sssd upstart in Saucy
by Longina Przybyszewska
Hi,
I run into start up problem after removing directories /var/log/sssd and /var/lib/sss - as I wanted clean startup.
It was obviousely not good idea, as sssd can not start again:
....
sssd -d 9 -i
(Thu Jan 23 12:14:22:790562 2014) [sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory].
(Thu Jan 23 12:14:22:800765 2014) [sssd] [ldb] (0x0400): ltdb: tdb(/var/lib/sss/db/config.ldb): tdb_open_ex: could not open file /var/lib/sss/db/config.ldb: No such file or directory
(Thu Jan 23 12:14:22:800886 2014) [sssd] [ldb] (0x0020): Unable to open tdb '/var/lib/sss/db/config.ldb'
(Thu Jan 23 12:14:22:800942 2014) [sssd] [ldb] (0x0020): Failed to connect to '/var/lib/sss/db/config.ldb' with backend 'tdb': Unable to open tdb '/var/lib/sss/db/config.ldb'
(Thu Jan 23 12:14:22:800988 2014) [sssd] [confdb_init] (0x0010): Unable to open config database [/var/lib/sss/db/config.ldb]
(Thu Jan 23 12:14:22:801105 2014) [sssd] [load_configuration] (0x0010): The confdb initialization failed
(Thu Jan 23 12:14:22:801184 2014) [sssd] [main] (0x0020): SSSD couldn't load the configuration database.
....
How can I make initial start for sssd again???
Best,
Longina
10 years, 2 months
SSSD with 389DS
by Mitja Mihelič
Hi!
We are running a CentOS6 server using SSSD that connects to 389DS
containing 70k user entries. Both servers are fully updated.
SSSD and 389DS package versions:
sssd-1.9.2-129.el6_5.4.x86_64
389-ds-base-1.2.11.15-31.el6_5.x86_64
Authoconfig was used to enable sssd.
authconfig --enablesssd --enablesssdauth
--ldapbasedn=dc=users,dc=company,dc=tld --enableshadow --enablemkhomedir
--enablelocauthorize --update
PAM an NSS configs were updated as well.
I have attached our sssd.conf.
The setup itself works allowing users to authenticate, but we are
concerned about the performance.
At first we tried with enumeration enabled, but there was a significant
responsiveness drop during enumeration. A simple getent -s sss passwd
USERNAME took more than 15 seconds. Result paging did not help.
Next we turned enumeration off and deleted the cache for a clean start.
We tried simple getent requests with 1000 random usernames taken from a
file. We ran the bash script consecutively a few times. The results:
- run 1: 0m10.831s
- run 2: 0m20.914s
- run 3: 0m31.422s
and so on. Each run took about 10 seconds more than the previous one.
During the test sssd_be was using 100% of one core. During this time
389DS was practically idling. Its load (CPU, I/O) hardly showed any change.
What could be the reason for this performace issue?
How would we best go about tuning this system?
Regards, Mitja
--
--
Mitja Mihelič
ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 8877, fax: +386 1 479 88 78
10 years, 2 months
sssd not able to authenticate user after machine is renamed
by Ondrej Valousek
Hi list,
I am experiencing strange issue w/ sssd (F19, AD).
SSSD is working fine until I do:
1. net ads leave
2. change machine hostname
3. net ads join
After this, name services are working OK, but I am unable to authenticate myself using pam_sss.so.
The workaround is:
1. net ads leave
2. rm /etc/krb5.keytab
3. net ads join
Looks like after machine rename the old principal is still held in krb5.keytab and making pam_sss worthless.
Is this a known issue? Note that pam_krb5 is working fine.
Thanks,
Ondrej
10 years, 2 months
Anyone using Kerberized nfs with sssd?
by Ondrej Valousek
Hi List,
Is anyone using kerberized nfs with sssd on F-19?
On my box systemd automatically stops nfs-secure service in spite of the fact it is enabled. I have to re-start it manually after reboot.
It is probably some issue with systemd, but I thought I will give it a try and ask here before submitting BZ.
Thanks,
Ondrej
10 years, 2 months
Found an old sssd running
by Bryan Harris
Hi all,
I've found an Ubuntu 10.04 server with a very old sssd running on it. The sssd package does not appear to be configured to do anything. I don't see anything in nsswitch and nothing returned when I run getent passwd --service=sss. So I don't see anything in nsswitch, I also don't see any instance of sss anywhere in /etc/pam.d/*.
Can this sssd be doing anything or even possibly negatively affecting things for the system in any way?
Can sssd interact with the rest of the O/S through another mechanism? I just want to verify that sssd is not doing anything before I stop the service and remove the package.
The version is 1.0.5-0ubuntu1. My plan is to just turn it off and uninstall the package, unless I find out that it's doing something useful for the customer.
I'm in the process of turning on the debug level = 10 (or whatever it is) option so I can look through the sssd log files.
Thanks in advance.
Bryan
10 years, 2 months
Timo Aaltonen's sssd ppa
by Rowland Penny
Hi, could someone tell Timo that sssd for precise on his ppa is broken,
libpam-sss depends on libpam-pwquality (>= 1.2.2-1). There is no
libpam-pwquality available for precise, unless he knows where to find it ;-)
Rowland
10 years, 2 months