On Mon, Nov 30, 2020 at 8:43 PM Mote, Todd <mo...@austin.utexas.edu> wrote: > > Hi all > > > > I updated my RHEL 8 test box today and got sssd-2.3.0-9.el8.x86_64 as an > update from sssd-2.2.3-20.el8.x86_64. Prior to the upgrade everything worked > fine. Immediately after upgrade sssd fails to restart the critical service > [sudo], and fails to start sssd at all, as noted in journalctl -xe.
Could you please set "debug_level = 9" in "[sudo]" section of /etc/sssd.conf, restart sssd and provide /var/log/sssd_sudo.log (sanitized if needed)? > > > > Are there things that needs to be done to affect a successful upgrade from > 2.2.3 to 2.3.0? a conf file change perhaps? I saw mentions of “required > conf file changes” in other issues reported in github. > > > > Downgrading back to 2.2.3 and removing the database returns sssd to starting > and working. > > Removing “sudo” as a service from sssd.conf allows sssd to start with 2.3.0-9 > installed. > > > > I attempted to use “systemctl enable sssd-sudo” like the man page suggests > and the result in the journal is “Dependency failed for SSSD Sudo Service > responder socket.” > > > > I also noted this in the sssd-sudo man page: “It's important to note that on > platforms where systemd is supported there's no need to add the "sudo" > provider > > to the list of services, as it became optional. However, > sssd-sudo.socket must be enabled instead.” > > having enabled the sockect and removed “sudo” from the list of services, it > does seem to work and retrieve rules from AD for the user. > > > > Is all of this correct? Is removing “sudo” as a service the answer to this > or is it just a workaround? If it is the solution, is there any > documentation about changes to configurations from version to version like > sudo no longer allowing the service to start if it’s explicitly listed as a > service? > > > > Just trying to figure out the scope of what will need to change on my fleet. > The evidence so far seems to point to just removing “sudo” as a service in > sssd.conf. Is that enough? Should “systemctl enable sssd-sudo” be run as > well? > > > > Thanks in advance for your insights. > > > > Todd > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org