Remote AD problem

federico.ballarini · June 28, 2019, 5:53pm

NethServer Version: 7.6
Module: Account Provider

I’m trying to connect a remote NethServer AD to Active Directory always on Nethserver.
It connects but with this error

tkey query failed: GSSAPI error: Major = Unspecified GSS failure.

What can I do to solve?

Thank you

dnutan · June 28, 2019, 6:33pm

Haven’t tried, but Davide mentioned adding and option in sssd.conf file (or a custom template), or ignore the message:

The “tkey query failed” lines correspond to failed PTR updates. They can be disabled by setting dyndns_update_ptr = false in sssd.conf

However “tsig verify failure” lines still remain. It seems not to be a real issue though:

Unfortunately also TSIG failure is reported as an error, even if server reported success and nsupdate understands it. – 1394320 – sssd can't update PTR dns record in AD leading to kerberos problems

federico.ballarini · June 28, 2019, 6:58pm

Ops… sorry… i founded another error. I think this is the problem.
It was a FreePBX with LDAP remote AD. I change and connected Remote Active Directory.
When I launch “nethserver-sssd-save” I obtain this:

Jun 28 20:54:35 voip esmith::event[8857]: kinit: Preauthentication failed while getting initial credentials
Jun 28 20:54:35 voip esmith::event[8857]: [ERROR] /usr/libexec/nethserver/smbads: failed to add service primaries to system keytab
Jun 28 20:54:35 voip esmith::event[8857]: [ERROR] /usr/libexec/nethserver/smbads: failed to initialize keytabsJun 28 20:54:35 voip esmith::event[8857]: Action: /etc/e-smith/events/nethserver-sssd-save/S30nethserver-sssd-initkeytabs FAILED: 5 [0.590272]
Jun 28 20:54:36 voip esmith::event[8857]: Starting Sync on directory 'NethServer LDAP Custom'...
Jun 28 20:54:36 voip esmith::event[8857]: om'...
Jun 28 20:54:36 voip esmith::event[8857]: In Guard.php line 80:
Jun 28 20:54:36 voip esmith::event[8857]: e 80:
Jun 28 20:54:36 voip esmith::event[8857]:  Can't contact LDAP server
Jun 28 20:54:36 voip esmith::event[8857]: e 80:
Jun 28 20:54:36 voip esmith::event[8857]: e 80:
Jun 28 20:54:36 voip esmith::event[8857]: userman [--syncall] [--sync SYNC] [--force] [--list]
Jun 28 20:54:36 voip esmith::event[8857]: ist]
Jun 28 20:54:36 voip esmith::event[8857]: Action: /etc/e-smith/events/nethserver-sssd-save/S60nethserver-freepbx-conf-users FAILED: 255 [0.724527]
Jun 28 20:54:36 voip esmith::event[8857]: Action: /etc/e-smith/events/nethserver-sssd-save/S80nethserver-sssd-notifyclients SUCCESS [0.156936]

I think the problem is here… can you help me @dnutan ?

Thank you!

federico.ballarini · June 28, 2019, 7:05pm

I followed this http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-sssd.html#leave-and-re-join-active-directory and now there is only this error:

Jun 28 21:03:26 voip esmith::event[10655]: Starting Sync on directory 'NethServer LDAP Custom'...
Jun 28 21:03:26 voip esmith::event[10655]: 8]
Jun 28 21:03:26 voip esmith::event[10655]: In Guard.php line 80:
Jun 28 21:03:26 voip esmith::event[10655]: e 80:
Jun 28 21:03:26 voip esmith::event[10655]:  Can't contact LDAP server
Jun 28 21:03:26 voip esmith::event[10655]: e 80:
Jun 28 21:03:26 voip esmith::event[10655]: e 80:
Jun 28 21:03:26 voip esmith::event[10655]: userman [--syncall] [--sync SYNC] [--force] [--list]
Jun 28 21:03:26 voip esmith::event[10655]: ist]
Jun 28 21:03:27 voip esmith::event[10655]: Action: /etc/e-smith/events/nethserver-sssd-save/S60nethserver-freepbx-conf-users FAILED: 255 [1.119824]

federico.ballarini · June 28, 2019, 7:24pm

I solved by modifying FreePBX Settings under Admin > User Management > Directories

dnutan · June 28, 2019, 7:56pm

Sorry, I was AFK. Glad you solved it.