On (02/05/16 14:39), Harald Dunkel wrote:
>Hi folks,
>System: freeipa client, Debian 8 (using systemd), cron 3.0pl1-128,
>sssd 1.13.4-2
>Cron fails to start a few "@reboot" jobs at boot time. cron.log
>May  2 13:36:48 fpsde8i002 anacron[197]: Anacron 2.3 started on 2016-05-02
>May  2 13:36:48 fpsde8i002 anacron[197]: Normal exit (0 jobs run)
>May  2 13:36:48 fpsde8i002 cron[194]: (CRON) INFO (pidfile fd = 3)
>May  2 13:36:48 fpsde8i002 cron[194]: (user1) ORPHAN (no passwd entry)
>May  2 13:36:48 fpsde8i002 cron[194]: (user2) ORPHAN (no passwd entry)
>May  2 13:36:48 fpsde8i002 cron[194]: (CRON) INFO (Running @reboot jobs)
>AFAICT cron is started last at boot time. cron.service is
>       [Unit]
>       Description=Regular background program processing daemon
>       Documentation=man:cron(8)
>       [Service]
>       EnvironmentFile=-/etc/default/cron
>       ExecStart=/usr/sbin/cron -f $EXTRA_OPTS
>       IgnoreSIGPIPE=false
>       KillMode=process
>       Type=idle
>       [Install]
>       WantedBy=multi-user.target
>The "Type=idle" should make sure 
>If I add a crontab entry "@reboot ( ps -ef; ls -al /home ) >/var/tmp/ls.log"
>for root, then the generated file reveals that sssd has been started, but
>its sssd_something services are not running. ls shows just the numerical
>UIDs instead of the login IDs.
>Sssd might have been started first, but apparently its not ready yet.
>Shouldn't it block at boot time for some time to make sure that all
>internal services are available?
Could you provide output of "systemctl cat sssd.service"?
In my case, it should be started before nss-user-lookup.target

    # /usr/lib/systemd/system/sssd.service
    Description=System Security Services Daemon
    # SSSD must be running before we permit user sessions
    Before=systemd-user-sessions.service nss-user-lookup.target

    ExecStart=/usr/sbin/sssd -D -f
    # These two should be used with traditional UNIX forking daemons
    # consult systemd.service(5) for more details




Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to