Basic troubleshooting for the AD Bridge agent | AD Bridge
The following are basic steps for troubleshooting issues related to the AD Bridge agent.
Check the version and build number
Check the version and build number of the AD Bridge agent from computers that are running Linux or Unix, or from a computer that is connected to the domain controller and is running Windows.
Check from Linux or Unix
To check the version number of the AD Bridge agent from a computer running Linux or Unix, run the command:
cat /opt/pbis/data/ENTERPRISE_VERSIONAnother option is to run the command:
/opt/pbis/bin/get-statusCheck the build number of the agent
On Linux distributions that support RPM, for example, Red Hat Enterprise Linux, Fedora, SUSE Linux Enterprise, OpenSUSE, and CentOS, determine the version and build number of the agent (10.1.0.xxxx in the examples below) by running the command at the shell prompt:
rpm -qa | grep pbisThe result shows the build version after the version number:
pbis-enterprise-10.1.0-881.x86_64On Unix computers and Linux distributions that do not support RPM, the command to check the build number varies by platform:
| Platform | Command |
|---|---|
| Debian and Ubuntu | dpkg –S /opt/pbis/ |
| Solaris | pkginfo | grep -i pbis |
| AIX | lslpp –l | grep pbis |
Check from Windows
To check the version and build number of the AD Bridge agent from a Windows administration workstation that is connected to your domain controller:
In Active Directory Users and Computers, right-click the Linux or Unix computer, and then click Properties.
Click the Operating System tab. The build number is shown in the Service pack box.
Determine a computer's FQDN
To determine the fully qualified domain name of a computer running Linux or Unix, run the command at the shell prompt:
ping -c 1 `hostname`On Solaris
On Sun Solaris, to find the FQDN, run the command (the computer's configuration can affect the results):
FQDN=`/ usr/lib/mail/ sh/ check-hostname|cut - d" " -f7`;echo $FQDNFor more information, see Join Active Directory without changing /etc/hosts
Ensure outbound ports are open
If using local firewall settings, such as iptables, on a computer running the AD Bridge agent, make sure the ports are open for outbound traffic.
The AD Bridge agent is a client only; it does not listen on any ports.
| Port | Protocol | Use |
|---|---|---|
| 53 | UDP/ TCP | DNS |
| 88 | UDP/TCP | Kerberos 5 |
| 123 | UDP | NTP |
| 389 | UDP/TCP | LDAP |
| 445 | TCP | SMB over TCP |
| 464 | UDP/TCP | Computer password changes (typically after 30 days) |
| 1433 | TCP | Connection to SQL Server. Open the port in use. The default port for SQL is 1433. |
| 3268 | TCP | Global Catalog search |
To view the firewall rules on a Linux computer using iptables, run the command:
iptables - nLCheck the file permissions of nsswitch.conf
For AD Bridge to work correctly, the /etc/nsswitch.conf file must be readable by user, group, and world. The following symptoms may indicate a permission issue with nsswitch.conf:
- Running the id command with an AD account as the argument (for example, id example.com\\kathy) works when it is runs as root, but when the same command is run by the AD user, it returns only a UID and GID without a name.
- An error message displays for non-root users: I have no name! or intruder alert.
Configure SSH after upgrading it
After SSH is upgraded, make sure the sshd_config file is set up properly to work with AD Bridge.
Run the command as root:
domainjoin-cli configure --enable sshUpgrade an operating system
After upgrading an operating system or installing a kernel patch, rerun the domain-join command to:
- Make sure that the files related to the operating system, such as PAM and nsswitch, are configured properly to work with AD Bridge.
- Update the operatingSystemVersion value and the operatingSystemServicePack value in Active Directory so the AD Bridge reporting tool reflects the correct version numbers.
As a general best practice, apply updates to test systems before production systems. This helps identify and resolve potential issues before they impact production.
