我正在尝试将ubuntu Docker容器与FreeIPA集成在一起,并在安装FreeIPA-client --install
时出现以下错误Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm BLABS.COM
trying https://vilma.com/ipa/json
Forwarding 'ping' to json server 'https://vilma.com/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://vilma.com/ipa/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to json server 'https://vilma/ipa/json'
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin@vilma.com'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
我尝试通过键入sssd并获得以下消息来手动启动sssd
ldb: unable to open modules directory '/usr/lib/x86_64-linux-gnu/ldb/modules/ldb' - Permission denied
(Sun Oct 14 20:55:17:078716 2018) [sssd] [load_configuration] (0x0010): The confdb initialization failed
(Sun Oct 14 20:55:17:078750 2018) [sssd] [main] (0x0020): SSSD couldn't load the configuration database.
感谢您的帮助
答案 0 :(得分:3)
万一其他人遇到此问题,问题在于docker使用的overlayfs会导致ldb使用的sssd数据库出现问题。
因此您需要:
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb移动到Dockerfile中的另一个路径(例如/usr/lib/x86_64-linux-gnu/ldb/modules/ldb-orig)sssd之前,必须创建一个空卷并将其装入/usr/lib/x86_64-linux-gnu/ldb/modules/ldb /usr/lib/x86_64-linux-gnu/ldb/modules/ldb中/usr/lib/x86_64-linux-gnu/ldb/modules/ldb-orig的原始内容复制到新卷中sssd 答案 1 :(得分:0)
我可以不使用sssd(-no-sssd选项)来管理解决方法
答案 2 :(得分:0)
这似乎已在Linux 5.8中修复。我认为是这个fix,但我不确定。