Cannot open "/usr/local/lib/sssd/libsss_ad.so"

[Sparkee]

I'm working on configuring SSSD on a FreeBSD 13.1 EC2 but I got stuck, sssd won't start:

==> /var/log/sssd/sssd_LAB.DOMAIN.COM.log <==
(Wed Jan 18 20:42:38 2023) [sssd[be[LAB.DOMAIN.COM]]] [dp_target_init] (0x0010): Unable to load module ad
(Wed Jan 18 20:42:38 2023) [sssd[be[LAB.DOMAIN.COM]]] [be_process_init] (0x0010): Unable to setup data provider [1432158209]: Internal Error
(Wed Jan 18 20:42:38 2023) [sssd[be[LAB.DOMAIN.COM]]] [main] (0x0010): Could not initialize backend [1432158209]
(Wed Jan 18 20:42:40 2023) [sssd[be[LAB.DOMAIN.COM]]] [dp_module_open_lib] (0x0010): Unable to load module [ad] with path [/usr/local/lib/sssd/libsss_ad.so]: Cannot open "/usr/local/lib/sssd/libsss_ad.so"
==> /var/log/sssd/sssd.log <==
(Wed Jan 18 20:42:44 2023) [sssd] [monitor_restart_service] (0x0010): Process [LAB.DOMAIN.COM], definitely stopped!
(Wed Jan 18 20:42:44 2023) [sssd] [monitor_cleanup] (0x0010): Error removing pidfile! (2 [No such file or directory])
# file /usr/local/lib/sssd/libsss_ad.so
/usr/local/lib/sssd/libsss_ad.so: cannot open `/usr/local/lib/sssd/libsss_ad.so' (No such file or directory)
# ls -l /usr/local/lib/sssd/
total 1588
drwxr-xr-x  2 root  wheel     512 Jan 10 16:39 conf
-rwxr-xr-x  1 root  wheel   21736 Jan  7 14:23 libsss_cert.so
-rwxr-xr-x  1 root  wheel   19936 Jan  7 14:23 libsss_child.so
-rwxr-xr-x  1 root  wheel   25032 Jan  7 14:23 libsss_crypt.so
-rwxr-xr-x  1 root  wheel   15376 Jan  7 14:23 libsss_debug.so
-rwxr-xr-x  1 root  wheel   10760 Jan  7 14:23 libsss_krb5.so
-rwxr-xr-x  1 root  wheel  137048 Jan  7 14:23 libsss_krb5_common.so
-rwxr-xr-x  1 root  wheel   20936 Jan  7 14:23 libsss_ldap.so
-rwxr-xr-x  1 root  wheel  588336 Jan  7 14:23 libsss_ldap_common.so
-rwxr-xr-x  1 root  wheel   66680 Jan  7 14:23 libsss_proxy.so
-rwxr-xr-x  1 root  wheel    4440 Jan  7 14:23 libsss_semanage.so
-rwxr-xr-x  1 root  wheel   26384 Jan  7 14:23 libsss_simple.so
-rwxr-xr-x  1 root  wheel  574432 Jan  7 14:23 libsss_util.so
drwxr-xr-x  2 root  wheel     512 Jan 10 16:39 modules

This is the sssd.conf that I'm using on a Ubuntu server

# cat /usr/local/etc/sssd/sssd.conf
[sssd]
config_file_version = 2
domains = LAB.DOMAIN.COM
services = nss, pam, pac, sudo, ssh
[domain/LAB.DOMAIN.COM]
ldap_id_mapping = False
id_provider = ad
auth_provider = ad
chpass_provider = ad
#access_provider = ad
access_provider = simple
sudo_provider = ldap
ldap_sudo_search_base = ou=Sudo,OU=Services,dc=lab,dc=domain,dc=com
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
simple_allow_users = ubuntu,bob
simple_deny_users = root

Does anyone have an idea what should I try next?

 

[Sparkee]

After compiling sssd with samba support I'm getting a new error

# pkg info sssd-smb |grep smb
sssd-smb-1.16.5_8
Name           : sssd-smb
    libsmbclient.so.0
    flavor         : smb

Wed Jan 18 21:25:27 2023) [sssd[be[LAB.DOMAIN.COM]]] [dp_module_open_lib] (0x0010): Unable to load module [ad] with path [/usr/local/lib/sssd/libsss_ad.so]: /usr/local/lib/libldb.so.2: version LDB_2.3.4 required by /usr/local/lib/samba4/private/libsamdb-common-samba4.so not found
(Wed Jan 18 21:25:27 2023) [sssd[be[LAB.DOMAIN.COM]]] [dp_target_init] (0x0010): Unable to load module ad
(Wed Jan 18 21:25:27 2023) [sssd[be[LAB.DOMAIN.COM]]] [be_process_init] (0x0010): Unable to setup data provider [1432158209]: Internal Error
(Wed Jan 18 21:25:27 2023) [sssd[be[LAB.DOMAIN.COM]]] [main] (0x0010): Could not initialize backend [1432158209]
# file /usr/local/lib/sssd/libsss_ad.so
/usr/local/lib/sssd/libsss_ad.so: ELF 64-bit LSB shared object, x86-64, version 1 (FreeBSD), dynamically linked, for FreeBSD 13.1, stripped
# file /usr/local/lib/samba4/private/libsamdb-common-samba4.so
/usr/local/lib/samba4/private/libsamdb-common-samba4.so: ELF 64-bit LSB shared object, x86-64, version 1 (FreeBSD), dynamically linked, for FreeBSD 13.1, stripped

 

[Sparkee]

It looks ldb 2.2.3 is the latest available for FreeBSD.
The source site has newer versions, once we have a newer for FreeBSD I'll try again.

 

[crees@]

Dan Langille has ported ldb 2.3.4, the Samba maintainer hasn't put it in the tree yet, but it's very easy to build yourself from ports. I can confirm that it works now.

269069 – databases/ldb22: update to (or add) 2.3.4 or greater

bugs.freebsd.org

# cd /usr/ports/net
# cp -R ldb22 ldb23
# sed -i '' 's,2.2.3,2.3.4,;s,ldb22,ldb23,' Makefile
# make makesum
# rm files/patch-samba-4.14.14-for-ldb22
# make install-missing-packages install clean

 

[Sparkee]

Thank you!
I’ve been in touch with dvl@, I’m really glad to see this working.

 

[crees@]

You also need to recompile net-mgmt/adcli to make it not give weird GSSAPI errors if you do this. Make sure you have it installed because SSSD relies on it for the 30-day machine account update... but it also looks for it in /usr/bin/adcli rather than /usr/local/bin, so you need to symlink it.

The requirements for getting the machine password out for RADIUS are insane too, I'll publish those at some point.