config show dns
dns=configuration
NameServers=208.67.222.222,208.67.220.220
Those are the OpenDNS servers
config show nsdc
nsdc=service
IpAddress=192.168.100.200
ProvisionType=ns6upgrade
bridge=br0
status=enabled
Looks correct to me
config show sssd
sssd=service
AdDns=192.168.100.200
BindDN=ldapservice@INTERNAL.EXAPMLE.COM
BindPassword=PASSWORD
LdapURI=
Provider=ad
Realm=INTERNAL.EXAMPLE.COM
Workgroup=INTERNAL
status=enabled
Does missing LdapURI hurt anything?
config show smb
smb=service
AdsLdapAccountsBranch=
AdsRealm=
AuditAlias=REMOVED
DeadTime=10080
HomeAdmStatus=disabled
InheritOwner=yes
LogonDrive=Z:
NetbiosAliasList=
OsLevel=35
RoamingProfiles=yes
ServerRole=PDC
ShareAdmStatus=disabled
Sid=S-1-5-21-REMOVED
TCPPorts=139,445
UseClientDriver=yes
UseCups=enabled
WinsServerIP=
access=green
status=enabled
I’m not knowledgeable to see any obvious red flags.
If I was to remove the Accounts Provider and then do a restore, is there a way to just restore the users or would I have to do the full thing all over again?
I did the original upgrade with rsync.
Edit
Greped though /var/log/messages for errors got the following
esmith::event[5888]: Job for sssd.service failed because the control
process exited with error code. See "systemctl status sssd.service" and
"journalctl -xe" for details.
systemctl status sssd.service -l
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: failed (Result: exit-code) since Sun 2018-02-25 06:46:11 CST; 12h ago
Main PID: 6461 (code=exited, status=1/FAILURE)
Feb 25 06:46:10 hostname.internal.example.com sssd[pam][6466]: Starting up
Feb 25 06:46:10 hostname.internal.example.com sssd[nss][6467]: Starting up
Feb 25 06:46:10 hostname.internal.example.com sssd[pam][6468]: Starting up
Feb 25 06:46:11 hostname.internal.example.com sssd[be[internal.example.com]][6469]: Starting up
Feb 25 06:46:11 hostname.internal.example.com sssd[be[internal.example.com]][6469]: Failed to read keytab [default]: No such file or directory
Feb 25 06:46:11 hostname.internal.example.com sssd[6461]: Exiting the SSSD. Could not restart critical service [internal.example.com].
Feb 25 06:46:11 hostname.internal.example.com systemd[1]: sssd.service: main process exited, code=exited, status=1/FAILURE
Feb 25 06:46:11 hostname.internal.example.com systemd[1]: Failed to start System Security Services Daemon.
Feb 25 06:46:11 hostname.internal.example.com systemd[1]: Unit sssd.service entered failed state.
Feb 25 06:46:11 hostname.internal.example.com systemd[1]: sssd.service failed.
Ok so I’m missing a keytab?
here are the only errors I see in journalctl
Feb 25 06:46:51 hostname.internal.example.com admin-todos[7097]: kinit: Client 'hostname$@INTERNAL.EXAMPLE.COM' not found in Kerberos database while getting initial credentials
Feb 25 06:46:51 hostname.internal.example.com admin-todos[7097]: (82) GSSAPI Error (init): Unspecified GSS failure. Minor code may provide more information
Feb 25 06:46:51 hostname.internal.example.com admin-todos[7097]: No Kerberos credentials available (default cache: /tmp/krb5cc_0)
Feb 25 06:47:07 hostname.internal.example.com sudo[7169]: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/list-users
Feb 25 06:47:07 hostname.internal.example.com httpd[4176]: [ERROR] NethServer\Tool\UserProvider: AccountProvider_Error_82
Feb 25 06:47:07 hostname.internal.example.com httpd[4176]: [ERROR] kinit: Client 'hostname$@INTERNAL.EXAMPLE.COM' not found in Kerberos database while getting initial credentials
(82) GSSAPI Error (init): Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: /tmp/krb5cc_0)
Feb 25 06:47:07 hostname.internal.example.com sudo[7173]: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/list-groups
Feb 25 06:47:11 hostname.internal.example.com sudo[7187]: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/bin/net ads info
Feb 25 06:47:11 hostname.internal.example.com sudo[7191]: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/bin/net ads testjoin
Feb 25 06:47:11 hostname.internal.example.com sudo[7195]: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/bin/net ads search -P (&(sAMAccountName=hostname$)(objectCategory=computer)) name sAMAccountName distinguishedName servicePrincipalName objectSid dNSHostName pwdLastSet lastLogon whenCreated whenChanged accountExpires