← Back to team overview

freeipa team mailing list archive

  1. freeipa team
  2. Mailing list archive
  3. Message #01036

[Bug 1879083] Re: default sssd.conf after ipa-client-install crashes sssd

  Thread PreviousDate PreviousThread Next 
With the line not commented, upon each and every startup in all cases
one sees this:

May 19 11:37:25 email1 systemd[1]: Starting SSSD NSS Service responder socket.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72216]: (Tue May 19 11:37:12:251510 2020) [sssd] [main] (0x0010): Misconfiguration found for the nss responder.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72216]: The nss responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72216]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the nss's socket by calling:
May 19 11:37:25 email1 sssd[pac]: Starting up
May 19 11:37:25 email1 systemd[1]: Starting SSSD PAM Service responder private socket.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72216]: "systemctl disable sssd-nss.socket"
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72218]: (Tue May 19 11:37:12:022884 2020) [sssd] [main] (0x0010): Misconfiguration found for the pam responder.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72218]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72218]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling:
May 19 11:37:25 email1 sssd[ssh]: Starting up
May 19 11:37:25 email1 systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72218]: "systemctl disable sssd-pam.socket"
May 19 11:37:25 email1 sssd[pam]: Starting up
May 19 11:37:25 email1 systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'.
May 19 11:37:25 email1 sssd[sudo]: Starting up
May 19 11:37:25 email1 systemd[1]: Failed to listen on SSSD PAM Service responder private socket.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72224]: (Tue May 19 11:37:13:424695 2020) [sssd] [main] (0x0010): Misconfiguration found for the sudo responder.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72224]: The sudo responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72224]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the sudo's socket by calling:
May 19 11:37:25 email1 systemd[1]: Dependency failed for SSSD PAM Service responder socket.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72224]: "systemctl disable sssd-sudo.socket"
May 19 11:37:25 email1 systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72221]: (Tue May 19 11:37:13:671260 2020) [sssd] [main] (0x0010): Misconfiguration found for the ssh responder.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72221]: The ssh responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf.
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72221]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the ssh's socket by calling:
May 19 11:37:25 email1 systemd[1]: sssd-nss.socket: Control process exited, code=exited, status=17/n/a
May 19 11:37:25 email1 sssd_check_socket_activated_responders[72221]: "systemctl disable sssd-ssh.socket"
May 19 11:37:25 email1 systemd[1]: sssd-nss.socket: Failed with result 'exit-code'.
May 19 11:37:25 email1 sssd[nss]: Starting up



With the line commented, one sees:

