Can someone suggest anything? I cloned the server from existing one which we use LDAP and AD authentication but cloned server is not syncing with AD anymore. I tried to rejoin it but after rejoining my exsiting username no longer exist. Also I see the following:

SSSD status active but:
sssd[be[adserver.com]][15170]: Backend is offline


sssd_pam log:

[sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]


SSSD conf file:

[sssd]
domains = adserver.com
config_file_version = 2
services = nss, pam

[domain/adserver.com]
ad_domain = adserver.com.com
krb5_realm = ADSERVER.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_sasl_authid = test-b8-devsub$
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
[pam]


Any suggestion or resolution appreciated!

Thank you,

So, after cloning the machine, did you rename the clone? Or, do you have now two machines with same name?
If the clone was renamed, does the AD Object exists? If you do not know ask your AD admin.

How exactly did you do that? Can you show which commands you ran?

What is the OS? Did you check syslog, and event logs on your AD server?

Moved: This thread is more suitable in <CentOS> and has been moved accordingly to help your thread/question get the exposure it deserves.

Quote:

Originally Posted by dc.901 So, after cloning the machine, did you rename the clone? Or, do you have now two machines with same name? If the clone was renamed, does the AD Object exists? If you do not know ask your AD admin.

Cloned server is CentOS 7. I haven't check the logs from AD side yet. I tried to rejoining the host it joins fines but tells no userexists when I tried to switch to my ad admin existing user.

I found the root cause. Selinux and firewalld were causing the connecting between AD and Linux host. Turning them off fixed the issue.