[Bug 1565060] Re: defaults file is ignored
** Description changed: - i've just upgraded to 15.10, and have now found that the - /etc/defaults/bind9 file appears to be ignored. yet another package - broken by the adoption of systemd, it would seem. + [Impact] - >cat /etc/default/bind9 - # run resolvconf? - RESOLVCONF=yes + Server start up options set in /etc/default/bind9 via the OPTIONS + variable are ignored. + The fix is to have the systemd service file source that file and use the + given OPTIONS value. This is already being done in Ubuntu Artful and + higher. The fix here is the same. + + [Test Case] + + # install bind9 + $ sudo apt install bind9 + + # start it up + $ sudo service bind9 start + + # inspect the command line of the process: + $ ps fxaw|grep named|grep -v grep + 396 ?Ssl0:00 /usr/sbin/named -f -u bind + + # edit /etc/default/bind9 and include "-4" to the OPTIONS value so it looks like this: # startup options for the server OPTIONS="-4 -u bind" - > - >service bind9 stop - > + # restart bind9 + sudo service bind9 restart - >service bind9 start - > + # inspect the process command line again. Only the fixed version of the package will include the newly added "-4" parameter: + $ ps fxaw|grep named|grep -v grep + 17891 ?Ssl0:00 /usr/sbin/named -f -4 -u bind - >ps -aefwww | grep -iF named - bind 3810 1 17 15:32 ?00:00:01 /usr/sbin/named -f -u bind - > - modifying /lib/systemd/system/bind9.service works, but this does not - seem to offer the same degree of abstraction provided by the files in - /etc/default/. + [Regression Potential] + Administrators who have for some reason altered the defaults file with an incorrect value for OPTIONS might be surprised after this update, since now that file is actually parsed and if it's indeed incorrect, the service may fail to start. - 1] >lsb_release -rd - Description: Ubuntu 15.10 - Release: 15.10 - - 2] >apt-cache policy bind9 - bind9: - Installed: 1:9.9.5.dfsg-11ubuntu1.3 - Candidate: 1:9.9.5.dfsg-11ubuntu1.3 - Version table: - *** 1:9.9.5.dfsg-11ubuntu1.3 0 - 500 http://us.archive.ubuntu.com/ubuntu/ wily-updates/main amd64 Packages - 500 http://security.ubuntu.com/ubuntu/ wily-security/main amd64 Packages - 100 /var/lib/dpkg/status - 1:9.9.5.dfsg-11ubuntu1 0 - 500 http://us.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages - - 3] i expected to be able to be able to make changes in - /etc/defaults/bind9 and have them honored. - - 4] they are not. + [Other Info] + None at this time. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1565060 Title: defaults file is ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1565060/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1565060] Re: defaults file is ignored
** Changed in: bind9 (Ubuntu Zesty) Importance: Undecided => Low ** Changed in: bind9 (Ubuntu Xenial) Importance: Undecided => Low ** Changed in: bind9 (Ubuntu Zesty) Importance: Low => Medium ** Changed in: bind9 (Ubuntu Xenial) Importance: Low => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1565060 Title: defaults file is ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1565060/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1565060] Re: defaults file is ignored
** Changed in: bind9 (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: bind9 (Ubuntu Zesty) Status: New => In Progress ** Changed in: bind9 (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: bind9 (Ubuntu Zesty) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1565060 Title: defaults file is ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1565060/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1565060] Re: defaults file is ignored
Confirmed also for zesty. Artful and higher are fixed. Yakkety is end of life. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1565060 Title: defaults file is ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1565060/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1565060] Re: defaults file is ignored
** Changed in: bind9 (Ubuntu Yakkety) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1565060 Title: defaults file is ignored To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1565060/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1684295] Re: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad].
@pam-s, as soon as you can confirm this patch fixes your problem (feel free to use my PPA packages), please let us know so we can proceed with the SRU. My test case reproduces the segfault, but I would like to be sure it also fixes it in your environment before continuing. Thanks again ** Description changed: [Impact] In this particular configuration, when ldap_rfc2307_fallback_to_local_users is set to true in /etc/sss/sssd.conf and a local user is a member of an ldap group and does not exist in the directory (other scenarios are possible), the sssd_be process segfaults and logins might be prevented. The original scenario is a bit more complex and involves setting up an Active Directory server, but with the help from the bug reporter (thanks @pam-s!) we managed to narrow it down to this simple test case. [Test Case] # Install the packages. When prompted, choose any password for the ldap admin $ sudo apt update; sudo apt install sssd slapd # create the sssd config $ sudo tee /etc/sssd/sssd.conf
[Bug 1684295] Re: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad].
