systemctl start nsdc
worked and now nsdc status is ok BUT done same check for sssd got:
also after systemctl restart sssd
Do not know what that is, so can not tell you.
The first problem: nsdc failed to start because
Failed to add new veth interfaces..: File exists
is reported more times over the years :
https://bbs.archlinux.org/viewtopic.php?id=235740
and should be fixed…
logs from sssd_nss reports:
(2021-06-23 8:51:31): [nss] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
and ldap_child.log :
(2021-06-23 15:04:52): [ldap_child[20646]] [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Preauthentication failed
Still looks like nsdc is not running, can you check again?
If nsdc is not running can post the result of:
ip link | grep vb
This is as far as I can help you
Do not know why sssd is failing after nsdc is up and running;
my last resort would be not very linuxy : reboot…
cc// @support_team (and @davidep )
well I rebooted already… but no luck
It seems nsdc and sssd services are running.
Maybe with some more info someone else can lend a hand:
config show sssd
config show nsdc
account-provider-test dump
cat /etc/krb5.conf
klist -t -k /etc/krb5.keytab
Similar service error report but I’ve no access to red hat:
here we go:
[root@mail ~]# config show sssd
sssd=service
AdDns=192.168.20.199
BindDN=ldapservice@RBTECH.LOCAL
BindPassword=xxxxxxxxxxxxxxxxxxxxx
DiscoverDcType=ldapuri
LdapURI=ldaps://nsdc-mail.rbtech.local
Provider=ad
Realm=RBTECH.LOCAL
ShellOverrideStatus=enabled
Workgroup=RBTECH
status=enabled
[root@mail ~]# config show nsdc
nsdc=service
IpAddress=192.168.20.199
ProvisionType=newdomain
bridge=br0
status=enabled
[root@mail ~]# account-provider-test dump
{
"BindDN" : "ldapservice@RBTECH.LOCAL",
"LdapURI" : "ldaps://nsdc-mail.rbtech.local",
"DiscoverDcType" : "ldapuri",
"StartTls" : "",
"port" : 636,
"host" : "nsdc-mail.rbtech.local",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "dc=rbtech,dc=local",
"GroupDN" : "dc=rbtech,dc=local",
"BindPassword" : "xxxxxxxxxxxx",
"BaseDN" : "dc=rbtech,dc=local",
"LdapUriDn" : "ldap:///dc%3Drbtech%2Cdc%3Dlocal"
}
[root@mail ~]# cat /etc/krb5.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
#
# 10base
#
[logging]
default = FILE:/var/log/krb5libs.log
[libdefaults]
default_realm = RBTECH.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
rdns = false
forwardable = yes
#
# 20realms
#
[realms]
RBTECH.LOCAL = {
kdc = nsdc-mail.rbtech.local
}
[root@mail ~]# klist -t -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 11/05/2020 15:39:30 host/mail.rbtechnology.it@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/MAIL@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/mail.rbtechnology.it@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/MAIL@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/mail.rbtechnology.it@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/MAIL@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/mail.rbtechnology.it@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/MAIL@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/mail.rbtechnology.it@RBTECH.LOCAL
2 11/05/2020 15:39:30 host/MAIL@RBTECH.LOCAL
2 11/05/2020 15:39:30 MAIL$@RBTECH.LOCAL
2 11/05/2020 15:39:30 MAIL$@RBTECH.LOCAL
2 11/05/2020 15:39:30 MAIL$@RBTECH.LOCAL
2 11/05/2020 15:39:30 MAIL$@RBTECH.LOCAL
2 11/05/2020 15:39:30 MAIL$@RBTECH.LOCAL
2 10/06/2021 12:23:42 smtp/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 smtp/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 smtp/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 smtp/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 smtp/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 smtp/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 smtp/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 smtp/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 smtp/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 smtp/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 pop/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:43 imap/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 cifs/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/MAIL@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/mail.rbtechnology.it@RBTECH.LOCAL
2 10/06/2021 12:23:42 HTTP/MAIL@RBTECH.LOCAL
[root@mail ~]#
today I have even no user anymore at the system.:
Hi Stefano
I’ve had similiar errors in the past at my clients and at home.
What almost always worked was a bit unconventional:
Make sure you have your system backed up!
That will install all needed modules and the configuration. This solved my problem, users, groups and Account Provider was all back there!
A reboot would be in order!
My 2 cents
Andy
Hi Andy, thanks for replying, deleting the Account Provider during working hours and all client connected can have any side effect?
It is necessary to delete it? cannot just restore the backup?
thanks
Well - I wouldn’t do it during working hours…
Either after hours, or during lunch break (But announce maintenence beforehand!).
You can try, but in my attempts, the Account Provider was still screwed up…
It somehow ignored the screwed up bits and restored the rest.
By deleting it, the screwed up part is removed - and a working config is restored from backup…
As I have all my NethServers virtualized, it’s easy to make a quick backup of the VM using Proxmox, just to be on the safe side!
My 2 cents
Andy
I see, thanks I never restored a backup yet. there is a guide to follow you can suggest me to read?
and more… this works just for setting right? no data loss? ( thinking of email )
Thanks
With backups, rule of thumb is:
Better to have a backup to many, then one too little!
As I provide this as a professional backup for my clients, I prefer to be on the safe side.
NethServer does daily backups to NAS, and keeps a week of data.
But as said, all my clients use virtualized NethServers, running on Proxmox.
Proxmox itself makes (live) backups of all VMs, also daily.
Before PBS (Proxmox Backup Server), I also kept these for a week at least. Now, with PBS, I keep several months of backups, also everything Off-Site, in case of fire, lightning, flood, whatever…
I also additionally have a script running, which stores all data to NAS via rsync, also 7 generations.
The NAS also does daily backups of everything to an external USB3 10 TB drive.
Thats my basic “Modus Operandi” - and all three backups also off-site.
https://docs.nethserver.org/en/v7/disaster_recovery.html
And, no, you should not experience any data loss, it’s only the config!
My 2 cents
Andy
To me (due to lack of knowledge) all the AD/sssd stack is hard to diagnose. I find it annoying when one cannot scratch the itch. Just for the sake of it, here’s a troubleshooting guide for sssd.
https://sssd.io/troubleshooting/basics.html
Andy’s proposal could be a quicker solution and spare you some head banging against the wall moments.
My one cent.
Never forget: NEVER Trust an untested Backup!
Always test your backups (Best more than once!).
If it works three times, it’ll probably work a million times, or when the hardware dies!
After major upgrades, test again!
I even force my clients to test and verify the backups - every 3-6 months!
My 2 cents
Andy
I agree with both @Andy_Wismer and @dnutan ,
Thinking about @trogloraspa situation it seems to me sssd is running with it’s cached user-credetials and over time they will expire for all users.
If the above is true, it may be possible to take out the dc and reinstall it while in production, BIG RISC THOUGH
Do not see strange things in the config except the ad has an second level domain name mine has a 3rth level name : ad.example.com
but it seem to work in the past so an non-issue
like to suggest to dig in a bit more and try some things
can you ping the nsdc, by ip:
ping -c 4 $(config getprop sssd AdDns)
by dns:
ping -c 4 $(config getprop sssd Realm)
Check dns a bit more:
getent passwd administrator@$(hostname -d)
Update: I’ve restored a Configuration Backup…
User are come back to system… and it seems to be fine now.
…so far. Thanks for the help to everybody…