Le mar. 20 août 2019 à 15:15, Sumit Bose <sb...@redhat.com> a écrit :
> On Tue, Aug 20, 2019 at 02:01:40PM +0200, cedric hottier wrote: > > Dear SSSD users, > > > > I would like to share with you few issues I faced during the move from > > 1.16.3 to 2.2.0 sssd release. > > I am a Debian user and I did this move because Debian pushed the 2.2.0 > > release in the testing branch. > > > > My configuration may seem exotic as I use 'files' as id_provider and > 'krb5' > > as auth_provider. > > > > Initially with the 1.16 version I faced the following issue : > > https://pagure.io/SSSD/sssd/issue/3591 > > > > Thanks to Jakub Hrozek > > < > https://lists.fedorahosted.org/archives/users/5980502310531547029931685919681184321/ > >, > > I was able to make it working with the following workaround : > > id_provider=proxy proxy_lib_name=files > > For those interested, the discussion thread is here : > > > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/5BHXWYHNA7PT5V76CXCALZ4LVPOTRFVY/ > > > > > > With the move to 2.2.0, I faced several issues... > > First, I had to remove the line services = nss, pam, ifp from sssd.conf > > because I use systemd. > > I think i fell in the bug described here : > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886483 . I do not > know if > > it is a debian specific integration issue, or a sssd issue. I did not > find > > any reference to sssd upstream bug, but in the meantime, it is written > that > > "We believe that the bug you reported is fixed in the latest version of > sssd" > > . Not clear for me if they are talking about sssd debian package version, > > or upstream version. > > Anyway, I faced this issue with new debian package 2.2.0, let me know if > it > > is a debian specific stuff to open a bug report on debian side. > > > > Once the previous issue was fixed, I faced a segmentation fault in > > libsss_proxy.so. > > Hi, > > I guess you are seeing https://pagure.io/SSSD/sssd/issue/3931 which > should be fixed in sssd-2.2.1. > > HTH > > bye, > Sumit > Hi, Thank you for your reply. It is not so obvious to me. The bug report does not mention a segmentation fault, but an excessive amount of time to fetch all groups. the ticket also mentions this condition : enumerate = true , who is not fulfilled in my case. My config is the following : /etc/sssd/sssd.conf : [sssd] services = nss, pam, ifp domains = ECCM.LAN [pam] pam_verbosity = 2 offline_credentials_expiration = 0 /etc/sssd/conf.d/01_ECCM_LAN.conf [domain/ECCM.LAN] debug_level = 10 id_provider = proxy proxy_lib_name=files auth_provider = krb5 krb5_server = DebianCubox.eccm.lan krb5_realm = ECCM.LAN krb5_validate = true krb5_ccachedir = /var/tmp krb5_keytab = /etc/krb5.keytab krb5_store_password_if_offline = true cache_credentials = true > > Sorry to not have the exact error message. But it should be easy to > > reproduce. > > id_provider = files > > auth_provider = krb5 > > should show the issue. > > > > Due to this seg fault, I removed the workaround of the bug 3591. sssd was > > properly started by systemd, but, I realized, that the bug 3591, is still > > not fixed. > > > > I am afraid I am locked with 1,16,3 release. ( who does the job, but not > > aligned with debian testing ) > > > > Thanks for your feedback > > > > Kind Regards > > Cedric > > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org