** Description changed: [Impact] + In this particular configuration, when ldap_rfc2307_fallback_to_local_users is set to true in /etc/sss/sssd.conf and a local user is a member of an ldap group and does not exist in the directory (other scenarios are possible), the sssd_be process segfaults and logins might be prevented. - * An explanation of the effects of the bug on users and + The original scenario is a bit more complex and involves setting up an + Active Directory server, but with the help from the bug reporter (thanks + @pam-s!) we managed to narrow it down to this simple test case. - * justification for backporting the fix to the stable release. - - * In addition, it is helpful, but not required, to include an -explanation of how the upload fixes this bug. [Test Case] - * detailed instructions how to reproduce the bug + * detailed instructions how to reproduce the bug - * these should allow someone who is not familiar with the affected -package to reproduce the bug and verify that the updated package fixes -the problem. + * these should allow someone who is not familiar with the affected + package to reproduce the bug and verify that the updated package fixes + the problem. [Regression Potential] - * discussion of how regressions are most likely to manifest as a result + * discussion of how regressions are most likely to manifest as a result of this change. - * It is assumed that any SRU candidate patch is well-tested before -upload and has a low overall risk of regression, but it's important -to make the effort to think about what ''could'' happen in the -event of a regression. + * It is assumed that any SRU candidate patch is well-tested before + upload and has a low overall risk of regression, but it's important + to make the effort to think about what ''could'' happen in the + event of a regression. - * This both shows the SRU team that the risks have been considered, -and provides guidance to testers in regression-testing the SRU. + * This both shows the SRU team that the risks have been considered, + and provides guidance to testers in regression-testing the SRU. [Other Info] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance ** Description changed: [Impact] In this particular configuration, when ldap_rfc2307_fallback_to_local_users is set to true in /etc/sss/sssd.conf and a local user is a member of an ldap group and does not exist in the directory (other scenarios are possible), the sssd_be process segfaults and logins might be prevented. The original scenario is a bit more complex and involves setting up an Active Directory server, but with the help from the bug reporter (thanks @pam-s!) we managed to narrow it down to this simple test case. - [Test Case] - * detailed instructions how to reproduce the bug + # Install the packages. When prompted, choose any password for the ldap admin + $ sudo apt update; sudo apt install sssd slapd - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package fixes - the problem. + # create the sssd config + $ sudo tee /etc/sssd/sssd.conf
[Bug 1684295] Re: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad].
It's only xenial that is affected, that is, version 1.13.4 and perhaps earlier. Trusty, zesty and higher are OK. ** Description changed: - This is Ubuntu 16.04.2 LTS + [Impact] - sssd is configured to connect to two domains, our TPAD directory and - Active Directory. sssd starts up at boot time. As soon as I ssh login - (with any id, AD, TPAD or local), sssd fails with the error message in - the title. After that, we can only login with local ids, not TPAD or AD - ids. + * An explanation of the effects of the bug on users and - - Here is the output from systemctl status sssd after the failure: - root@dcmilphlum128:~# systemctl status sssd - â sssd.service - System Security Services Daemon -Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) -Active: failed (Result: exit-code) since Wed 2017-04-19 16:40:08 EDT; 7min ago - Process: 119143 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS) - Main PID: 119145 (code=exited, status=1/FAILURE) + * justification for backporting the fix to the stable release. - Apr 19 16:39:47 dcmilphlum128.edc.nam.gm.com sssd[be[119187]: Starting up - Apr 19 16:39:51 dcmilphlum128.edc.nam.gm.com sssd[be[119191]: Starting up - Apr 19 16:39:57 dcmilphlum128.edc.nam.gm.com sssd[be[119206]: Starting up - Apr 19 16:40:08 dcmilphlum128.edc.nam.gm.com sssd[119145]: Exiting the SSSD. Could not restart critical service [tpad]. - Apr 19 16:40:08 dcmilphlum128.edc.nam.gm.com sssd[119149]: Shutting down - Apr 19 16:40:08 dcmilphlum128.edc.nam.gm.com sssd[119148]: Shutting down - Apr 19 16:40:08 dcmilphlum128.edc.nam.gm.com sssd[be[119146]: Shutting down - Apr 19 16:40:08 dcmilphlum128.edc.nam.gm.com systemd[1]: sssd.service: Main process exited, code=exited, status=1/FAILURE - Apr 19 16:40:08 dcmilphlum128.edc.nam.gm.com systemd[1]: sssd.service: Unit entered failed state. - Apr 19 16:40:08 dcmilphlum128.edc.nam.gm.com systemd[1]: sssd.service: Failed with result 'exit-code'. + * In addition, it is helpful, but not required, to include an +explanation of how the upload fixes this