Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: user logon - blank workgroup

  1. #11
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,726
    Blog Entries
    2

    Default Re: user logon - blank workgroup

    Although you can search your system logs,
    You might find it easier to open a console that displays your system log entries in real time before you try to join AD.
    I'm guessing that might display the reason why the sssd service won't start.
    At the very least, you'll be able to verify the service name is sssd.service or something like that.

    In an elevated console, run the following command to display your system log in real time
    Code:
    journalctl -f
    Any time you invoke the status of a service, it will display and include a relevant snippet of the system log whether it's running or not
    Code:
    systemctl status Unit_filename 
    Although you shouldn't have to do it, you can even try starting the service manually. So, for instance if the service name is sssd.service
    Code:
    systemctl start sssd.service
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  2. #12
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,368

    Default Re: user logon - blank workgroup

    Quote Originally Posted by antonio.tvr View Post
    * /usr/bin/systemctl restart sssd.service
    Job for sssd.service failed because the control process exited with error code.
    See "systemctl status sssd.service" and "journalctl -xe" for details.
    From the CLI of the user “root”, please post the output of “systemctl status sssd.service”.

    For the case of the systemd Journal – also from the CLI of the user “root” – please post the output of “journalctl -x| grep -iE 'sssd|System Security Services' ”

  3. #13

    Default Re: user logon - blank workgroup

    Hi.

    This is the output of systemctl status sssd:

    sssd.service - System Security Services Daemon
    Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Wed 2020-09-16 16:22:52 CEST; 16h ago
    Process: 1571 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=4)
    Main PID: 1571 (code=exited, status=4)

    Sep 16 16:22:51 lnx02.maddant.local systemd[1]: Starting System Security Services Daemon...
    Sep 16 16:22:51 lnx02.maddant.local sssd[1571]: SSSD couldn't load the configuration database [2]: No such file or directory.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: Failed to start System Security Services Daemon.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Unit entered failed state.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Failed with result 'exit-code'.

    It is indicated that the configuration database could not be loaded ( I think that it should be loaded from
    /var/lib/sss/db/.

    But in this directory there is the config.ldb file. I have also tried to delete it and when I start sssd service the file is created.


  4. #14

    Default Re: user logon - blank workgroup

    And this is the other required information:

    journalctl -x| grep -iE 'sssd|System Security Services'
    Sep 16 16:14:21 lnx02.maddant.local systemd[1]: Starting System Security Services Daemon...
    -- Subject: Unit sssd.service has begun start-up
    -- Unit sssd.service has begun starting up.
    Sep 16 16:14:21 lnx02.maddant.local sssd[1411]: SSSD couldn't load the configuration database [2]: No such file or directory.
    Sep 16 16:14:21 lnx02.maddant.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 16 16:14:21 lnx02.maddant.local systemd[1]: Failed to start System Security Services Daemon.
    -- Subject: Unit sssd.service has failed
    -- Unit sssd.service has failed.
    Sep 16 16:14:21 lnx02.maddant.local systemd[1]: sssd.service: Unit entered failed state.
    Sep 16 16:14:21 lnx02.maddant.local systemd[1]: sssd.service: Failed with result 'exit-code'.
    Sep 16 16:14:57 lnx02.maddant.local systemd[1]: Starting System Security Services Daemon...
    -- Subject: Unit sssd.service has begun start-up
    -- Unit sssd.service has begun starting up.
    Sep 16 16:14:57 lnx02.maddant.local sssd[1425]: SSSD couldn't load the configuration database [2]: No such file or directory.
    Sep 16 16:14:57 lnx02.maddant.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 16 16:14:57 lnx02.maddant.local systemd[1]: Failed to start System Security Services Daemon.
    -- Subject: Unit sssd.service has failed
    -- Unit sssd.service has failed.
    Sep 16 16:14:57 lnx02.maddant.local systemd[1]: sssd.service: Unit entered failed state.
    Sep 16 16:14:57 lnx02.maddant.local systemd[1]: sssd.service: Failed with result 'exit-code'.
    Sep 16 16:20:03 lnx02.maddant.local systemd[1]: Starting System Security Services Daemon...
    -- Subject: Unit sssd.service has begun start-up
    -- Unit sssd.service has begun starting up.
    Sep 16 16:20:03 lnx02.maddant.local sssd[1551]: SSSD couldn't load the configuration database [2]: No such file or directory.
    Sep 16 16:20:03 lnx02.maddant.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 16 16:20:03 lnx02.maddant.local systemd[1]: Failed to start System Security Services Daemon.
    -- Subject: Unit sssd.service has failed
    -- Unit sssd.service has failed.
    Sep 16 16:20:03 lnx02.maddant.local systemd[1]: sssd.service: Unit entered failed state.
    Sep 16 16:20:03 lnx02.maddant.local systemd[1]: sssd.service: Failed with result 'exit-code'.
    Sep 16 16:22:51 lnx02.maddant.local systemd[1]: Starting System Security Services Daemon...
    -- Subject: Unit sssd.service has begun start-up
    -- Unit sssd.service has begun starting up.
    Sep 16 16:22:51 lnx02.maddant.local sssd[1571]: SSSD couldn't load the configuration database [2]: No such file or directory.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: Failed to start System Security Services Daemon.
    -- Subject: Unit sssd.service has failed
    -- Unit sssd.service has failed.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Unit entered failed state.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Failed with result 'exit-code'.

