# SSSD

## Check Domain State
As `root` check what domains are configured:
```
# sssctl domain-list
D.PSI.CH
#
```
and then check their state:
```
# sssctl domain-status D.PSI.CH
Online status: Offline

Active servers:
AD Global Catalog: not connected
AD Domain Controller: dc01.D.PSI.CH

Discovered AD Global Catalog servers:
None so far.
Discovered AD Domain Controller servers:
- dc01.D.PSI.CH
- dc02.D.PSI.CH
- dc00.D.PSI.CH

#
```

## Check User State
```
# sssctl user-checks buchel_k
user: buchel_k
action: acct
service: system-auth

SSSD nss user lookup result:
 - user name: buchel_k
 - user id: 44951
 - group id: 710
 - gecos: Bucheli Konrad
 - home directory: /home/buchel_k
 - shell: /bin/bash

SSSD InfoPipe user lookup result:
 - name: buchel_k
 - uidNumber: 44951
 - gidNumber: 710
 - gecos: Bucheli Konrad
 - homeDirectory: /afs/psi.ch/user/b/buchel_k
 - loginShell: /bin/bash

testing pam_acct_mgmt

pam_acct_mgmt: Success

PAM Environment:
 - no env -
#
```

## Check Log for AD connection

If `/var/log/sssd/sssd_D.PSI.CH.log` complains about file issues like

```
  *  (2024-10-03  9:47:17): [be[D.PSI.CH]] [sysdb_delete_cache_entry] (0x0020): [RID#78] LDB Error: No such object (32); error message: [ldb_wait from ldb_delete with LDB_WAIT_ALL: No such object (32)]
********************** BACKTRACE DUMP ENDS HERE *********************************

(2024-10-03  9:47:17): [be[D.PSI.CH]] [sysdb_delete_entry] (0x0040): [RID#78] sysdb_delete_cache_entry failed: 2
(2024-10-03  9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] ldb_add failed: [Entry already exists](68)[Entry name=X06SA@d.psi.ch,cn=groups,cn=D.PSI.CH,cn=sysdb already exists]
   *  ... skipping repetitive backtrace ...
(2024-10-03  9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] Error: 17 (File exists)
   *  ... skipping repetitive backtrace ...
(2024-10-03  9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] ldb_add failed: [Entry already exists](68)[Entry name=gac-x07da@d.psi.ch,cn=groups,cn=D.PSI.CH,cn=sysdb already exists]
   *  ... skipping repetitive backtrace ...
(2024-10-03  9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] Error: 17 (File exists)
   *  ... skipping repetitive backtrace ...
(2024-10-03  9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] ldb_add failed: [Entry already exists](68)[Entry name=X07DA@d.psi.ch,cn=groups,cn=D.PSI.CH,cn=sysdb already exists]
```

delete the `sssd` files:

```
systemctl stop sssd.service
rm -f /var/lib/sss/db/*
systemctl start sssd.service
```

## Extended Logging

To get more logging messages you may raise the log level to 6, either permanently in Hiera with key `aaa::sssd_debuglevel` or temporary on the host itself with
```
sssctl debug-level 6
```

The logs are located in `/etc/log/sssd/`