LDAP client internal error (AccountProvider_Error_82)

activedirectory
accounts-provider
v7

(John Savidge) #1

NethServer Version: 7.5
Module: LADP Client

Hi, getting the above error on the Users page and not seeing any users listed.

Everything else seems ok.

Where should I start to diagnose the problem from? Still quite new to Nethserver.

Thanks

John


(John Savidge) #2

Seeing this in the LDAP Child logs

(Mon Jul 9 08:30:48 2018) [[sssd[ldap_child[8743]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:30:48 2018) [[sssd[ldap_child[8746]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:32:06 2018) [[sssd[ldap_child[8859]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:32:06 2018) [[sssd[ldap_child[8864]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’


(Markus Neuberger) #3

Hi John,

did you shorten it or may this be the error? Usually NS samba domain names are like AD.DOMAIN.TLD.

Please post the output of the following commands to check the config:

config show sssd
config show dns
config show nsdc
cat /etc/hosts
cat /etc/krb5.conf

Another method is to just uninstall and reinstall the account provider. If it’s a test machine, that’s the way to go.

There are some other threads about this topic:

https://community.nethserver.org/search?q=Cannot%20contact%20any%20KDC%20for%20realm
https://community.nethserver.org/search?q=account%20provider%20error%2082


(John Savidge) #4

No I shortened the log entries. It is in the form ad.domain.tld in the logs.

No this is my live server at home so can’t reinstall.

Will run the commands and post back shortly.


(John Savidge) #5

config show sssd

sssd=service
AdDns=192.168.1.4
BindDN=ldapservice@AD.***.CO.UK
BindPassword=***
DiscoverDcType=dns
LdapURI=
Provider=ad
Realm=AD.***.CO.UK
Workgroup=***
status=enabled


(John Savidge) #6

config show dns

NameServers=208.67.222.222,208.67.220.220


(John Savidge) #7

config show nsdc

nsdc=service
IpAddress=192.168.1.4
ProvisionType=newdomain
bridge=br0
status=enabled


(John Savidge) #8
#
# 10localhost
#
127.0.0.1       localhost       localhost.localdomain


#
# 20hostname(s)
#
192.168.1.3             remote.***.co.uk remote remote.ad.***.co.uk



#
# 30hosts_remote
#
192.168.1.2        esxi.***.co.uk esxi


#
# 40hosts_local
#

(John Savidge) #9
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_ccache_name = KEYRING:persistent:%{uid}

 default_realm = AD.***.CO.UK
[realms]
 AD.***.CO.UK = {
 }

[domain_realm]
 ad.***.co.uk = AD.***.CO.UK
 .ad.***.co.uk = AD.***.CO.UK

(John Savidge) #10

Solved it by simply restarting the NSDC service…


(Markus Neuberger) #11

Glad it works again. Please mark your solution, so other people will find the solution easily: