© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
eee2d0b
(Get the code!)
Verified working:
Setup:
# lxc launch ubuntu-daily:xenial tester && lxc exec tester bash
Failure Case:
# apt update && apt dist-upgrade -y && apt install -y sssd
# echo "[nss]
filter_groups = root
filter_users = root
reconnection_
[pam]
reconnection_
[sssd]
config_file_version = 2
reconnection_
sbus_timeout = 30
services = nss, pam
domains = europe.
[domain/
#With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd <email address hidden>
enumerate = false
cache_credentials = true
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldaps:/
ldap_search_base = dc=europe,
ldap_tls_cacert = /etc/ssl/
#This parameter requires that the DC present a completely validated certificate chain. If you're testing or don't care, use 'allow' or 'never'.
ldap_tls_reqcert = demand
krb5_realm = EUROPE.EXAMPLE.COM
dns_discovery_
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_
ldap_force_
ldap_user_
ldap_group_
ldap_user_
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_
ldap_user_principal = userPrincipalName
ldap_group_
ldap_group_name = sAMAccountName
#Bind credentials
ldap_default_
ldap_default_
[domain/
#With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd <email address hidden>
enumerate = false
cache_credentials = true
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldaps:/
ldap_search_base = dc=asia,
ldap_tls_cacert = /etc/ssl/
#This parameter requires that the DC present a completely validated certificate chain. If you're testing or don't care, use 'allow' or 'never'.
ldap_tls_reqcert = demand
krb5_realm = ASIA.EXAMPLE.COM
dns_discovery_
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_
ldap_force_
ldap_user_
ldap_group_
ldap_user_
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_
ldap_user_principal = userPrincipalName
ldap_group_
ldap_group_name = sAMAccountName
#Bind credentials
ldap_default_
ldap_default_
# chmod 600 /etc/sssd/sssd.conf
# service sssd start
# pkill -KILL -F /var/run/sssd.pid
# service sssd start
Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details.
# journalctl -xe
...
Oct 30 10:25:46 xtest sssd[7110]: SSSD is already running
Upgrade to Proposed and Retry:
# echo "deb http://
# apt update && apt dist-upgrade -y
# service sssd start
# systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/
Active: active (running) since Fri 2018-11-16 10:32:23 UTC; 21s ago
Main PID: 5584 (sssd)
Tasks: 5
Memory: 35.4M
CPU: 88ms
CGroup: /system.
├─5584 /usr/sbin/sssd -i -f
├─5585 /usr/lib/
├─5586 /usr/lib/
├─5587 /usr/lib/
└─5588 /usr/lib/
Nov 16 10:32:23 tester systemd[1]: Starting System Security Services Daemon...
Nov 16 10:32:23 tester sssd[5584]: Starting up
Nov 16 10:32:23 tester sssd[be[5586]: Starting up
Nov 16 10:32:23 tester sssd[be[5585]: Starting up
Nov 16 10:32:23 tester sssd[5587]: Starting up
Nov 16 10:32:23 tester sssd[5588]: Starting up
Nov 16 10:32:23 tester systemd[1]: Started System Security Services Daemon.