sssd fails to resolve names properly; replacing 'id_provider' by 'domain_type' in sssd.conf fixes it, but this is documented nowhere

Bug #1049123 reported by Thomas Hood on 2012-09-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Undecided
Unassigned

Bug Description

After upgrading sssd from the 12.04 to the quantal version, 1.9.0~beta6-0ubuntu1, sssd no longer works properly.

0. In sssd.conf I have two domains configured, named 'LOCAL' and 'SAMBA' where the latter uses a Samba 4 beta2 AD LDAP server.

1. While "getent passwd" lists all expected users from passwd and LDAP, "getent passwd <username>" produces no output and "id <username" results in "id: <username>: No such user", etc.

2. Running sssd interactively ("sssd -i -d 0xffff") and trying "id foo" for user "foo" in the LDAP directory produces some interesting debugging output.

=== BEGIN ===
(Tue Sep 11 15:20:10 2012) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'foo' matched without domain, user is foo
(Tue Sep 11 15:20:10 2012) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [foo] from [<ALL>]
(Tue Sep 11 15:20:10 2012) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x42e390:domains@LOCAL]
(Tue Sep 11 15:20:10 2012) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [LOCAL][not forced][]
(Tue Sep 11 15:20:10 2012) [sssd[nss]] [sss_dp_internal_get_send] (0x0020): BUG: The Data Provider connection for LOCAL is not available!(Tue Sep 11 15:20:10 2012) [sssd[nss]] [sss_dp_issue_request] (0x0020): The request has disappeared?
=== END ===

3. "getent passwd <username>@LDAP" *does* produce output (where <username> is in the LDAP directory).

4. sssd works properly again if, in the [domain/LOCAL] section of sssd.conf the line

    id_provider = local

is replaced by the line

    domain_type = local

Then the debugging output looks like the following

=== BEGIN ===
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'foo' matched without domain, user is foo
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [nss_cmd_getpwnam] (0x0100): Requesting info for [foo] from [<ALL>]
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x42e390:domains@SAMBA]
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [SAMBA][not forced][]
(Tue Sep 11 15:31:39 2012) [sssd[be[SAMBA]]] [be_get_subdomains] (0x0400): Got get subdomains [not forced][]
(Tue Sep 11 15:31:39 2012) [sssd[be[SAMBA]]] [be_get_subdomains] (0x0100): Undefined backend target.
(Tue Sep 11 15:31:39 2012) [sssd[be[SAMBA]]] [be_get_subdomains] (0x1000): Request processed. Returned 3,19,Subdomains back end target is not configured
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x42e390:domains@SAMBA]
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 19 error message: Subdomains back end target is not configured
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'foo' matched without domain, user is foo
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [nss_cmd_getpwnam_cb] (0x0400): Requesting info for [foo] from [<ALL>]
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/SAMBA/foo]
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [foo@SAMBA]
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Tue Sep 11 15:31:39 2012) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [foo@SAMBA]
=== END ===

The need to replace 'id_provider' by 'domain_type' is not documented anywhere I've seen.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: sssd 1.9.0~beta6-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27
Uname: Linux 3.2.0-30-generic x86_64
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
Date: Tue Sep 11 15:15:05 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
ProcEnviron:
 LANGUAGE=en_US:en
 TERM=xterm
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: sssd
UpgradeStatus: No upgrade log present (probably fresh install)

Thomas Hood (jdthood) wrote :
Thomas Hood (jdthood) wrote :
tags: added: quantal
removed: precise
summary: - sssd.conf "id_provider = local" causes failure; "domain_type = local"
- does work, but this change wasn't documented anywhere
+ sssd fails to resolve names properly; replacing 'id_provider' by
+ 'domain_type' in sssd.conf fixes it, but this is documented nowhere
Jakub Hrozek (jakub-hrozek) wrote :

I suspect that you are hitting upstream bug https://fedorahosted.org/sssd/ticket/1436 that was fixed in the upstream release 1.9.0 beta 7 (commit bdbf4f169e4d5d00b0616df19f7a55debb407f78)

I'm not sure where the "domain_type" comes from, the SSSD has no option called domain_type. If it fixed your problem, it must have been purely by accident.

Thomas Hood (jdthood) wrote :

Hi Jakub,

You wrote:
> I'm not sure where the "domain_type" comes from

I found "domain_type" in documentation online, e.g.,

http://docs.fedoraproject.org/en-US/Fedora/17/html/System_Administrators_Guide/sect-SSSD_User_Guide-SSSD_Example_Configuration_Files-SSSD_Configuration_File_Format.html

but I believe you when you say that Ubuntu sssd doesn't have that option.

$ grep id_provider /usr/sbin/sssd
Binary file /usr/sbin/sssd matches
$ grep domain_type /usr/sbin/sssd
$

> If it fixed your problem, it must have been purely by accident.

I think you are right. By removing the id_provider option I simply caused sssd to skip the LOCAL domain and search the SAMBA domain. With id_provider present sssd tries to search the LOCAL domain and fails out without trying the SAMBA domain.

I am glad to hear that this has been fixed upstream. Thanks for your help.

Jakub Hrozek (jakub-hrozek) wrote :

Ouch, thanks for pointing that out. Unfortunately that chapter is completely broken and lists multiple options that don't exist or are misnamed..

I filed https://bugzilla.redhat.com/show_bug.cgi?id=856502 to track this. I usually find the RHEL documentation is more accurate (or maybe let's say stable), you can browse it at http://docs.redhat.com, especially the Deployment Guide contains pointers to SSSD configuration.

Oh and while I'm in the process of pointing stuff out, may I suggest to use strings(1) instead of grep(1) to search for ASCII strings in binary files :-)

Thanks again for bringing up the broken documentation.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 1.9.0~rc1-0ubuntu1

---------------
sssd (1.9.0~rc1-0ubuntu1) quantal; urgency=low

  * Merge from unreleased debian git
    - new bugfix release (LP: #1049123)
 -- Timo Aaltonen <email address hidden> Fri, 14 Sep 2012 11:32:01 +0300

Changed in sssd (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.