mardi 27 janvier 2015

sssd-ad in wheezy


I have a similar question running on serverfault, but i have a followup question that is more suited here, in my humble(likely uninformed) opinion.


I have been trying to validate users in my Debian Wheezy server against the company AD(windows 2008 server).


The main challenge is that this AD does not supply any Unix attributes (uid, gid, homedir, shell). I have gotten around homedir and shell by using sssd and its fallback mechanisms. However, i am currently stuck on the uid, gid.


When i attempt to sync using the configuration (i cut it down to the relevant parts)



id_provider = ad
access_provider = ad
auth_provider = krb5
chpass_provider = krb5
ldap_schema = ad
ldap_id_mapping = true
debug_level = 7


I get the following error:



(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed PAM client
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed NSS client
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection FB1630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798,guid=84361ff4e288ffa9288b858f54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1A3D630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799,guid=f69da63ecb7352f94fee01df54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 210B630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800,guid=466e1c905c470ad8c00455f754c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1811630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801,guid=7410c96282fd44c81ae85d5454c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]


The files are actually missing:



/usr/lib/x86_64-linux-gnu/sssd$ ls -la
total 3884
drwxr-xr-x  3 root root    4096 Jan 26 15:05 .
drwxr-xr-x 11 root root   12288 Jan 26 15:05 ..
-rw-r--r--  1 root root 1405048 Mar  4  2013 libsss_ipa.so
-rw-r--r--  1 root root  585784 Mar  4  2013 libsss_krb5.so
-rw-r--r--  1 root root 1081880 Mar  4  2013 libsss_ldap.so
-rw-r--r--  1 root root  479160 Mar  4  2013 libsss_proxy.so
-rw-r--r--  1 root root  389400 Mar  4  2013 libsss_simple.so
drwxr-xr-x  2 root root    4096 Jan 26 15:05 modules


How do i get hold of the sssd ad provider for sssd on Debian Wheezy? I have seen numerous examples of it in use. Is it really not included in the wheezy distribution? Can i get around it by using the ldap provider somehow? Or do i have to smuss up my server and add the unstable repository to my sources?



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)