On Thu, Oct 27, 2016 at 09:31:42AM +0200, Lukas Slebodnik wrote:
On (27/10/16 05:04), Daniel Hermans wrote:
>not sure if a bug or not but a quick warning that hopefully may save someone some
>We use puppet to install sssd based on a condition. we:
>- yum install -y sssd
>- authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap
--enableldapauth --enablemkhomedir --enablecachecreds --update ( to setup PAM and nsswitch
- not sure if ALL of these are necessary? )
>- copy over our private config ( as you can't do all of the config with
authconfig that i can see? )
>This didn't work - intermittently sssd was using a 'stale' config. After
much headbutting issue was twofold:
>- sssd is started and activated by the authconfig command, this creates config.ldb
>- puppet writes the config file immediately and sssd restarted
>- sssd compares modification time of /etc/sssd/sssd.conf with
/var/lib/sss/db/config.ldb and, because the times are the same ( written in the same
minute ), IT IGNORES the new config file
It is not about the same minute but about the same second.
Didn't we have a bug about this?
If puppet creates sssd.config then I think it will be the best to
change authconfig options. Because it does not make a sense to generate
sssd.conf by authconfig in your case.
IIRC sssd config is generated with reduced combination of options
It isn't required to use ldap related options together with sssd
--enablesssd --enablesssdauth --enableldap --enableldapauth
IIRC you don't need --enableldap and --enableldapauth since this would
put the LDAP NSS and PAM modules to the respective stacks...
> You can also remove --enablecachecreds because you can configure it
> ssd.conf itself which is created by puppet.
> Could you try to run following comman on new machine?
> authconfig --enablesssd --enablesssdauth \
> --enablelocauthorize --enablemkhomedir \
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org