服务器 Gind.cn
  1. 服务器 Gind.cn
  3. sssd不能保存用户。 失踪的使用者
Intereting Posts
如何循环队列检查代码? 在NGINX中使用Postgres Basic Auth将查询结果添加到代理HTTP头 在轨道上安装ruby 中国防火墙修改X-Forwarded-For 使用mdadm创buildraid1数组会削减空间 Apache虚拟主机错误 rsync排除不工作 Exchange Server 2007丢失了邮箱和通讯组 无效的SAS拓扑 关于date格式的简单问题 Spacewalk Anaconda Pxe Boot Issue – 内核版本3.10 …需要linux-firmware 20140911 Windows Server 2008 R2安全日志重复审核失败条目 你可以防止IIS7 / 8监视web.config更改的UNCpath吗? GlusterFS和ZFS快照 惠普PROLIANT DL320G6的功耗

sssd不能保存用户。 失踪的使用者

我正在尝试使用sssd同步我的Debian服务器。

当我运行getent passwd username@domain ,用户不会被返回。 日志说这是因为我错过了从LDAP查找UID。 不过,当我设置ldap_id_mapping = true时候,我清楚地知道我不需要它。

even的完整日志是: 

 (Mon Jan 26 17:39:13 2015) [sssd[be[thecompany.dk]]] [sdap_save_user] (0x0020): no uid provided for [nmw] in domain [netdesign.dk]. (Mon Jan 26 17:39:13 2015) [sssd[be[thecompany.dk]]] [sdap_save_user] (0x0040): Failed to save user [somedude] (Mon Jan 26 17:39:13 2015) [sssd[be[thecompany.dk]]] [sdap_save_users] (0x0040): Failed to store user 0. Ignoring. (Mon Jan 26 17:39:13 2015) [sssd[be[thecompany.dk]]] [sdap_save_users] (0x0040): Failed to check aliases for user 0. Ignoring.

设置文件是: 

 [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = companyName.dk [domain/companyName.dk] #With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd [email protected] enumerate = false cache_credentials = true debug_level = 3 ldap_id_mapping = true id_provider = ldap access_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_uri = ldaps://172.23.1.41:636,ldaps://172.23.1.42:636 ldap_search_base = ou=companyname,dc=companyName,dc=dk #ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt #This parameter requires that the DC present a completely validated certificate chain. If you're testing or don't care, use 'allow' or 'never'. ldap_tls_reqcert = allow krb5_realm = COMPANYNAME.DK dns_discovery_domain = COMPANYNAME.DK #ldap_schema = rfc2307bis ldap_schema = ad ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true ldap_user_search_base = ou=Users,ou=companyName,dc=companyName,dc=dk ldap_group_search_base = ou=Roles,ou=Security Groups,ou=companyName,dc=companyName,dc=dk ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_fullname = displayName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_group_object_class = group ldap_group_name = sAMAccountName fallback_homedir = /home/%d/%u shell_fallback = /bin/bash #Bind credentials ldap_default_bind_dn = cn=user,ou=Service,ou=Misc accounts,ou=companyName,dc=companyName,dc=dk ldap_default_authtok = 1nc0gn370

安装的软件包是 

 sssd libpam-sss libnss-sss

究竟是我在这里做错了什么?

编辑/新build:

我尝试将debugging级别更改为7,并将“id_provider”和“access_provider”设置为“ad”

这是生成的日志: 

 (Tue Jan 27 09:44:00 2015) [sssd[be[companyName.dk]]] [sdap_id_conn_data_expire_handler] (0x0080): connection is about to expire, releasing it (Tue Jan 27 09:44:41 2015) [sssd[be[companyName.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Tue Jan 27 09:44:41 2015) [sssd[be[companyName.dk]]] [be_client_destructor] (0x0400): Removed PAM client (Tue Jan 27 09:44:41 2015) [sssd[be[companyName.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Tue Jan 27 09:44:41 2015) [sssd[be[companyName.dk]]] [be_client_destructor] (0x0400): Removed NSS client (Tue Jan 27 09:44:41 2015) [sssd[be[companyName.dk]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.companyName.DK], [2][No such file or directory] (Tue Jan 27 09:44:41 2015) [sssd[be[companyName.dk]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.companyName.DK], [2][No such file or directory] (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [companyName.dk]! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for companyName.dk: /var/lib/sss/db/cache_companyName.dk.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_init_connection] (0x0200): Adding connection 1911E20 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_companyName.dk,1) (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_companyName.dk.3731 to a link /var/lib/sss/pipes/private/sbus-dp_companyName.dk (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_companyName.dk.3731,guid=cb367efaa8d3c54884cd2f9454c74ffb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so]. (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [be_process_init] (0x0010): fatal error initializing data providers (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [main] (0x0010): Could not initialize backend [79] (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [companyName.dk]! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for companyName.dk: /var/lib/sss/db/cache_companyName.dk.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_init_connection] (0x0200): Adding connection 878E20 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_companyName.dk,1) (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_companyName.dk.3732 to a link /var/lib/sss/pipes/private/sbus-dp_companyName.dk (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_companyName.dk.3732,guid=76e5c03e58d9e5107828a0fc54c74ffb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so]. (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [be_process_init] (0x0010): fatal error initializing data providers (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [main] (0x0010): Could not initialize backend [79] (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [companyName.dk]! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for companyName.dk: /var/lib/sss/db/cache_companyName.dk.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_init_connection] (0x0200): Adding connection 99CE20 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_companyName.dk,1) (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_companyName.dk.3733 to a link /var/lib/sss/pipes/private/sbus-dp_companyName.dk (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_companyName.dk.3733,guid=1e822671b672f1c8f023390554c74ffb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so]. (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [be_process_init] (0x0010): fatal error initializing data providers (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [main] (0x0010): Could not initialize backend [79] (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [companyName.dk]! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for companyName.dk: /var/lib/sss/db/cache_companyName.dk.ldb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_init_connection] (0x0200): Adding connection BC2E20 (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_companyName.dk,1) (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_companyName.dk.3734 to a link /var/lib/sss/pipes/private/sbus-dp_companyName.dk (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_companyName.dk.3734,guid=58592e3c74d2a142966a571654c74ffb (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so]. (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [be_process_init] (0x0010): fatal error initializing data providers (Tue Jan 27 09:44:43 2015) [sssd[be[companyName.dk]]] [main] (0x0010): Could not initialize backend [79]

我假设libsss_ad.so文件应该在这里,但它不是。 

 user@server:/usr/lib/x86_64-linux-gnu/sssd$ ls -l total 3868 -rw-r--r-- 1 root root 1405048 Mar 4 2013 libsss_ipa.so -rw-r--r-- 1 root root 585784 Mar 4 2013 libsss_krb5.so -rw-r--r-- 1 root root 1081880 Mar 4 2013 libsss_ldap.so -rw-r--r-- 1 root root 479160 Mar 4 2013 libsss_proxy.so -rw-r--r-- 1 root root 389400 Mar 4 2013 libsss_simple.so drwxr-xr-x 2 root root 4096 Jan 26 15:05 modules

sssd_ad模块是否不包含在Debian稳定版本中?

首先,你没有说你正在使用哪个SSSD版本。 鉴于你说它是“Debian稳定”,我认为1.8.x. 该版本不支持ID映射,对不起。

更多涉及的答案是SSSD服务POSIX用户,并要求用户有一个ID号码。 ID号可以是用户条目本身的属性(通常为uidNumber),也可以从Window的SID中推断出来。 后者就是你想用ldap_id_mapping = True来做的事情,但是这个function只在1.9和更高版本中实现。

我想你现在可以在Debian稳定版上使用Winbind ..