Oracle Linux: SSSD/AD Login Does Not Work if The First DNS Entry in "/etc/resolv.conf" is Unavailable (Doc ID 2648505.1)

Last updated on SEPTEMBER 23, 2022

Applies to:

Symptoms

AD user logins do not work when first DNS server entry in /etc/resolv.conf is not working or inaccessible.

Below logs are observed in the /var/log/sssd/sssd.<DOMAIN>.log

(Mon Feb 10 12:09:22 2020) [sssd[be[domain.ROOT]]] [be_get_account_info] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=username]
(Mon Feb 10 12:09:22 2020) [sssd[be[domain.ROOT]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD_GC'
(Mon Feb 10 12:09:22 2020) [sssd[be[domain.ROOT]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral
(Mon Feb 10 12:09:22 2020) [sssd[be[domain.ROOT]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '<DOMAIN>t'
(Mon Feb 10 12:09:24 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of '<DOMAIN>' in files
(Mon Feb 10 12:09:24 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of '<DOMAIN>t' in files
(Mon Feb 10 12:09:24 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Mon Feb 10 12:09:24 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of '<DOMAIN>' in DNS
(Mon Feb 10 12:09:26 2020) [sssd[be[domain.ROOT]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '<DOMAIN>'
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Init group lookup failed
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [be_pam_handler] (0x0100): Got request with the following data
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): domain: <DOMAIN>
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): user: username
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): service: sshd
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): tty: ssh
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): ruser:
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): rhost: ip-address
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): authtok type: 1
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): priv: 1
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): cli_pid: 20897
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [pam_print_data] (0x0100): logon name: not set
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [krb5_auth_send] (0x0100): Home directory for user [username] not known.
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral
(Mon Feb 10 12:09:28 2020) [sssd[be[domain.ROOT]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '<DOMAIN>'
(Mon Feb 10 12:09:31 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of '<DOMAIN>' in files
(Mon Feb 10 12:09:31 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of '<DOMAIN>' in files
(Mon Feb 10 12:09:31 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Mon Feb 10 12:09:31 2020) [sssd[be[domain.ROOT]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of '<DOMAIN>' in DNS
(Mon Feb 10 12:09:33 2020) [sssd[be[domain.ROOT]]] [netlogon_get_domain_info] (0x0080): No netlogon site name data available.
(Mon Feb 10 12:09:33 2020) [sssd[be[domain.ROOT]]] [netlogon_get_domain_info] (0x0080): No netlogon next closest site name data available.
(Mon Feb 10 12:09:33 2020) [sssd[be[domain.ROOT]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '<DOMAIN>'
(Mon Feb 10 12:09:34 2020) [sssd[be[domain.ROOT]]] [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
(Mon Feb 10 12:09:34 2020) [sssd[be[domain.ROOT]]] [be_ptask_enable] (0x0080): Task [Check if online (periodic)]: already enabled
(Mon Feb 10 12:09:34 2020) [sssd[be[domain.ROOT]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.

Changes

No changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.