Hi,
I’m trying to setup HA Master Thinlinc, I’ve setuped pacemaker for the clustering solution and it is working well, failover with fencing and the VIP is working.
root@tl-alpha-paris:~# pcs status
Cluster name: thinlincha
Stack: corosync
Current DC: tl-alpha-paris (version 2.0.1-9e909a5bdd) - partition with quorum
Last updated: Tue Jun 29 09:39:17 2021
Last change: Mon Jun 28 22:29:59 2021 by root via cibadmin on tl-alpha-paris
2 nodes configured
3 resources configured
Online: [ tl-alpha-paris tl-beta-paris ]
Full list of resources:
cluster_ip (ocf::heartbeat:IPaddr2): Started tl-alpha-paris
fence_tl-alpha-paris (stonith:fence_virsh): Started tl-beta-paris
fence_tl-beta-paris (stonith:fence_virsh): Started tl-alpha-paris
Daemon Status:
corosync: active/enabled
pacemaker: active/enabled
pcsd: active/enabled
nodes:
tl-alpha-paris
tl-beta-paris
IP address:
10.100.150.50 → tl-alpha-paris
10.100.150.51 → tl-beta-paris
10.100.150.52 → tl-ha-paris (VIP)
DNS name are working, same as the node name,
and with the .company.lan suffix also.
/etc/hosts contain also the DNS name.
root@tl-alpha-paris:~# nslookup
tl-alpha-paris
Server: 10.100.120.2
Address: 10.100.120.2#53
Name: tl-alpha-paris.company.lan
Address: 10.100.150.50
tl-beta-paris
Server: 10.100.120.2
Address: 10.100.120.2#53
Name: tl-beta-paris.company.lan
Address: 10.100.150.51
tl-ha-paris
Server: 10.100.120.2
Address: 10.100.120.2#53
Name: tl-ha-paris.company.lan
Address: 10.100.150.52
The issue I encounter is that I can not login with Active Directory user with the client, but if I check the user on the tlwebadmin interface, it says it work. (I can connect with local user)
I do not have errors in log.
/var/log/vsmagent.log
root@tl-alpha-paris:~# tail -f /var/log/vsmagent.log
2021-06-29 12:22:38 INFO vsmagent: Got SIGTERM, signaling process to quit
2021-06-29 12:22:38 INFO vsmagent: Terminating. Have a nice day!
2021-06-29 12:22:39 INFO vsmagent: VSM Agent version 4.12.1 build 6733 started
2021-06-29 12:22:39 INFO vsmagent: My public hostname is 10.100.150.50
2021-06-29 12:38:05 INFO vsmagent: Got SIGTERM, signaling process to quit
2021-06-29 12:38:05 INFO vsmagent: Terminating. Have a nice day!
2021-06-29 12:38:05 INFO vsmagent: VSM Agent version 4.12.1 build 6733 started
2021-06-29 12:38:05 INFO vsmagent: My public hostname is 10.100.150.50
/var/log/vsmserver.log
root@tl-alpha-paris:~# tail -f /var/log/vsmserver.log
2021-06-29 12:29:55 INFO vsmserver: VSM Server version 4.12.1 build 6733 started
2021-06-29 12:29:55 INFO vsmserver.license: Updating license data from disk to memory
2021-06-29 12:29:55 INFO vsmserver.license: License summary: 5 concurrent users. Hard limit of 6 concurrent users.
2021-06-29 12:29:55 INFO vsmserver.session: Loaded 0 sessions for 0 users from file
2021-06-29 12:31:32 INFO vsmserver: Got SIGTERM, signaling process to quit
2021-06-29 12:31:32 INFO vsmserver: Terminating. Have a nice day!
2021-06-29 12:31:32 INFO vsmserver: VSM Server version 4.12.1 build 6733 started
2021-06-29 12:31:32 INFO vsmserver.license: Updating license data from disk to memory
2021-06-29 12:31:32 INFO vsmserver.license: License summary: 5 concurrent users. Hard limit of 6 concurrent users.
2021-06-29 12:31:32 INFO vsmserver.session: Loaded 0 sessions for 0 users from file
Is there another log file for Active Directory user login on Thinlinc ?
On both nodes, Active Directory is setted:
root@tl-alpha-paris:~# id thinlincad
uid=1470206623(thinlincad) gid=1470200513(utilisateurs du domaine) groups=1470200513(utilisateurs du domaine),1470201605(ftp-users),1470205113($duplicate-13f9),1470203534(sophosuser),1470203975($duplicate-f87)
root@tl-alpha-paris:~# kinit thinlincad
Password for thinlincad@COMPANY.LAN:
Password expired. You must change it now.
Enter new password:
Enter it again:
root@tl-alpha-paris:~# kinit thinlincad
Password for thinlincad@COMPANY.LAN:
root@tl-alpha-paris:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: thinlincad@COMPANY.LAN
Valid starting Expires Service principal
06/29/2021 12:44:49 06/29/2021 22:44:49 krbtgt/COMPANY.LAN@COMPANY.LAN
renew until 06/30/2021 12:44:43
The basic VSM Agent and Server conf file for HA:
/opt/thinlinc/etc/conf.d/vsmagent.hconf
[/vsmagent]
master_hostname=tl-ha-paris
allowed_clients=tl-alpha-paris tl-beta-paris
/opt/thinlinc/etc/conf.d/vsmserver.hconf
[/vsmserver/HA]
enabled=1
nodes=tl-alpha-paris tl-beta-paris
[/vsmserver/subclusters/Default]
agents=tl-alpha-paris tl-beta-paris
Do anyone have an idea ?
EDIT: I forgotten the sssd.conf file in /etc/sssd/ !!! I keep the post
The issue is known from Cendio and there is a doc, my bad
https://www.cendio.com/thinlinc/docs/platforms/general
The missing line for this to work was: ad_gpo_access_control = disabled
Thanks !