我有一个类似的问题正在运行服务器故障,但我有一个更适合在这里提出的后续问题,以我个人的拙见(可能不了解情况)来看。
我一直在尝试根据公司 AD(Windows 2008 服务器)验证我的 Debian Wheezy 服务器中的用户。
主要挑战是该 AD 不提供任何 Unix 属性(uid、gid、homedir、shell)。我通过使用 sssd 及其后备机制绕过了 homedir 和 shell。但是,我目前卡在 uid、gid 上。
当我尝试使用配置同步时(我将其缩减为相关部分)
id_provider = ad
access_provider = ad
auth_provider = krb5
chpass_provider = krb5
ldap_schema = ad
ldap_id_mapping = true
debug_level = 7
我收到以下错误:
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed PAM client
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
(Tue Jan 27 10:39:05 2015) [sssd[be[thecompany.dk]]] [be_client_destructor] (0x0400): Removed NSS client
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection FB1630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4798,guid=84361ff4e288ffa9288b858f54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1A3D630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4799,guid=f69da63ecb7352f94fee01df54c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 210B630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4800,guid=466e1c905c470ad8c00455f754c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [server_setup] (0x0080): CONFDB: /var/lib/sss/db/config.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [resolv_get_family_order] (0x1000): Lookup order: ipv4_first
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [fo_context_init] (0x0080): Created new fail over context, retry timeout is 30
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [confdb_get_domain_internal] (0x0020): No enumeration for [thecompany.dk]!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sysdb_domain_init_internal] (0x0200): DB File for thecompany.dk: /var/lib/sss/db/cache_thecompany.dk.ldb
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [ldb] (0x0400): asq: Unable to register control with rootdse!
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_init_connection] (0x0200): Adding connection 1811630
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_thecompany.dk,1)
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [create_socket_symlink] (0x1000): Symlinking the dbus path /var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801 to a link /var/lib/sss/pipes/private/sbus-dp_thecompany.dk
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [sbus_new_server] (0x0080): D-BUS Server listening on unix:path=/var/lib/sss/pipes/private/sbus-dp_thecompany.dk.4801,guid=7410c96282fd44c81ae85d5454c75cba
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x1000): Loading backend [ad] with path [/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so].
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [load_backend_module] (0x0010): Unable to load ad module with path (/usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so), error: /usr/lib/x86_64-linux-gnu/sssd/libsss_ad.so: cannot open shared object file: No such file or directory
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Jan 27 10:39:06 2015) [sssd[be[thecompany.dk]]] [main] (0x0010): Could not initialize backend [79]
文件实际上丢失了:
/usr/lib/x86_64-linux-gnu/sssd$ ls -la
total 3884
drwxr-xr-x 3 root root 4096 Jan 26 15:05 .
drwxr-xr-x 11 root root 12288 Jan 26 15:05 ..
-rw-r--r-- 1 root root 1405048 Mar 4 2013 libsss_ipa.so
-rw-r--r-- 1 root root 585784 Mar 4 2013 libsss_krb5.so
-rw-r--r-- 1 root root 1081880 Mar 4 2013 libsss_ldap.so
-rw-r--r-- 1 root root 479160 Mar 4 2013 libsss_proxy.so
-rw-r--r-- 1 root root 389400 Mar 4 2013 libsss_simple.so
drwxr-xr-x 2 root root 4096 Jan 26 15:05 modules
我如何在 Debian Wheezy 上找到 sssd 的 sssd 广告提供商?我见过很多使用它的例子。它真的不包含在 wheezy 发行版中吗?我可以通过某种方式使用 ldap 提供程序来解决这个问题吗?或者我是否必须搞乱我的服务器并将不稳定的存储库添加到我的源中?
答案1
测试版本 1.11.7-2 在生产环境中适用于我。
您不需要从稳定版升级整个系统,只需添加一个测试存储库:
deb http://ftp.uk.debian.org/debian/ testing main contrib non-free
deb http://ftp.uk.debian.org/debian/ testing-updates main contrib non-free
您可能需要告诉apt您您更喜欢稳定版本。您可以通过将此部分添加到文件中来完成此操作,例如/etc/apt/apt.conf.d/00local
APT {
Default-Release "stable";
// Cache-Limit "50000000"; // only if needed
};
然后运行aptitude update,你应该会发现aptitude install -t testing sssd-ad提供安装和升级 sssd 等。
为了完整起见,这是我的(已编辑)sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = example.org
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
offline_credentials_expiration = 7
offline_failed_login_delay = 1
[domain/example.org]
enumerate = false
ldap_group_nesting_level = 5
ldap_use_tokengroups = false
cache_credentials = true
account_cache_expiration = 10
entry_cache_timeout = 14400
lookup_family_order = ipv4_only
dns_resolver_timeout = 3
dns_discovery_domain = example.org
fallback_homedir = /home/%d/%u
default_shell = /bin/bash
id_provider = ad