Hallo zusammen,
ich haben einen Ubuntu Server 16.04, der mittel SSSD in eine Microsoft Windows Active Directory Domain aufgenommen wurde. Die Anmeldung, Gruppenzuordnung und alles weitere funktioniert wie gewünscht. Jedoch habe ich beobachtet, dass der RAM des Servers, der zur Zeit nur idlet (Pre-Testphase), sich langsam füllt und den Server nach Tagen zum Absturz bringen kann (Out of Memory). Ein Neustart des SSSD Daemons hilft und gibt den RAM wieder frei. Bei näherer Untersuchung des Problems habe ich festgestellt, dass sich die Prozesse mit dem Namen "sssd_be" anhäufen und meines Erachtens die Ursache des Fehlers sind. Kurzes Beispiel: Ein anderer CentOS-Server mit einer Uptime von über vier Monaten hat nur einen "sssd_be" Prozess, wohingegen die Ubuntu Installation nach 5 Tagen schon über 100 solcher Prozesse hat. Habt Ihr Vorschläge, wie ich die Ursache des Fehlers eingrenzen kann?
Hier noch die sssd.conf:
[sssd] domains = AD.DOMAIN.DE config_file_version = 2 services = nss, pam [domain/AD.DOMAIN.DE] id_provider = ad access_provider = ad ldap_id_mapping = True override_homedir = /home/%d/%u use_fully_qualified_names = False default_domain_suffix = ad.domain.de ad_gpo_access_control = permissive default_shell = /bin/bash
Dankeim Voraus!
EDIT
Hier noch ein paar Zeilen aus dem LOG:
==> /var/log/sssd/sssd_AD.DOMAIN.DE.log <== (Tue Apr 24 04:27:48 2018) [sssd[be[AD.DOMAIN.DE]]] [ad_sasl_log] (0x0040): SASL: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) (Tue Apr 24 04:27:48 2018) [sssd[be[AD.DOMAIN.DE]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] (Tue Apr 24 04:27:48 2018) [sssd[be[AD.DOMAIN.DE]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)] (Tue Apr 24 04:27:48 2018) [sssd[be[AD.DOMAIN.DE]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. (Tue Apr 24 04:27:48 2018) [sssd[be[AD.DOMAIN.DE]]] [sdap_dyndns_timer_conn_done] (0x0080): No server is available, dynamic DNS update is skipped in offline mode. (Tue Apr 24 04:27:48 2018) [sssd[be[AD.DOMAIN.DE]]] [ad_dyndns_timer_connected] (0x0040): Failed to connect to AD: [1432158234](Dynamic DNS update not possible while offline) (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [exec_child_ex] (0x0040): execv failed [2][No such file or directory]. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [ad_machine_account_password_renewal_send] (0x0020): Could not exec renewal child: [2][No such file or directory]. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_ptask_done] (0x0040): Task [AD machine account password renewal]: failed with [2]: No such file or directory (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): child [604] failed with status [1]. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [256] (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158232]: Dynamic DNS update failed (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with server name (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): child [608] failed with status [1]. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [256] (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158232]: Dynamic DNS update failed (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): child [612] failed with status [1]. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [256] (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158232]: Dynamic DNS update failed (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): child [616] failed with status [1]. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [256] (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158232]: Dynamic DNS update failed (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [sdap_dyndns_update_ptr_done] (0x0080): nsupdate failed, retrying with server name (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): child [620] failed with status [1]. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status. (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [256] (Tue Apr 24 04:29:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158232]: Dynamic DNS update failed (Tue Apr 24 04:30:05 2018) [sssd[be[AD.DOMAIN.DE]]] [ad_machine_account_password_renewal_timeout] (0x0020): Timeout reached for AD renewal child. (Tue Apr 24 04:30:05 2018) [sssd[be[AD.DOMAIN.DE]]] [be_ptask_done] (0x0040): Task [AD machine account password renewal]: failed with [1432158266]: AD renewal child failed (Tue Apr 24 04:30:05 2018) [sssd[be[AD.DOMAIN.DE]]] [child_sig_handler] (0x0020): child [603] was terminated by signal [9]. (Tue Apr 24 04:43:59 2018) [sssd[be[AD.DOMAIN.DE]]] [sdap_id_conn_data_expire_handler] (0x0080): connection is about to expire, releasing it