    Thank you

  5. #15

    Default Re: user logon - blank workgroup

    I can also use winbind for ad join if realmd it is not working.

    I tried and it works fine I must say (the credentials on the network shares are also passed and I am not asked to authenticate again).

    the only problem I encountered with winbind is this: every time I log in with the domain user, the initial desktop setup is repeated, as if the settings were not saved correctly.

    For Ubuntu I have tried also another method to join the client to a Windows domain: PBIS Open (I don't know if you know about it).

    It is a project with an open source version available on github that permits join in a simple way using winbind under the hood.

    with one command it can join the machine to domain and with another command configures the samba integration to also pass windows authentication to network shares.

    but I think that the opensuse winbind setup present in yast can do the same things.

    In ubuntu there aren't "official" tools for doing this and so I have found this product.

    Regards

  6. #16
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,368

    Default Re: user logon - blank workgroup

    @antonio.tvr:

    Searching for the error message points to an old Red Hat Bug Report: <https://bugzilla.redhat.com/show_bug.cgi?id=927885>.
    Code:
    if there is no blank line at the end of /etc/sssd/sssd.conf, sssd wont start and you get an error in /var/log/messages about "sssd: Cannot load configuration database".
    Please try the repair and, raise an openSUSE Bug Report – you'll need to include the status and systemd Journal messages you've shown here.

  7. #17
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,726
    Blog Entries
    2

    Default Re: user logon - blank workgroup

    Quote Originally Posted by antonio.tvr View Post
    Hi.

    This is the output of systemctl status sssd:

    sssd.service - System Security Services Daemon
    Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Wed 2020-09-16 16:22:52 CEST; 16h ago
    Process: 1571 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=4)
    Main PID: 1571 (code=exited, status=4)

    Sep 16 16:22:51 lnx02.maddant.local systemd[1]: Starting System Security Services Daemon...
    Sep 16 16:22:51 lnx02.maddant.local sssd[1571]: SSSD couldn't load the configuration database [2]: No such file or directory.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: Failed to start System Security Services Daemon.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Unit entered failed state.
    Sep 16 16:22:52 lnx02.maddant.local systemd[1]: sssd.service: Failed with result 'exit-code'.

    It is indicated that the configuration database could not be loaded ( I think that it should be loaded from
    /var/lib/sss/db/.

    But in this directory there is the config.ldb file. I have also tried to delete it and when I start sssd service the file is created.

    Your error suggests that the database file isn't accessible because of improper permissions.
    Possible causes...
    The database file itself has the wrong permissions.
    The service accessing the database file is invoked with the wrong permissions (unlikely, but possible).
    AppArmor or some other permissions management isn't configured properly (I'm guessing this is a probably the problem).

    This kind of problem if it happens is usually an installation problem, did you simply install components you thought you needed or did you install using YaST Software Manager or run the YaST AD module?

    Be aware that openSUSE methods for connecting to AD changed significantly about a year ago, do not use references that are older.
    Current relevant documentation:

    The following is brief, but contains links to other documentation depending on your setup
    Note that winbind is not normally required today, but in some instances. I've forgotten the exact details but it's always required connecting to an old style NT (not AD) Domain, but can also provide support for a few AD features.

    https://doc.opensuse.org/documentati...rity-auth.html

    A higher level description of how things are supposed to currently work

    https://doc.opensuse.org/documentati...curity-ad.html

    AppArmor and Active Directory

    https://doc.opensuse.org/documentati...curity-ad.html

    If you need help with anything in the documentation or how to do something,
    Just post...

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  8. #18
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,368

    Question Re: user logon - blank workgroup

    Quote Originally Posted by tsu2 View Post
    The database file itself has the wrong permissions.
    Is a user named “sssd” installed with the Active Directory packages? – Plus, an associated group?
    • If that's the case then, this is a not an unknown error with the files associated with a service and, their directory …

  9. #19
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,726
    Blog Entries
    2

    Default Re: user logon - blank workgroup

    Quote Originally Posted by dcurtisfra View Post
    Is a user named “sssd” installed with the Active Directory packages? – Plus, an associated group?
    • If that's the case then, this is a not an unknown error with the files associated with a service and, their directory …
    Unless someone tried to pre-create a user account (not supposed to do that),
    The User should be logged be running the YaST account with elevated permissions (that's automatic)
    And
    Should be using a Domain Admin account to join the Domain.

    Both these requirements I'd guess shouldn't throw the permissions error.
    IMO it's more likely local permissions erroon the machine, but how the problem happened, I don't know...
    Could be a bug.
    Or, could be a User install and setup error.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #20

    Default Re: user logon - blank workgroup

    Hi.

    Thank you for your help.

    I have tried to join an openSuse Leap 15.2 machine to AD from Yast, not from shell.

    And I have followed the documentation updated for latest relase of OpenSuse.

    Maybe there is some bug and it could also be true since the procedure with winbind works and the one with sssd does not.

    The openSuse documentation syas that the join procedure with user logon (sssd) it best indicated for active directory.

    Also on red hat portal I have found several informations regards winbind "deprecation".

    The only commercial product (but there is also an open source version) that continues to use winbind for now, at least that I know of, is pbis.

    For myself and then use it on multiple workstations in the company where I work, I had preferred to do tests with yast rather than at command line attempts.

    I try to open a bug with openSuse so maybe they can say wy the "offical" procedure did not works.

    Regards and thank you very much for your help.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •