비슷한 문제가 발생했습니다.서버 장애, 하지만 저의 겸손한(아마도 정보가 없는) 의견으로는 여기에서 질문하는 것이 더 적합한 후속 질문이 있습니다.
저는 회사 AD(Windows 2008 서버)에 대해 Debian Wheezy 서버의 사용자를 인증하려고 했습니다.
가장 큰 문제는 AD가 Unix 속성(uid, gid, homedir, shell)을 제공하지 않는다는 것입니다. sssd와 해당 폴백 메커니즘을 사용하여 homedir과 Shell을 우회했습니다. 그러나 현재 uid, gid에 갇혀 있습니다.
config sync를 사용하려고 할 때(해당 부분으로 줄였습니다)
id_provider = ad
access_provider = ad
auth_provider = krb5
chpass_provider = krb5
ldap_schema = ad
ldap_id_mapping = true
debug_level = 7
다음 오류가 발생합니다.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed PAM client
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed NSS client
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection FB1630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798,guid=84361ff4e288ffa9288b858f54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1A3D630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799,guid=f69da63ecb7352f94fee01df54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 210B630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800,guid=466e1c905c470ad8c00455f754c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1811630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801,guid=7410c96282fd44c81ae85d5454c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
파일이 실제로 누락되었습니다.
/usr/lib/x86_64-linux-gnu/sssd$ ls -la
total 3884
drwxr-xr-x 3 root root 4096 Jan 26 15:05 .
drwxr-xr-x 11 root root 12288 Jan 26 15:05 ..
-rw-r--r-- 1 root root 1405048 Mar 4 2013 libsss_ipa.so
-rw-r--r-- 1 root root 585784 Mar 4 2013 libsss_krb5.so
-rw-r--r-- 1 root root 1081880 Mar 4 2013 libsss_ldap.so
-rw-r--r-- 1 root root 479160 Mar 4 2013 libsss_proxy.so
-rw-r--r-- 1 root root 389400 Mar 4 2013 libsss_simple.so
drwxr-xr-x 2 root root 4096 Jan 26 15:05 modules
Debian Wheezy에서 sssd용 sssd 광고 공급자를 어떻게 찾나요? 사용되는 사례를 많이 봤습니다. 정말 쌕쌕거림 분포에 포함되지 않는 걸까요? 이 문제를 해결하기 위해 LDAP 공급자를 사용할 수 있는 방법이 있습니까? 아니면 서버를 망가뜨리고 소스에 불안정한 저장소를 추가해야 합니까?
답변1
테스트 버전 1.11.7-2는 프로덕션 환경에서 작동합니다.
전체 시스템을 안정 시스템에서 업그레이드할 필요는 없으며 테스트 저장소만 추가하면 됩니다.
deb http://ftp.uk.debian.org/debian/ testing main contrib non-free
deb http://ftp.uk.debian.org/debian/ testing-updates main contrib non-free
apt안정적인 버전을 선호한다고 알려야 할 수도 있습니다 . 이 섹션을 파일에 추가하면 됩니다./etc/apt/apt.conf.d/00local
APT {
Default-Release "stable";
// Cache-Limit "50000000"; // only if needed
};
그런 다음 실행하면 sssd 등을 설치하고 업그레이드할 수 있는 기능이 제공되는 aptitude update것을 확인할 수 있습니다 .aptitude install -t testing sssd-ad
완전성을 위해 이것은 내 것입니다 (편집됨)sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = example.org
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
offline_credentials_expiration = 7
offline_failed_login_delay = 1
[domain/example.org]
enumerate = false
ldap_group_nesting_level = 5
ldap_use_tokengroups = false
cache_credentials = true
account_cache_expiration = 10
entry_cache_timeout = 14400
lookup_family_order = ipv4_only
dns_resolver_timeout = 3
dns_discovery_domain = example.org
fallback_homedir = /home/%d/%u
default_shell = /bin/bash
id_provider = ad