Tried to reinstall the AD by removing nethserver-dc and reinstall it vie config-restore. Didn’t work, tried to install a fresh AD doesn’t worK!
The installation doesn’t create the /var/lib/machines/nsdc.
If i copy an backup, systemctl start nsdc failes with error:
Mar 30 17:57:54 diener.mds4u.local systemd-nspawn[4215]: Failed to create directory /var/lib/machines/nsdc//sys/fs/selinux: Read-only file system
The sssd Service was disabled, why? I enabled it…
Update:
After some typing I got the restore working and now everything is like before.
My AD is still not working correctly:
kinit works
/usr/libexec/nethserver/list-users returns:
(Connection timed out): IO::Socket::INET6: connect: timeout
the :980 shows Generischer Konto-Fehler: SSSD-Exit-Code 1

Any help???

Please check your /etc/fstab if there are options like acl or user_xattr:

You may also try choose an older kernel at boot.

1 Like

Is machines.target running?

systemctl status machines.target

If not, try to start it with:

systemctl start machines.target

If all is working fine enable it with:

systemctl enable machines.target

And then try to reboot and check all is working fine.

2 Likes

yes machines.target is running.
again: most of AD works, I can Login, get the shares from windows, etc.
The only thing that is not working is SOGo.
The only error Message I get is that “Generischer Konto-Fehler: SSSD-Exit-Code 1”
I think it’s an itsy bitsy tiny error in one of the one million config files…
It’s driving me crazy, looked in all log files, messages file, can’t find anything.
What is “SSSD-Exit Code 1”? Which program generates that error and where are its log-files???

I assume logs would be under /var/log/sssd*
journalctl -M nsdc
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html

checked logfiles in /var/log/sssd, nothing

journal… has:
Apr 01 19:54:31 nsdc-diener.ad.mds4u.local samba[25]: …/source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 110
Apr 01 19:55:30 nsdc-diener.ad.mds4u.local systemd[1]: Starting Network Service…
Apr 01 19:55:30 nsdc-diener.ad.mds4u.local systemd-networkd[394]: host0 : Cannot configure IPv4 forwarding for interface host0: Read-only file system
Apr 01 19:55:30 nsdc-diener.ad.mds4u.local systemd-networkd[394]: host0 : Cannot configure IPv6 forwarding for in

Tried most of the commands in the troubleshooting doc and they work.

So again: my AD is basicly working, only SOGo and the console show errors. I need my SOGo to access the mails from outlook and android…

Update:
no the nsdc container generates DNS flooding.
I get “Maximum number of concurrent DNS queries reached (max: 150)”
in /var/log/messages.
After systemctl stop nsdc the messages stop.
Tried to remove nethserver-dc, nethserver-sssd and the rest and reinstall it. doesn’t work.
How can I completly remove the packages including ALL config files, so I can start with a new AD???
this sucks, which I would have stayed with Windows Server…

@ThomasM

Hi

Both Outlook AND Android are IMAP capable - and NethServer mails are accessible with IMAP!
SoGo is not really needed to “access” mail!

Just wanted to inform you, that I’ve very recently (3 weeks ago) migrated a Windows 2003 Server including Exchange to NethServer. NethServer is acting as AD. Groupware is Nextcloud, Mail is simple IMAP…
Clients are mainly Win10, but there are some Win7 and older WinXP still running in their Lab - usually for older DAB Hardware…

These people all used Outlook, and almost all use Androids, only one uses Apple.

Yet - the Boss has 70’000 Mails in Outlook - now on the new System in IMAP on NethServer.
He has his same mails in his Android Handy.
The SQL based ERP Software running on the old Windows 2003 SBS is now running on a Windows 10 PC - virtualized on Proxmox as is the NethServer. The savings on Windows Backup Software alone is over € 2000.-…

And it all works!
Windows, Mac, Linux, iOS and Android - all have access to the Groupware (Mail, Calender & Adressbook) as well as Access to files. Nativ as well as via Web.

This is still WIP (Work in Progress) as - thanks to Coronavirus - supplies are slower and less resources available… But see for yourself:

One can easily see that Zabbix is monitoring and displaying a problem on the PC at around 1 'o clock… (Top right with orange circle) The PC has simply not enough Memory, but I’d attribute this to a PEBKAC (Problem Exists Between Keyboard And Chair). This particular guy likes having around 100 Tabs in Firefox open, easily 100 Mails in Outlook open, and about 20-30 Word documents… (Note: I have one client who beats even this!!!).

The Irony is, that almost all infrastructure is running on Linux, but for one Windows Server, itself virtualized and running on Linux KVM virtualization, Member of an AD Active Directory on Linux NethServer - and the only Problem to be seen is from Windows 10, the current OS from Microsoft!

I’d make an export of all users, and save the whole thing as stated above (Mail directory intact!)
Set up the whole thing virtualized on Proxmox, with at least a NAS as external Backup, if not using it as shared Storage!

That alone would give you an Anytime Live Backup and Recovery, besides Snapshots. Completly independent of what’s running inside, be that a Windows Terminal Server or your NethServer.

Then start fresh, doing snapshots or backups along all “Milestones” achieved…

If you need step by step help, or just simple pointers along the way, don’t hesitate to drop a line!
I’ve often enough (here) proved that I can and will help - and even in extreme cases, that my time frame is very accurate!

My 2 cents
Andy

1 Like