May 19 11:41:05 email1 systemd[1]: Starting System Security Services Daemon...
May 19 11:41:07 email1 sssd: Starting up
May 19 11:41:07 email1 kernel: [270731.176590] kauditd_printk_skb: 23 callbacks suppressed
May 19 11:41:07 email1 kernel: [270731.176594] audit: type=1400 audit(1589906467.911:65972): apparmor="ALLOWED" operation="exec" profile="/usr/sbin/sssd" name="/usr/libexec/sssd/sssd_be" pid=72354 comm="sssd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be"
May 19 11:41:07 email1 kernel: [270731.178959] audit: type=1400 audit(1589906467.911:65973): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/libexec/sssd/sssd_be" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.179565] audit: type=1400 audit(1589906467.911:65974): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/lib/x86_64-linux-gnu/ld-2.31.so" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.180514] audit: type=1400 audit(1589906467.915:65975): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/etc/ld.so.cache" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.180761] audit: type=1400 audit(1589906467.915:65976): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/lib/x86_64-linux-gnu/libdl-2.31.so" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.180965] audit: type=1400 audit(1589906467.915:65977): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/lib/x86_64-linux-gnu/libdl-2.31.so" pid=72354 comm="sssd_be" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.181284] audit: type=1400 audit(1589906467.915:65978): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/lib/x86_64-linux-gnu/libtevent.so.0.10.1" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.181350] audit: type=1400 audit(1589906467.915:65979): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/lib/x86_64-linux-gnu/libtevent.so.0.10.1" pid=72354 comm="sssd_be" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.181653] audit: type=1400 audit(1589906467.915:65980): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/lib/x86_64-linux-gnu/libtalloc.so.2.3.0" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:07 email1 kernel: [270731.181718] audit: type=1400 audit(1589906467.915:65981): apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/usr/lib/x86_64-linux-gnu/libtalloc.so.2.3.0" pid=72354 comm="sssd_be" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
May 19 11:41:12 email1 sssd[be[1.quietfountain.com]]: Starting up
May 19 11:41:12 email1 systemd[1]: Started System Security Services Daemon.
May 19 11:41:12 email1 sssd[pac]: Starting up
May 19 11:41:12 email1 systemd[1]: Starting SSSD NSS Service responder socket.
May 19 11:41:12 email1 sssd[nss]: Starting up
May 19 11:41:12 email1 systemd[1]: Starting SSSD PAM Service responder private socket.
May 19 11:41:12 email1 systemd[1]: Listening on SSSD NSS Service responder socket.
May 19 11:41:12 email1 systemd[1]: Starting SSSD AutoFS Service responder socket.
May 19 11:41:12 email1 systemd[1]: Starting SSSD PAC Service responder socket.
May 19 11:41:12 email1 systemd[1]: Starting SSSD PAM Service responder socket.
May 19 11:41:12 email1 systemd[1]: Starting SSSD SSH Service responder socket.
May 19 11:41:12 email1 systemd[1]: Starting SSSD Sudo Service responder socket.
May 19 11:41:12 email1 systemd[1]: Started SSSD NSS Service responder.
May 19 11:41:12 email1 systemd[1]: Listening on SSSD PAM Service responder private socket.
May 19 11:41:12 email1 systemd[1]: Listening on SSSD AutoFS Service responder socket.
May 19 11:41:12 email1 systemd[1]: Listening on SSSD PAC Service responder socket.
May 19 11:41:12 email1 systemd[1]: Listening on SSSD PAM Service responder socket.
May 19 11:41:12 email1 systemd[1]: Listening on SSSD SSH Service responder socket.
May 19 11:41:12 email1 systemd[1]: Listening on SSSD Sudo Service responder socket.
May 19 11:41:12 email1 kernel: [270736.186051] kauditd_printk_skb: 1613 callbacks suppressed
May 19 11:41:12 email1 kernel: [270736.186054] audit: type=1400 audit(1589906472.919:67364): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/var/lib/sss/pubconf/kdcinfo.<hc edited out>" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:12 email1 kernel: [270736.186061] audit: type=1400 audit(1589906472.919:67365): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/etc/hosts" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:12 email1 kernel: [270736.186064] audit: type=1400 audit(1589906472.919:67366): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/etc/hosts" pid=72354 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 11:41:12 email1 kernel: [270736.186068] audit: type=1400 audit(1589906472.919:67367): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/var/lib/sss/db/ccache_xxxxxxxxxxx" pid=72354 comm="sssd_be" requested_mask="ra" denied_mask="ra" fsuid=0 ouid=0
May 19 11:41:12 email1 kernel: [270736.186072] audit: type=1400 audit(1589906472.919:67368): apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/var/lib/sss/db/ccache_1.xxxxxxxxx" pid=72354 comm="sssd_be" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0
May 19 11:41:20 email1 kernel: [270743.971057] audit: audit_backlog=65 > audit_backlog_limit=64
May 19 11:41:20 email1 kernel: [270743.971062] audit: audit_lost=2155 audit_rate_limit=0 audit_backlog_limit=64
May 19 11:41:20 email1 kernel: [270743.971063] audit: backlog limit exceeded
May 19 11:41:20 email1 kernel: [270743.971231] audit: audit_backlog=65 > audit_backlog_limit=64
May 19 11:41:20 email1 kernel: [270743.971233] audit: audit_lost=2156 audit_rate_limit=0 audit_backlog_limit=64
May 19 11:41:20 email1 kernel: [270743.971234] audit: backlog limit exceeded
May 19 11:41:20 email1 kernel: [270743.971318] audit: audit_backlog=65 > audit_backlog_limit=64
May 19 11:41:20 email1 kernel: [270743.971320] audit: audit_lost=2157 audit_rate_limit=0 audit_backlog_limit=64
May 19 11:41:20 email1 kernel: [270743.971321] audit: backlog limit exceeded
May 19 11:41:20 email1 kernel: [270743.971403] audit: audit_backlog=65 > audit_backlog_limit=64

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1879083

Title:
  default sssd.conf after ipa-client-install crashes sssd

Status in freeipa package in Ubuntu:
  Incomplete

Bug description:
  Notice 
  ipa-client-install
  creates /etc/sssd/sssd.conf
  but changes in the sssd process's socket approach calls for that file to change
  /etc/sssd.conf from
  ...
  [sssd]
  services = nss, pam, ssh, sud
  ...
  to
  [sssd]
  #services = nss, pam, ssh, sud
  otherwise the sssd service either won't start or complains.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: freeipa-client 4.8.6-1ubuntu2
  ProcVersionSignature: Ubuntu 5.4.0-29.33-generic 5.4.30
  Uname: Linux 5.4.0-29-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: MATE
  Date: Sat May 16 12:51:21 2020
  InstallationDate: Installed on 2020-05-13 (2 days ago)
  InstallationMedia: Ubuntu-MATE 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  SourcePackage: freeipa
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1879083/+subscriptions

References

  Thread PreviousDate PreviousThread Next