LDAP client internal error (AccountProvider_Error_82)

kiemosan · July 9, 2018, 7:31am

NethServer Version: 7.5
Module: LADP Client

Hi, getting the above error on the Users page and not seeing any users listed.

Everything else seems ok.

Where should I start to diagnose the problem from? Still quite new to Nethserver.

Thanks

John

kiemosan · July 9, 2018, 7:33am

Seeing this in the LDAP Child logs

(Mon Jul 9 08:30:48 2018) [[sssd[ldap_child[8743]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:30:48 2018) [[sssd[ldap_child[8746]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:32:06 2018) [[sssd[ldap_child[8859]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’ (Mon Jul 9 08:32:06 2018) [[sssd[ldap_child[8864]]]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Cannot contact any KDC for realm ‘**********.CO.UK’

mrmarkuz · July 9, 2018, 9:30am

Hi John,

did you shorten it or may this be the error? Usually NS samba domain names are like AD.DOMAIN.TLD.

Please post the output of the following commands to check the config:

config show sssd
config show dns
config show nsdc
cat /etc/hosts
cat /etc/krb5.conf

Another method is to just uninstall and reinstall the account provider. If it’s a test machine, that’s the way to go.

There are some other threads about this topic:

https://community.nethserver.org/search?q=Cannot%20contact%20any%20KDC%20for%20realm
https://community.nethserver.org/search?q=account%20provider%20error%2082

kiemosan · July 9, 2018, 9:57am

No I shortened the log entries. It is in the form ad.domain.tld in the logs.

No this is my live server at home so can’t reinstall.

Will run the commands and post back shortly.

kiemosan · July 9, 2018, 10:37am

config show sssd

sssd=service
AdDns=192.168.1.4
BindDN=ldapservice@AD.***.CO.UK
BindPassword=***
DiscoverDcType=dns
LdapURI=
Provider=ad
Realm=AD.***.CO.UK
Workgroup=***
status=enabled

kiemosan · July 9, 2018, 10:38am

config show dns

NameServers=208.67.222.222,208.67.220.220

kiemosan · July 9, 2018, 10:38am

config show nsdc

nsdc=service
IpAddress=192.168.1.4
ProvisionType=newdomain
bridge=br0
status=enabled

kiemosan · July 9, 2018, 10:39am

#
# 10localhost
#
127.0.0.1       localhost       localhost.localdomain


#
# 20hostname(s)
#
192.168.1.3             remote.***.co.uk remote remote.ad.***.co.uk



#
# 30hosts_remote
#
192.168.1.2        esxi.***.co.uk esxi


#
# 40hosts_local
#

kiemosan · July 9, 2018, 10:40am

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_ccache_name = KEYRING:persistent:%{uid}

 default_realm = AD.***.CO.UK
[realms]
 AD.***.CO.UK = {
 }

[domain_realm]
 ad.***.co.uk = AD.***.CO.UK
 .ad.***.co.uk = AD.***.CO.UK

kiemosan · July 9, 2018, 10:56am

Solved it by simply restarting the NSDC service…

mrmarkuz · July 9, 2018, 11:19am

Glad it works again. Please mark your solution, so other people will find the solution easily:

Zaman · February 17, 2020, 6:16pm

for me too as mentioned: