I just finished upgrading my system to SLES11SP3 and configured SSSD for authentication. It joined the domain correctly, the config files have been setup properly. The issue is I start the SSSD service but it stops after a vew seconds. The /var/log/sssd/sssd_[domain.com].log complains about "Unable to load ad module with path (/usr/lib64/sssd/libsss_ad.so) because the file doesn’t exist. It is true that it does not exist. I compared with a RHEL server setup in the same way and it does exist on that one. I scrubbed the web for similar issues without luck and copying various version of that library failed with kernel mismatch errors and long lists of prerequisites missing … I’m sure there’s a simple fix for this that I am missing since apparently it’s not part of the SSSD package on purpose.
I just finished upgrading my system to SLES11SP3 and configured SSSD for authentication. It joined the domain correctly, the config files have been setup properly. The issue is I start the SSSD service but it stops after a vew seconds. The /var/log/sssd/sssd_[domain.com].log complains about "Unable to load ad module with path (/usr/lib64/sssd/libsss_ad.so) because the file doesn’t exist. It is true that it does not exist. I compared with a RHEL server setup in the same way and it does exist on that one. I scrubbed the web for similar issues without luck and copying various version of that library failed with kernel mismatch errors and long lists of prerequisites missing … I’m sure there’s a simple fix for this that I am missing since apparently it’s not part of the SSSD package on purpose.
Any help would be greatly appreciated.
Thanks.[/QUOTE]
I can only offer to forward an answer I received from elsewhere: SLES11 comes with the 1.9 version and does not include that module. There’s a build on OBS for the 1.11 version (https://build.opensuse.org/package/show?project=network%3Aldap&package=sssd), but unfortunately the build for SLE11SP3 failed because of missing dependencies.
With SLES12 not far away (there’s already a beta running), personally I’d wait for that to see which version is included there.
Thanks Jens. Just as a side note, SLES11SP3 is running sssd 1.9.4 and we do have RHEL boxes with sssd 1.9.2 that does carry the library SLES is missing. Anyways, if this is correct, it means SLES does not support doing SSSD using Kerberos against Active Directory … which is really weird.
Hmmm. My SLED 11 SP3 machines aren’t Domain joined but they use sssd to authenticate against against Active Directory using Kerberos. SLED not SLES, but SLED uses the same sssd package as SLES so there’s no libsss_ad.so. I don’t have a SLES install I can mess with to try setting up sssd but if works on SLED it should work on SLES.
In sssd.conf what have you set auth_provider to? I’ve got it set to krb5.
Both my ID and Access provider is set to AD, setting 1 of them to krb5 still requires the libsss_ad.so, setting both to krb5 gives me other problems. But ultimately, we have a standard config we use for Linux servers that we are trying to apply to SLES but it doesn’t seem it will be able to support it
Have we got any resolution for this issue? I am in same situation where I need to configure SSSD with id provider as AD to fetch users/groups from AD by using objectSid. I cant find any resolution so far to obtain libsss_ad.so.
I was given a different procedure specifically for SLES11 SP3 since it is apparently different than RedHat. I have not tried the procedure because I have been re-assigned to another project but I plan to try it when possible.
It seems I can’t attach the document to this post but I could e-mail it if you have an e-mail address.
SLE 11 SP3 and SP4 do not include the AD provider (libsss_ad.so). The SSSD wasn’t implemented on SLE until SLES11 SP2.
SSSD connectivity to Active Directory on the SLE 11 platform is implemented either completely with LDAP using the SSSD LDAP “ID” and “AUTH” providers, or using the SSSD LDAP “ID” and Kerberos “AUTH” providers. The LDAP/Kerberos combination is much better with a machine joined to the target domain.
SLE 12 does implement the AD provider and it works extremely well and reduces complexity greatly. The SLE 11 configuration is a bit more hands on and requires some knowledge of system LDAP/Kerberos, PAM LDAP/Kerberos and SSSD LDAP/Kerberos concepts and practices.
YaST is not of much help in SLE 11, and frankly the SSSD is best implemented out of band from YaST in these instances.
Basically:
Implement the Kerberos and samba client manually
Using a Kerberos connection join the system to the domain manually
Install and configure the SSSD manually
I can help ya’ll through it if contacted off list.
Did anyone got some solution to this.
If yes then please let me know.
And if not then i just have a confusion that is it possible to use upgraded version of sssd like is it possible to use sssd package from SUSE 12 i tried this but failed to do it.
To be clear, the SSSD AD provider was not implemented on SLES 11 by design and it would not be advisable to try and do so. The myriad dependencies that would need to be resolved would likely break other system components and would be married with a then, unsupportable system.
Implementing the LDAP and Kerberos providers on SLES 11, or upgrading to SLES 12 is the solution.