bug. - ** - Also, in kern.log I have four of these (I have retries set to 3): - Apr 19 16:39:59 dcmilphlum128 kernel: [ 6205.937807] sssd_be[12218]: segfault at 0 ip 7fecb32b6b94 sp 7ffce49a2230 error 4 in libsss_util.so[7fecb32a2000+6c000] - Apr 19 16:40:02 dcmilphlum128 kernel: [ 6206.980725] sssd_be[12253]: segfault at 0 ip 7f302de29b94 sp 7fffca943cc0 error 4 in libsss_util.so[7f302de15000+6c000] - Apr 19 16:40:05 dcmilphlum128 kernel: [ 6211.036205] sssd_be[12256]: segfault at 0 ip 7fd196169b94 sp 7ffd624249f0 error 4 in libsss_util.so[7fd196155000+6c000] - Apr 19 16:40:07 dcmilphlum128 kernel: [ 6225.081902] sssd_be[12257]: segfault at 0 ip 7fd1f669bb94 sp 7ffdd8e5bf80 error 4 in libsss_util.so[7fd1f6687000+6c000] + [Test Case] - *** - My sssd package are at 1.13.4: - sssd 1.13.4-1ubuntu1.1 amd64 - sssd-ad1.13.4-1ubuntu1.1 amd64 - sssd-ad-common 1.13.4-1ubuntu1.1 amd64 - sssd-common1.13.4-1ubuntu1.1 amd64 - sssd-ipa 1.13.4-1ubuntu1.1 amd64 - sssd-krb5 1.13.4-1ubuntu1.1 amd64 - sssd-krb5-common 1.13.4-1ubuntu1.1 amd64 - sssd-ldap 1.13.4-1ubuntu1.1 amd64 - sssd-proxy 1.13.4-1ubuntu1.1 amd64 - sssd-tools 1.13.4-1ubuntu1.1 amd64 + * detailed instructions how to reproduce the bug - *** - I upgraded all the sssd packages to 1.13.4-1ubuntu1.4 and had the same problem. + * these should allow someone who is not familiar with the affected +package to reproduce the bug and verify that the updated package fixes +the problem. - I downgraded them to 1.12.5-2 and was NOT able to reproduce the problem. + [Regression Potential] - I attached my sssd.conf file. + * discussion of how regressions are most likely to manifest as a result + of this change. + + * It is assumed that any SRU candidate patch is well-tested before +upload and has a low overall risk of regression, but it's important +to make the effort to think about what ''could'' happen in the +event of a regression. + + * This both shows the SRU team that the risks have been considered, +and provides guidance to testers in regression-testing the SRU. + + [Other Info] + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance -- You received
[Bug 1684295] Re: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad].
** Changed in: sssd (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: sssd (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1684295 Title: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad]. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1684295/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1684295] Re: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad].
This PPA has my test packages: https://launchpad.net/~ahasenack/+archive/ubuntu/sssd-bad-initgroups- results-1684295/ -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1684295 Title: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad]. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1684295/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1684295] Re: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad].
I got a small reproducer case. With a simple "id " command I get sssd_be to segfault, and with the above patch applied it no longer segfaults and also produces the correct result. I'll use that for the SRU test plan. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1684295 Title: sssd fails with 'Exiting the SSSD. Could not restart critical service [tpad]. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1684295/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1730311] Re: package libnss-winbind:i386 2:4.3.11+dfsg-0ubuntu0.16.04.11 failed to install/upgrade: problèmes de dépendances - laissé non configuré
Thanks for filing this bug in Ubuntu. Unfortunately the attached logs only show that the smbd service indeed failed to start, but do not tell us why. Your config file looks fine. Could you please attach all files from /var/log/samba/ that start with "log"? That would be /var/log/samba/log*. These might contain a clue as to why the service failed to start. Also please show us the output of this command: sudo systemctl status smbd.service nmbd.service Thanks! ** Changed in: samba (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1730311 Title: package libnss-winbind:i386 2:4.3.11+dfsg-0ubuntu0.16.04.11 failed to install/upgrade: problèmes de dépendances - laissé non configuré To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1730311/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1730361] Re: enabling fips should only add repos for valid credentials
** Bug watch added: github.com/CanonicalLtd/ubuntu-advantage-script/issues #85 https://github.com/CanonicalLtd/ubuntu-advantage-script/issues/85 ** Also affects: ubuntu-advantage-script via https://github.com/CanonicalLtd/ubuntu-advantage-script/issues/85 Importance: Unknown Status: Unknown ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Triaged ** Changed in: ubuntu-advantage-tools (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1730361 Title: enabling fips should only add repos for valid credentials To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-advantage-script/+bug/1730361/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs