LDAP client internal error (AccountProvider_Error_82)

NethServer Version: 7.5
Module: LADP Client

Hi, getting the above error on the Users page and not seeing any users listed.

Everything else seems ok.

Where should I start to diagnose the problem from? Still quite new to Nethserver.

Thanks

John

Seeing this in the LDAP Child logs

(Mon Jul 9 08:30:48 2018) [[sssd[ldap_child[8743]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:30:48 2018) [[sssd[ldap_child[8746]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:32:06 2018) [[sssd[ldap_child[8859]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:32:06 2018) [[sssd[ldap_child[8864]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’

Hi John,

did you shorten it or may this be the error? Usually NS samba domain names are like AD.DOMAIN.TLD.

Please post the output of the following commands to check the config:

config show sssd
config show dns
config show nsdc
cat /etc/hosts
cat /etc/krb5.conf

Another method is to just uninstall and reinstall the account provider. If it’s a test machine, that’s the way to go.

There are some other threads about this topic:

https://community.nethserver.org/search?q=Cannot%20contact%20any%20KDC%20for%20realm
https://community.nethserver.org/search?q=account%20provider%20error%2082

1 Like

No I shortened the log entries. It is in the form ad.domain.tld in the logs.

No this is my live server at home so can’t reinstall.

Will run the commands and post back shortly.

config show sssd

sssd=service
AdDns=192.168.1.4
BindDN=ldapservice@AD.***.CO.UK
BindPassword=***
DiscoverDcType=dns
LdapURI=
Provider=ad
Realm=AD.***.CO.UK
Workgroup=***
status=enabled

config show dns

NameServers=208.67.222.222,208.67.220.220

config show nsdc

nsdc=service
IpAddress=192.168.1.4
ProvisionType=newdomain
bridge=br0
status=enabled

#
# 10localhost
#
127.0.0.1       localhost       localhost.localdomain


#
# 20hostname(s)
#
192.168.1.3             remote.***.co.uk remote remote.ad.***.co.uk



#
# 30hosts_remote
#
192.168.1.2        esxi.***.co.uk esxi


#
# 40hosts_local
#
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_ccache_name = KEYRING:persistent:%{uid}

 default_realm = AD.***.CO.UK
[realms]
 AD.***.CO.UK = {
 }

[domain_realm]
 ad.***.co.uk = AD.***.CO.UK
 .ad.***.co.uk = AD.***.CO.UK

Solved it by simply restarting the NSDC service…

2 Likes

Glad it works again. Please mark your solution, so other people will find the solution easily:

for me too as mentioned:

:partying_face: