Active Directory SSSD keytab generation before starting sssd

Bug #1586967 reported by Christian Schmitt on 2016-05-30
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Undecided
Unassigned

Bug Description

Actually for configuring SSSD on Ubuntu (https://help.ubuntu.com/lts/serverguide/sssd-ad.html).

The step sudo kinit Administrator and net ads join -k needs to be done before starting sssd.

summary: - Active Directory SSSD missing keytab generation
+ Active Directory SSSD keytab generation before starting sssd
description: updated
Etienne Ringuet (eringuet) wrote :

I came to report same.
The guide states:

sudo systemctl restart ntp.service
sudo systemctl restart smbd.service nmbd.service
sudo systemctl start sssd.service

but

sssd.service depends on the keytab file which is not present until the machine is joined to AD. A user will see this error message:

Jun 17 11:02:17 hostname sssd[be[24166]: Failed to read keytab [default]: No such file or directory
Jun 17 11:02:17 hostname sssd[24158]: Exiting the SSSD. Could not restart critical service [example.com].

The documentation should be:

sudo systemctl restart ntp.service
sudo systemctl restart smbd.service nmbd.service
sudo kinit Administrator
sudo net ads join -k
sudo systemctl start sssd.service

Changed in serverguide:
status: New → Confirmed
Dan Delaney (dan-launchpad) wrote :

As of the writing of this comment this page in the Server Guide still has not been corrected. It is incorrect in both the 14.04 LTS and 16.04 LTS Server Guides.
Please change the sssd-ad.html page to read as follows:

—————————————————————————--
Join the Active Directory

Now, restart ntp and samba:

sudo systemctl restart ntp
sudo systemctl restart smbd nmbd

Test the configuration by obtaining a Kerberos ticket:

sudo kinit Administrator

Verify the ticket with:

sudo klist

If there is a ticket with an expiration date listed, then it is time to join the domain:

sudo net ads join -k

Finally, start sssd:

sudo systemctl start sssd

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers