Re: /var/tmp/flatpak

[old sixpack13]

> Hello,
> 
> Why on one machine I have
> 4 /var/tmp/flatpak-cache-3VUAC1
> 4 /var/tmp/flatpak-cache-DDS6C1
> 
> and on my laptop:
> 
> 631472/var/tmp/flatpak-cache-BYZHD1/child-oci-toPwKS/blobs/sha256
...

one answer could be that /var/tmp is for temporary files.
*and* /tmp and /var/tmp gets cleaned periodically by 
systemd-tmpfiles-clean.service. 
AFAIK, once per day.

more to read: 
systemctl list-timers => systemd-tmpfiles-clean.service
man systemd-tmpfiles
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: several issues with f34

[Tom Horsley]

On Mon, 6 Dec 2021 12:19:17 -0800
Paolo Galtieri wrote:

> I have disabled chronyd.  The main problem is the graphical.target vs 
> multi-user.target.  ntpd only starts in multi-user.target.

graphical target includes everything from multi user target (but not vice 
veras).
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: several issues with f34

[Paolo Galtieri]

I have disabled chronyd.  The main problem is the graphical.target vs 
multi-user.target.  ntpd only starts in multi-user.target.


Paolo

On 12/5/21 13:59, Ed Greshko wrote:

On 06/12/2021 01:48, Paolo Galtieri wrote:

systemctl status ntpd
○ ntpd.service - Network Time Service
 Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; 
vendor preset: disabled)

 Active: inactive (dead)
   Docs: man:ntpd(8)


As Tom has already indicated, this is what you'd get if you have both 
ntpd and chronyd enabled.


So, make sure only one time sync service is enabled.

--
Did 황준호 die?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

F34 pipewire and jack emulation; no sound from bluetooth headset

[karlderletzte]

hello,
i have a annoying problem with the routing of sound if jack server is running
and used.
scenario:
without jack server running the bluetooth headset is used and works
well.

the problem is, that inside the patchfield of jack, there is no route to
the bluetooth headset, only the default system output.
therefore the sound from jack is routed to my loudspeakers or plugged
headset.
unfortunately no bluetooth connections available.
i read a bit on the pipewire issue list, and it seems that i'm not alone
with bluetooth issues.
any idea how to play sounds through jack to bluetooth headset?

ps: i use the pipewire-jack emulation.
the newest versions available from the fedora34 repos.

thanks

-- 
Jens Reimer
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: several issues with f34

[Mike Wright]

On 12/6/21 9:13 AM, Paolo Galtieri wrote:


It turned out chronyd was also enabled, but marked as dead.


Have you tried
  1)
get the time servers out of the way
  systemctl disable chronyd
  systemctl disable ntpd
  2)
timedatectl   # see what's happening
timedatectl set-ntp true  # turn on network time sync
?

Only do surgery on the systemd files as the very last resort ;D

Mike Wright
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: several issues with f34

[Paolo Galtieri]

It turned out chronyd was also enabled, but marked as dead.

○ chronyd.service - NTP client/server
 Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; 
vendor preset: enabled)

 Active: inactive (dead) since Sun 2021-12-05 09:47:14 PST; 23h ago
   Docs: man:chronyd(8)
 man:chrony.conf(5)
    Process: 1047 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, 
status=0/SUCCESS)

   Main PID: 1053 (code=exited, status=0/SUCCESS)
    CPU: 42ms

Dec 05 09:37:31 truckin.homenet192-10.com chronyd[1053]: Frequency 
-3.984 +/- 0.061 ppm read from /var/lib/chrony/drift
Dec 05 09:37:31 truckin.homenet192-10.com chronyd[1053]: Using right/UTC 
timezone to obtain leap second data
Dec 05 09:37:31 truckin.homenet192-10.com systemd[1]: Started NTP 
client/server.
Dec 05 09:41:40 truckin.homenet192-10.com chronyd[1053]: Selected source 
213.154.236.182 (2.fedora.pool.ntp.org)
Dec 05 09:41:40 truckin.homenet192-10.com chronyd[1053]: System clock 
TAI offset set to 37 seconds
Dec 05 09:43:52 truckin.homenet192-10.com chronyd[1053]: Selected source 
95.81.173.74 (2.fedora.pool.ntp.org)

Dec 05 09:47:14 truckin.homenet192-10.com chronyd[1053]: chronyd exiting
Dec 05 09:47:14 truckin.homenet192-10.com systemd[1]: Stopping NTP 
client/server...
Dec 05 09:47:14 truckin.homenet192-10.com systemd[1]: chronyd.service: 
Deactivated successfully.
Dec 05 09:47:14 truckin.homenet192-10.com systemd[1]: Stopped NTP 
client/server.


I think the problem is the target.  My default target is listed as 
graphical.target and ntpd (and chronyd) only run in multi-user.target.  
I did not explicitly choose graphical target so I assume it is what was 
configured when I installed the system some time ago.  Are there going 
to be any issues changing the target from graphical to multi-user?


Paolo

On 12/5/21 11:27, Tom Horsley wrote:

On Sun, 05 Dec 2021 20:18:13 +0100
francis.montag...@inria.fr wrote:


Sorry: I was comparing with chronyd

Actually that's a good thing to look at. Have you disabled chrony?
If not, they will fight over the NTP port.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: several issues with f34

[Paolo Galtieri]

Here's the output:

systemctl cat ntpd.service
# /usr/lib/systemd/system/ntpd.service
[Unit]
Description=Network Time Service
Documentation=man:ntpd(8)
Wants=network.target
ConditionCapability=CAP_SYS_TIME
After=network.target nss-lookup.target
Conflicts=systemd-timesyncd.service

[Service]
Type=forking
PrivateTmp=true
ExecStart=/usr/sbin/ntpd -g -N -u ntp:ntp
# Specifying -g on the command line allows ntpd to make large adjustments to
# the clock on boot.  However, if Restart=yes is set, a malicious (or 
broken)

# server could send the incorrect time, trip the panic threshold, and when
# ntpd restarts, serve it the incorrect time (which would be accepted).
Restart=no

[Install]
WantedBy=multi-user.target
[pgaltieri@truckin ~]$ systemctl status systemd-timesyncd.service
○ systemd-timesyncd.service - Network Time Synchronization
 Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; 
disable>

 Active: inactive (dead)
   Docs: man:systemd-timesyncd.service(8)

systemctl status systemd-timesyncd.service
○ systemd-timesyncd.service - Network Time Synchronization
 Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; 
disable>

 Active: inactive (dead)
   Docs: man:systemd-timesyncd.service(8)

Paolo

On 12/5/21 11:18, francis.montag...@inria.fr wrote:

systemctl status systemd-timesyncd.service

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: several issues with f34

[Paolo Galtieri]

Here's the output:

[pgaltieri@truckin ~]$ systemctl get-default
graphical.target
[pgaltieri@truckin ~]$ find /etc/systemd/system -name chronyd.service -ls
  4195823  0 lrwxrwxrwx   1 root root   39 Apr 25 2019 
/etc/systemd/system/multi-user.target.wants/chronyd.service -> 
/usr/lib/systemd/system/chronyd.service


find /etc/systemd/system -name ntpd.service -ls
  4196557  0 lrwxrwxrwx   1 root root   36 Sep  4 19:19 
/etc/systemd/system/multi-user.target.wants/ntpd.service -> 
/usr/lib/systemd/system/ntpd.service


Paolo

On 12/5/21 10:55, francis.montag...@inria.fr wrote:

find /etc/systemd/system -name chronyd.service -ls

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: any chages to DS looging - performance in last version ?

[Mark Reynolds]

On 12/6/21 11:22 AM, Ghiurea, Isabella wrote:


Thank you for speedy reply Mark !

Is there a  cf option to  disable the access log  and keep only the 
errolog log file ?


So I assume this should eliminate the logging performance in DS correct ?

You can set nsslapd-accesslog-logging-enabled to off, and you will gain 
a little perf improvement 
(https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_accesslog_logging_enabled_Access_Log_Enable_Logging), 
but then you lose the ability to audit the server's activity.  I don't 
recommend it unless you never check the access log and really need a 
5-10% perf improvement.


Regards,
Mark


*From:*Mark Reynolds [mailto:marey...@redhat.com]
*Sent:* December 6, 2021 8:12 AM
*To:* General discussion list for the 389 Directory server project. 
<389-users@lists.fedoraproject.org>; Ghiurea, Isabella 

*Subject:* Re: [389-users] any chages to DS looging - performance in 
last version ?


/***ATTENTION*** This email originated from outside of the NRC. 
***ATTENTION*** Ce courriel provient de l'extérieur du CNRC/


On 12/6/21 11:08 AM, Ghiurea, Isabella wrote:

Good morning ,

Based on the doc link bellow  from 2019 :” Logging Performance
Improvement “ I would like to learn if there are any change in
related to access , error log performance in last 389DS version  ?


https://directory.fedoraproject.org/docs/389ds/design/logging-performance-improvement.html

Not yet.  It will probably be a while until we can get to rewritting 
the logging system.  It will not be a trivial change.


Mark

Thank you

Isabella



___

389-users mailing list --389-users@lists.fedoraproject.org

To unsubscribe send an email to389-users-le...@lists.fedoraproject.org

Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines

List 
Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

Do not reply to spam on the list, report 
it:https://pagure.io/fedora-infrastructure

--
Directory Server Development Team

___
389-users mailing list --389-users@lists.fedoraproject.org
To unsubscribe send an email to389-users-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report 
it:https://pagure.io/fedora-infrastructure


--
Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: any chages to DS looging - performance in last version ?

[Ghiurea, Isabella]

Thank you for speedy reply Mark !
Is there a  cf option to  disable the access log  and keep only the errolog log 
file ?
So I assume this should eliminate the logging performance in DS correct ?

From: Mark Reynolds [mailto:marey...@redhat.com]
Sent: December 6, 2021 8:12 AM
To: General discussion list for the 389 Directory server project. 
<389-users@lists.fedoraproject.org>; Ghiurea, Isabella 

Subject: Re: [389-users] any chages to DS looging - performance in last version 
?


***ATTENTION*** This email originated from outside of the NRC. ***ATTENTION*** 
Ce courriel provient de l'extérieur du CNRC


On 12/6/21 11:08 AM, Ghiurea, Isabella wrote:
Good morning ,
Based on the doc link bellow  from 2019 :” Logging Performance Improvement “ I 
would like to learn if there are any change in related to access , error log  
performance in last 389DS version  ?
https://directory.fedoraproject.org/docs/389ds/design/logging-performance-improvement.html

Not yet.  It will probably be a while until we can get to rewritting the 
logging system.  It will not be a trivial change.

Mark
Thank you
Isabella



___

389-users mailing list -- 
389-users@lists.fedoraproject.org

To unsubscribe send an email to 
389-users-le...@lists.fedoraproject.org

Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

--

Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: any chages to DS looging - performance in last version ?

[Mark Reynolds]

On 12/6/21 11:08 AM, Ghiurea, Isabella wrote:


Good morning ,

Based on the doc link bellow  from 2019 :” Logging Performance 
Improvement “ I would like to learn if there are any change in related 
to access , error log performance in last 389DS version  ?


https://directory.fedoraproject.org/docs/389ds/design/logging-performance-improvement.html

Not yet.  It will probably be a while until we can get to rewritting the 
logging system.  It will not be a trivial change.


Mark


Thank you

Isabella


___
389-users mailing list --389-users@lists.fedoraproject.org
To unsubscribe send an email to389-users-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report 
it:https://pagure.io/fedora-infrastructure


--
Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: Recent commits in stable 389ds branches - discussion

[Mark Reynolds]

Hi Andrey,

See comments below...

On 12/3/21 6:29 AM, Ivanov Andrey (M.) wrote:

Hi,

I'd like to discuss several recent (since a couple of months) commits 
in stable branches of 389ds. I will be talking about 1.4.4 
https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4 since it's 
the one we are using in production, but i think it's the same for 
1.4.3. These commits are welcome and go in the right direction, 
however the changes they produce are not something one expects when 
the server version changes in 4th digit (ex. 1.4.4.17 -> 1.4.4.18). 
Here they are:
I guess we don't follow the same principles :-)  For the most part these 
are all minor RFE's except for Rust, but Rust has been in use in our 
product (1.4.x series) for well over a year now, so I'm surprised to see 
issues arise about it now.  But adding these RFE's is not out of line 
IMHO, obviously you feel a little different about that.


1) Some database files [presumable memory-mapped files that are ok to 
be lost at reboot] that were previously in 
/var/lib/dirsrv/slapd-instance/db/ are now moved to 
/dev/shm/slapd-instance/. This modification seems to work fine (and 
should increase performance), however there is an error message at 
server startup when /dev/shm is empty (for example, after each OS 
reboot) when the server needs to create the files:
[03/Dec/2021:12:12:14.887200364 +0100] - ERR - bdb_version_write - 
Could not open file "/dev/shm/slapd-model/DBVERSION" for writing 
Netscape Portable Runtime -5950 (File not found.)
After the next 389ds restart this ERR message does not appear, but it 
appears after each OS reboot (since /dev/shm is cleaned up after each 
reboot).


We can look into modifying this behavior, especially since it's not a 
fatal error.  We can change the logging severity to NOTICE (from ERR) or 
something like that.


To be honest error log messages should not be expected to be static.  As 
work is done to the server logging messages are added/removed and/or 
changed all the time, and that's not going to change.  Now I know when 
we added the "wtime" and "optime" to the access logging that did cause 
some issues for Admins who parse our access logs.  We could have done 
better with communicating this change (live and learn).  But at the same 
time this new logging is tremendously useful, and has helped many 
customers troubleshoot various performance issues.  So while these 
changes can be disruptive we felt the pro's outweighed the cons.




2) UNIX socket of the server was moved to /run/slapd-instance.socket, 
a new keyword in .inf file for dscreate ("ldapi") has appeared.
Works fine, but it had an impact on our scripts that use ldapi socket 
path.
In this case using /var/run was outdated and was causing issues with 
systemd/tmpfiles on RHEL, and moving it to /run was the correct thing to 
do.  What I don't understand is why adding the option to set the LDAPI 
path in the INF file is a problem. Can you elaborate on that please?


3) A new default plugin requirement, the plugin being written in Rust 
- probably its introduction is FIPS-related (Issue 3584 - Fix 
PBKDF2_SHA256 hashing in FIPS mode).
This was a very important fix to get into 1.4.4, usually big changes do 
not land in 1.4.4 anymore, but this one needed to get in.
See my comment 
https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. 
Rust becomes a requirement for building the server, which is fine, but 
then it should be enabled by default in "./configure". Without it the 
server does not compile the new plugin and complains about it when 
starting:
[01/Dec/2021:12:54:04.460194603 +0100] - ERR - symload_report_error - 
Could not open library 
"/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin PBKDF2


Yes I do understand this frustration, and it is now fixed for non-rust 
builds.


In our specfile we do enable Rust by default (and have for over a year 
now), so I guess you don't use our specfile 
(389-ds-base/rpm/389-ds-base.spec.in) as a reference for building your 
server.  Also we have discussed moving to Rust on the public devel 
mailing list for along time now, so if you are not on this list 
(389-devel) then I strongly suggest you, or anyone who builds the server 
for themselves, to subscribe to it.  Again, we probably could have 
communicated this more "loudly".


---
Just to add to the previous mail - there is another phenomenon linked 
apparently  to the new plugin - at each start of the server two error 
messages about plugins with NULL identities are displayed:

...
[03/Dec/2021:14:41:38.945576751 +0100] - INFO - main - 
389-Directory/1.4.4.17 B2021.337.1333 starting up
[03/Dec/2021:14:41:38.946206385 +0100] - INFO - main - Setting the 
maximum file descriptor limit to: 64000
[03/Dec/2021:14:41:38.951185055 +0100] - ERR - allow_operation - 
Component identity is NULL
[03/Dec/2021:14:41:38.951846429 +0100] - 

[389-users] any chages to DS looging - performance in last version ?

[Ghiurea, Isabella]

Good morning ,
Based on the doc link bellow  from 2019 :" Logging Performance Improvement " I 
would like to learn if there are any change in related to access , error log  
performance in last 389DS version  ?
https://directory.fedoraproject.org/docs/389ds/design/logging-performance-improvement.html
Thank you
Isabella
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: Help - Missing nsAccount objectClass for WinSync users from AD

[Caderize Caderize]

Hi William,
the pam, for users created manually is working fine to me.
The only problem is related to synced users from AD whch seems doesn't have all 
the necessary objectClasses.

However, this is ldapserver pam service:
# here are the per-package modules (the "Primary" block)
auth[success=2 default=ignore]  pam_unix.so nullok
auth[success=1 default=ignore]  pam_sss.so use_first_pass debug
# here's the fallback if no module succeeds
authrequisite   pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
authrequiredpam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config


and this is sssd.con file:
[sssd]
domains = lab.local
config_file_version = 2
services = nss, pam
debug_level = 10

[domain/lab.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = LAB.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = lab.local
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
#enumerate = true

auth_provider = ad
chpass_provider = ad
ldap_schema = ad

dyndns_update = true
dyndns_refresh_interval = 43200
dyndns_update_ptr = true
dyndns_ttl = 3600

Hope to have a soonest reply from you.

Best Regards
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure