[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#977462: marked as done (Debian Edu sssd.conf conflicts with sssd service sockets)

Your message dated Sun, 20 Dec 2020 09:03:26 +0000
with message-id <E1kqucg-0002lO-Gd@fasolo.debian.org>
and subject line Bug#977462: fixed in debian-edu-config 2.11.40
has caused the Debian Bug report #977462,
regarding Debian Edu sssd.conf conflicts with sssd service sockets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
977462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977462
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: debian-edu-config
Severity: important
Version: 2.11.39
On Roaming Workstation, the /etc/sssd/sssd-debian-edu.conf causes error messages during boot: 

```
root@notebook-35:~# journalctl -b 0  | grep socket | grep -i sssd
Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD NSS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder private socket. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: (2020-12-15 11:51:41:970085): [sssd] [main] (0x0010): Misconfiguration found for the nss responder. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: The nss responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the nss's socket by calling: Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: (2020-12-15 11:51:41:970085): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: "systemctl disable sssd-nss.socket" Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: "systemctl disable sssd-pam.socket" Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-nss.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-nss.socket: Failed with result 'exit-code'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on SSSD NSS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on SSSD PAM Service responder private socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Dependency failed for SSSD PAM Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD AutoFS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD PAC Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD SSH Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD Sudo Service responder socket. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: (2020-12-15 11:51:41:978982): [sssd] [main] (0x0010): Misconfiguration found for the autofs responder. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: The autofs responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the autofs's socket by calling: Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: "systemctl disable sssd-autofs.socket" Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-autofs.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-autofs.socket: Failed with result 'exit-code'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on SSSD AutoFS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD SSH Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD PAC Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD Sudo Service responder socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder private socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder socket. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: (2020-12-15 11:51:56:347851): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: "systemctl disable sssd-pam.socket" Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: (2020-12-15 11:51:56:348023): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: "systemctl disable sssd-pam.socket" Dez 15 11:51:56 notebook-35.intern systemd[1]: Failed to listen on SSSD PAM Service responder private socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: Dependency failed for SSSD PAM Service responder socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'. Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Failed with result 'exit-code'. Dez 15 11:51:56 notebook-35.intern systemd[1]: Closed SSSD PAM Service responder socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder private socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder socket. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: (2020-12-15 12:00:45:730707): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: "systemctl disable sssd-pam.socket" Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: (2020-12-15 12:00:45:730867): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: "systemctl disable sssd-pam.socket" Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'. Dez 15 12:00:45 notebook-35.intern systemd[1]: Failed to listen on SSSD PAM Service responder private socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: Dependency failed for SSSD PAM Service responder socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'. Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Control process exited, code=exited, status=17/n/a Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Failed with result 'exit-code'. Dez 15 12:00:45 notebook-35.intern systemd[1]: Closed SSSD PAM Service responder socket. 
```

To possible ways to fix this:
Solution 1 (I guess the preferred, but maybe we loose the filter_groups and filter_users options) 

```
root@notebook-35:~# etckeeper vcs diff
diff --git a/sssd/sssd.conf b/sssd/sssd.conf
index 9451b33..1eb8078 100644
--- a/sssd/sssd.conf
+++ b/sssd/sssd.conf
@@ -3,19 +3,8 @@
 config_file_version = 2
 reconnection_retries = 3
 sbus_timeout = 30
-services = nss, pam, autofs
 domains = intern

-[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
-
-[pam]
-reconnection_retries = 3
-
-[autofs]
-
 [domain/intern]
 ; Using enumerate = true leads to high load and slow response
 enumerate = false
```

Solution 2 (possibly old-stylish):

Disable these systemd socket listeners:

/lib/systemd/system/sssd-autofs.socket
/lib/systemd/system/sssd-nss.socket
/lib/systemd/system/sssd-pam.socket

(Maybe also these???)
/lib/systemd/system/sssd-ssh.socket
/lib/systemd/system/sssd-pam-priv.socket
I am not an expert on sssd, but I think we should make sure to avoid error messages / service startup failures during system boot on Debian Edu Roaming Workstations. 

Any other ideas?

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpmz2S5n7MJH.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message --- 
Source: debian-edu-config
Source-Version: 2.11.40
Done: Holger Levsen <holger@debian.org>

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 977462@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 20 Dec 2020 09:47:45 +0100
Source: debian-edu-config
Architecture: source
Version: 2.11.40
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Closes: 977462
Changes:
 debian-edu-config (2.11.40) unstable; urgency=medium
 .
   [ Wolfgang Schweer ]
   * Rework sssd configuration, thanks to Mike Gabriel. (Closes: #977462)
     - share/debian-edu-config/tools/sssd-generate-config:
       Cleanup the included HERE documents (configuration snippets) from entries
       that are either default ones (like excluding the root user), obsolete, no
       longer in use or non-existent; also correct the wrong AD related one.
       As systemd is used, sssd services are now activated via sockets. The
       'service' configuration stanza needs to be empty to avoid starting
       permanently running processes. this also aviods spamming syslog with error
       messages.
     - Adjust the static etc/sssd/sssd-debian-edu.conf file accordingly.
   * Adjust sbin/debian-edu-ltsp-install:
     - Improve IP address determination for the dedicated LTSP network.
     - Add nameserver stanza to /etc/network/interfaces.
   * share/debian-edu-config/d-i/finish-install: Only run debian-edu-ltsp-install
     in case of a combined server. Leave it up to the local admin what type of
     LTSP clients should be supported. (Still needs to be documented.)
   * share/debian-edu-config/cups.service: Cleanup from superfluous entries,
     thanks to Didier 'OdyX' Raboud.
   * cf3/cf.workarounds: Create missing GOsa² related directory to avoid
     confusion in case an admin is setting up a system of type printer.
Checksums-Sha1:
 a24ac92d36536f68185283d223233de6ce195f7f 1926 debian-edu-config_2.11.40.dsc
 1caeb761f50c65a139a6db0f73c31b121016273c 338208 debian-edu-config_2.11.40.tar.xz
 862bc9323818f13ef4d04776829210af493fc96d 5651 debian-edu-config_2.11.40_source.buildinfo
Checksums-Sha256:
 69103ddf68b9e277cec748d572c2570474037af8482acbf6b29a968697a4a236 1926 debian-edu-config_2.11.40.dsc
 57a19d6d80052861bb60ef9ec790f5f367c3f81cf4cd1ff4a4598c101aa40ad0 338208 debian-edu-config_2.11.40.tar.xz
 bb2a6887613b928533e2995c5cda48aace7283e83da726f6c9ae650d10e69508 5651 debian-edu-config_2.11.40_source.buildinfo
Files:
 8194c197dcf5e63fc73aad346300de0e 1926 misc optional debian-edu-config_2.11.40.dsc
 7b08c65e8c8cca7c52e0b33014204f40 338208 misc optional debian-edu-config_2.11.40.tar.xz
 fac4f398b3404972ff83dae83a20d099 5651 misc optional debian-edu-config_2.11.40_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl/fEB8ACgkQCRq4Vgaa
qhw4dw//bzYAN3xGrQ2I9b/ZjRBQuIyHPjqtjHyK2KoQr1m2vg90rfGseZjI+Qsw
MgYV1/+YgLCK6X4Co3tbuoTqksy20Mf8HH9oCg4q7Da5wR7A3rWujJipMPLVq3Ve
vwVdZhWuckPQK/IGDtMpmKl59N4tEpim0H74kKRnG77RHhWaiNoEuzBPnkU6/Vfo
SiHgdN7BBSwPMsWG572k0lW6b42Y/twcTSgCPWY34swiyD3ogm6mchdRsvuhK1ih
6VkrM+s2pI+y8UPt4Hzhj5vCl315TT76UZl+7u3ZRtJj4qJVzo45FYZUnz0+sLLW
tbRjMzP0ZFaLV5PzhTkviTcdJxAijHTkCJsgn2fegP5++GE1J0slO2vWdE9Qgl44
EHR4trjAW1+CI7lmPgdpheYQZDRcBvgP+xKJgdZgemfegEYHAlOyMdujkbeKk/N5
X1IzM96CIf1szX3TNTYF/l+ag3CvKBK4IpKAlVL4IYQc2qYBc5Sch0jzYtuzZUrD
xi/xAH6wBQaq+wDWWrNsiCqqI9P4t144tUoXiAPc4Xfq0z261T6gorKqJc4mL64A
HU2VNPN+4PoyL58aCpFIJgopvgqNSIfGYYUzjnjH+xsltF1oQw31TJXuwswqPaky
PesUxp7RGgBYtW3Jx94gx8teZPW4WKBcdfbxp7ij1Fw1I7G5/M8=
=LeTj
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: