-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Lukas,
On 05/03/16 10:21, Lukas Slebodnik wrote: > But that's not a problem of sssd. It bug in cron service file. If cron relies > on user lookup then it shoudl not be started before nss-user-lookup.target. > > Fedora has correct service file for crond. > > sh$ systemctl cat crond.service # /usr/lib/systemd/system/crond.service > [Unit] Description=Command Scheduler After=auditd.service > nss-user-lookup.target systemd-user-sessions.service time-sync.target > ypbind.service > > [Service] EnvironmentFile=/etc/sysconfig/crond ExecStart=/usr/sbin/crond -n > $CRONDARGS ExecReload=/bin/kill -HUP $MAINPID KillMode=process > > [Install] WantedBy=multi-user.target > > Debian has quite minimal version sh$ systemctl cat cron.service # > /lib/systemd/system/cron.service [Unit] Description=Regular background > program processing daemon Documentation=man:cron(8) > > [Service] EnvironmentFile=-/etc/default/cron ExecStart=/usr/sbin/cron -f > $EXTRA_OPTS IgnoreSIGPIPE=false KillMode=process > > [Install] WantedBy=multi-user.target > Sorry, but thats not the case for the cron service installed on my systems. See the first post in this thread: This cron.service contains "Type=idle", i.e. cron is run after all the other services, including nss-user-lookup.target. See https://bugs.debian.org/767016 IMHO sssd is the only instance to exactly know *when* its user database is available. Before this state is reached it should not give up control to the nss-user-lookup.target. The output of "ps -ef" run by the cron job showed it does. Regards Harri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXKOl5AAoJEAqeKp5m04HLm/EH/3lCCnOQXW+i2vU0KENvjXJf 05KlPABO8ZOZzC10do7c/JwCpHXBFJjZwtfID9BRezdJ5KXWV2B5mT7Z/dpiPy+R 2/GKhoaHPpW+v8ZZdgFyS4hlRrq4B/6/XRs3FFJ8V8AAI257ZY6efQQAuYjWfBVG Eya+BqxUcjCZfddYp7ZziKxzOs+kEnFiLwi3rKeeohUMWdLGBuETL8EwnTjqDbmV Qq0jswmzVM7mDZuC0ZehUuHlu5WNeAkjnFzi2owkZ7H42SXoRxoz+RjXUkfxfIP+ X33Jw6BABIbn03FfHOApblirmbrh6+uxrtZQEEucRRdpO9RF92czEK6RQc2JTiU= =4x+q -----END PGP SIGNATURE----- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project