Your message dated Sun, 20 Dec 2020 09:03:26 +0000
with message-id <[email protected]>
and subject line Bug#977462: fixed in debian-edu-config 2.11.40
has caused the Debian Bug report #977462,
regarding Debian Edu sssd.conf conflicts with sssd service sockets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
977462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977462
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debian-edu-config
Severity: important
Version: 2.11.39
On Roaming Workstation, the /etc/sssd/sssd-debian-edu.conf causes
error messages during boot:
```
root@notebook-35:~# journalctl -b 0 | grep socket | grep -i sssd
Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD NSS
Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD PAM
Service responder private socket.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[824]: (2020-12-15
11:51:41:970085): [sssd] [main] (0x0010): Misconfiguration found for
the nss responder.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[824]: The nss responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[824]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
nss's socket by calling:
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[826]: (2020-12-15
11:51:41:970085): [sssd] [main] (0x0010): Misconfiguration found for
the pam responder.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[826]: The pam responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[826]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
pam's socket by calling:
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[824]: "systemctl disable
sssd-nss.socket"
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[826]: "systemctl disable
sssd-pam.socket"
Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-nss.socket:
Control process exited, code=exited, status=17/n/a
Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-nss.socket: Failed
with result 'exit-code'.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on
SSSD NSS Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam-priv.socket:
Control process exited, code=exited, status=17/n/a
Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam-priv.socket:
Failed with result 'exit-code'.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on
SSSD PAM Service responder private socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Dependency failed for
SSSD PAM Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam.socket: Job
sssd-pam.socket/start failed with result 'dependency'.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD AutoFS
Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD PAC
Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD SSH
Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD Sudo
Service responder socket.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[835]: (2020-12-15
11:51:41:978982): [sssd] [main] (0x0010): Misconfiguration found for
the autofs responder.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[835]: The autofs responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[835]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
autofs's socket by calling:
Dez 15 11:51:41 notebook-35.intern
sssd_check_socket_activated_responders[835]: "systemctl disable
sssd-autofs.socket"
Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-autofs.socket:
Control process exited, code=exited, status=17/n/a
Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-autofs.socket:
Failed with result 'exit-code'.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on
SSSD AutoFS Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD SSH
Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD PAC
Service responder socket.
Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD Sudo
Service responder socket.
Dez 15 11:51:56 notebook-35.intern systemd[1]: Starting SSSD PAM
Service responder private socket.
Dez 15 11:51:56 notebook-35.intern systemd[1]: Starting SSSD PAM
Service responder socket.
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1607]: (2020-12-15
11:51:56:347851): [sssd] [main] (0x0010): Misconfiguration found for
the pam responder.
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1607]: The pam responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1607]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
pam's socket by calling:
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1607]: "systemctl disable
sssd-pam.socket"
Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam-priv.socket:
Control process exited, code=exited, status=17/n/a
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1608]: (2020-12-15
11:51:56:348023): [sssd] [main] (0x0010): Misconfiguration found for
the pam responder.
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1608]: The pam responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1608]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
pam's socket by calling:
Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam-priv.socket:
Failed with result 'exit-code'.
Dez 15 11:51:56 notebook-35.intern
sssd_check_socket_activated_responders[1608]: "systemctl disable
sssd-pam.socket"
Dez 15 11:51:56 notebook-35.intern systemd[1]: Failed to listen on
SSSD PAM Service responder private socket.
Dez 15 11:51:56 notebook-35.intern systemd[1]: Dependency failed for
SSSD PAM Service responder socket.
Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Job
sssd-pam.socket/start failed with result 'dependency'.
Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket:
Control process exited, code=exited, status=17/n/a
Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Failed
with result 'exit-code'.
Dez 15 11:51:56 notebook-35.intern systemd[1]: Closed SSSD PAM Service
responder socket.
Dez 15 12:00:45 notebook-35.intern systemd[1]: Starting SSSD PAM
Service responder private socket.
Dez 15 12:00:45 notebook-35.intern systemd[1]: Starting SSSD PAM
Service responder socket.
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4875]: (2020-12-15
12:00:45:730707): [sssd] [main] (0x0010): Misconfiguration found for
the pam responder.
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4875]: The pam responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4875]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
pam's socket by calling:
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4875]: "systemctl disable
sssd-pam.socket"
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4876]: (2020-12-15
12:00:45:730867): [sssd] [main] (0x0010): Misconfiguration found for
the pam responder.
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4876]: The pam responder has
been configured to be socket-activated but it's still mentioned in the
services' line in /etc/sssd/sssd.conf.
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4876]: Please, consider either
adjusting your services' line in /etc/sssd/sssd.conf or disabling the
pam's socket by calling:
Dez 15 12:00:45 notebook-35.intern
sssd_check_socket_activated_responders[4876]: "systemctl disable
sssd-pam.socket"
Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam-priv.socket:
Control process exited, code=exited, status=17/n/a
Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam-priv.socket:
Failed with result 'exit-code'.
Dez 15 12:00:45 notebook-35.intern systemd[1]: Failed to listen on
SSSD PAM Service responder private socket.
Dez 15 12:00:45 notebook-35.intern systemd[1]: Dependency failed for
SSSD PAM Service responder socket.
Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Job
sssd-pam.socket/start failed with result 'dependency'.
Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket:
Control process exited, code=exited, status=17/n/a
Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Failed
with result 'exit-code'.
Dez 15 12:00:45 notebook-35.intern systemd[1]: Closed SSSD PAM Service
responder socket.
```
To possible ways to fix this:
Solution 1 (I guess the preferred, but maybe we loose the
filter_groups and filter_users options)
```
root@notebook-35:~# etckeeper vcs diff
diff --git a/sssd/sssd.conf b/sssd/sssd.conf
index 9451b33..1eb8078 100644
--- a/sssd/sssd.conf
+++ b/sssd/sssd.conf
@@ -3,19 +3,8 @@
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
-services = nss, pam, autofs
domains = intern
-[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
-
-[pam]
-reconnection_retries = 3
-
-[autofs]
-
[domain/intern]
; Using enumerate = true leads to high load and slow response
enumerate = false
```
Solution 2 (possibly old-stylish):
Disable these systemd socket listeners:
/lib/systemd/system/sssd-autofs.socket
/lib/systemd/system/sssd-nss.socket
/lib/systemd/system/sssd-pam.socket
(Maybe also these???)
/lib/systemd/system/sssd-ssh.socket
/lib/systemd/system/sssd-pam-priv.socket
I am not an expert on sssd, but I think we should make sure to avoid
error messages / service startup failures during system boot on Debian
Edu Roaming Workstations.
Any other ideas?
Mike
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://das-netzwerkteam.de
pgp1QmLc3aBZA.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
Source: debian-edu-config
Source-Version: 2.11.40
Done: Holger Levsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated debian-edu-config
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 20 Dec 2020 09:47:45 +0100
Source: debian-edu-config
Architecture: source
Version: 2.11.40
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <[email protected]>
Changed-By: Holger Levsen <[email protected]>
Closes: 977462
Changes:
debian-edu-config (2.11.40) unstable; urgency=medium
.
[ Wolfgang Schweer ]
* Rework sssd configuration, thanks to Mike Gabriel. (Closes: #977462)
- share/debian-edu-config/tools/sssd-generate-config:
Cleanup the included HERE documents (configuration snippets) from entries
that are either default ones (like excluding the root user), obsolete, no
longer in use or non-existent; also correct the wrong AD related one.
As systemd is used, sssd services are now activated via sockets. The
'service' configuration stanza needs to be empty to avoid starting
permanently running processes. this also aviods spamming syslog with
error
messages.
- Adjust the static etc/sssd/sssd-debian-edu.conf file accordingly.
* Adjust sbin/debian-edu-ltsp-install:
- Improve IP address determination for the dedicated LTSP network.
- Add nameserver stanza to /etc/network/interfaces.
* share/debian-edu-config/d-i/finish-install: Only run
debian-edu-ltsp-install
in case of a combined server. Leave it up to the local admin what type of
LTSP clients should be supported. (Still needs to be documented.)
* share/debian-edu-config/cups.service: Cleanup from superfluous entries,
thanks to Didier 'OdyX' Raboud.
* cf3/cf.workarounds: Create missing GOsa² related directory to avoid
confusion in case an admin is setting up a system of type printer.
Checksums-Sha1:
a24ac92d36536f68185283d223233de6ce195f7f 1926 debian-edu-config_2.11.40.dsc
1caeb761f50c65a139a6db0f73c31b121016273c 338208
debian-edu-config_2.11.40.tar.xz
862bc9323818f13ef4d04776829210af493fc96d 5651
debian-edu-config_2.11.40_source.buildinfo
Checksums-Sha256:
69103ddf68b9e277cec748d572c2570474037af8482acbf6b29a968697a4a236 1926
debian-edu-config_2.11.40.dsc
57a19d6d80052861bb60ef9ec790f5f367c3f81cf4cd1ff4a4598c101aa40ad0 338208
debian-edu-config_2.11.40.tar.xz
bb2a6887613b928533e2995c5cda48aace7283e83da726f6c9ae650d10e69508 5651
debian-edu-config_2.11.40_source.buildinfo
Files:
8194c197dcf5e63fc73aad346300de0e 1926 misc optional
debian-edu-config_2.11.40.dsc
7b08c65e8c8cca7c52e0b33014204f40 338208 misc optional
debian-edu-config_2.11.40.tar.xz
fac4f398b3404972ff83dae83a20d099 5651 misc optional
debian-edu-config_2.11.40_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl/fEB8ACgkQCRq4Vgaa
qhw4dw//bzYAN3xGrQ2I9b/ZjRBQuIyHPjqtjHyK2KoQr1m2vg90rfGseZjI+Qsw
MgYV1/+YgLCK6X4Co3tbuoTqksy20Mf8HH9oCg4q7Da5wR7A3rWujJipMPLVq3Ve
vwVdZhWuckPQK/IGDtMpmKl59N4tEpim0H74kKRnG77RHhWaiNoEuzBPnkU6/Vfo
SiHgdN7BBSwPMsWG572k0lW6b42Y/twcTSgCPWY34swiyD3ogm6mchdRsvuhK1ih
6VkrM+s2pI+y8UPt4Hzhj5vCl315TT76UZl+7u3ZRtJj4qJVzo45FYZUnz0+sLLW
tbRjMzP0ZFaLV5PzhTkviTcdJxAijHTkCJsgn2fegP5++GE1J0slO2vWdE9Qgl44
EHR4trjAW1+CI7lmPgdpheYQZDRcBvgP+xKJgdZgemfegEYHAlOyMdujkbeKk/N5
X1IzM96CIf1szX3TNTYF/l+ag3CvKBK4IpKAlVL4IYQc2qYBc5Sch0jzYtuzZUrD
xi/xAH6wBQaq+wDWWrNsiCqqI9P4t144tUoXiAPc4Xfq0z261T6gorKqJc4mL64A
HU2VNPN+4PoyL58aCpFIJgopvgqNSIfGYYUzjnjH+xsltF1oQw31TJXuwswqPaky
PesUxp7RGgBYtW3Jx94gx8teZPW4WKBcdfbxp7ij1Fw1I7G5/M8=
=LeTj
-----END PGP SIGNATURE-----
--- End Message ---
