Nov 16 10:32:23 tester systemd[1]: Starting System Security Services Daemon...
Nov 16 10:32:23 tester sssd[5584]: Starting up
Nov 16 10:32:23 tester sssd[be[5586]: Starting up
Nov 16 10:32:23 tester sssd[be[5585]: Starting up
Nov 16 10:32:23 tester sssd[5587]: Starting up
Nov 16 10:32:23 tester sssd[5588]: Starting up
Nov 16 10:32:23 tester systemd[1]: Started System Security Services Daemon.
Verified working:
Setup:
# lxc launch ubuntu-daily:xenial tester && lxc exec tester bash
Failure Case:
# apt update && apt dist-upgrade -y && apt install -y sssd retries = 3 retries = 3 retries = 3 example. com,asia. example. com europe. example. com] /dc1.europe. example. com,ldaps: //dc2.europe. example. com dc=example, dc=com certs/ca- certificates. crt domain = EUROPE.EXAMPLE.COM expire_ policy = ad upper_case_ realm = true search_ base = dc=europe, dc=example, dc=com search_ base = dc=europe, dc=example, dc=com object_ class = user home_directory = unixHomeDirectory object_ class = group bind_dn = cn=europe- ldap-reader, cn=Users, dc=europe, dc=example, dc=com authtok = secret asia.example. com] /dc1.asia. example. com,ldaps: //dc2.asia. example. com dc=example, dc=com certs/ca- certificates. crt domain = ASIA.EXAMPLE.COM expire_ policy = ad upper_case_ realm = true search_ base = dc=asia, dc=example, dc=com search_ base = dc=asia, dc=example, dc=com object_ class = user home_directory = unixHomeDirectory object_ class = group bind_dn = cn=asia- ldap-reader, cn=Users, dc=asia, dc=example, dc=com authtok = secret" >/etc/sssd/ sssd.conf
# echo "[nss]
filter_groups = root
filter_users = root
reconnection_
[pam]
reconnection_
[sssd]
config_file_version = 2
reconnection_
sbus_timeout = 30
services = nss, pam
domains = europe.
[domain/
#With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd <email address hidden>
enumerate = false
cache_credentials = true
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldaps:/
ldap_search_base = dc=europe,
ldap_tls_cacert = /etc/ssl/
#This parameter requires that the DC present a completely validated certificate chain. If you're testing or don't care, use 'allow' or 'never'.
ldap_tls_reqcert = demand
krb5_realm = EUROPE.EXAMPLE.COM
dns_discovery_
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_
ldap_force_
ldap_user_
ldap_group_
ldap_user_
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_
ldap_user_principal = userPrincipalName
ldap_group_
ldap_group_name = sAMAccountName
#Bind credentials
ldap_default_
ldap_default_
[domain/
#With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd <email address hidden>
enumerate = false
cache_credentials = true
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldaps:/
ldap_search_base = dc=asia,
ldap_tls_cacert = /etc/ssl/
#This parameter requires that the DC present a completely validated certificate chain. If you're testing or don't care, use 'allow' or 'never'.
ldap_tls_reqcert = demand
krb5_realm = ASIA.EXAMPLE.COM
dns_discovery_
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_
ldap_force_
ldap_user_
ldap_group_
ldap_user_
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_
ldap_user_principal = userPrincipalName
ldap_group_
ldap_group_name = sAMAccountName
#Bind credentials
ldap_default_
ldap_default_
# chmod 600 /etc/sssd/sssd.conf
# service sssd start
# pkill -KILL -F /var/run/sssd.pid
# service sssd start
Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details.
# journalctl -xe
...
Oct 30 10:25:46 xtest sssd[7110]: SSSD is already running
Upgrade to Proposed and Retry:
# echo "deb http:// archive. ubuntu. com/ubuntu xenial-proposed main restricted universe multiverse" >>/etc/ apt/sources. list system/ sssd.service; enabled; vendor preset: enabled) slice/sssd. service x86_64- linux-gnu/ sssd/sssd_ be --domain europe.example.com --uid 0 --gid 0 --debug-to-files x86_64- linux-gnu/ sssd/sssd_ be --domain asia.example.com --uid 0 --gid 0 --debug-to-files x86_64- linux-gnu/ sssd/sssd_ nss --uid 0 --gid 0 --debug-to-files x86_64- linux-gnu/ sssd/sssd_ pam --uid 0 --gid 0 --debug-to-files
# apt update && apt dist-upgrade -y
# service sssd start
# systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/
Active: active (running) since Fri 2018-11-16 10:32:23 UTC; 21s ago
Main PID: 5584 (sssd)
Tasks: 5
Memory: 35.4M
CPU: 88ms
CGroup: /system.
├─5584 /usr/sbin/sssd -i -f
├─5585 /usr/lib/
├─5586 /usr/lib/
├─5587 /usr/lib/
└─5588 /usr/lib/
Nov 16 10:32:23 tester systemd[1]: Starting System Security Services Daemon...
Nov 16 10:32:23 tester sssd[5584]: Starting up
Nov 16 10:32:23 tester sssd[be[5586]: Starting up
Nov 16 10:32:23 tester sssd[be[5585]: Starting up
Nov 16 10:32:23 tester sssd[5587]: Starting up
Nov 16 10:32:23 tester sssd[5588]: Starting up
Nov 16 10:32:23 tester systemd[1]: Started System Security Services Daemon.