Hello,
I have a similar problem after upgrading to Debian 12. On all upgraded machines
sssd-pac.service fails. My understanding is, that services listed in the
services line are not socket activated. Therefore I completely removed this
line in Debian 11. Since Debian preconfigured the socket services I would then
still have failed services when I would add them to services=.
This is my sssd.conf (domain names removed):
[sssd]
domains = xxxx
config_file_version = 2
[domain/xxxx]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = XXXX
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = xxxx
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
ldap_user_ssh_public_key = altSecurityIdentities
ad_gpo_access_control = disabled
[pam]
[pac]
[ssh]
[sudo]
[nss]
default_shell = /bin/bash
shell_fallback = /bin/bash
allowed_shells = /bin/bash,/bin/zsh
I can see the same errors as described above in my log file. "sudo systemctl |
grep sssd" provides the following output:
sssd-nss.service
loaded active running SSSD NSS Service responder
● sssd-pac.service
loaded failed failed SSSD PAC Service responder
sssd-pam.service
loaded active running SSSD PAM Service responder
sssd-ssh.service
loaded active running SSSD SSH Service responder
sssd.service
loaded active running System Security Services Daemon
sssd-autofs.socket
loaded active listening SSSD AutoFS Service responder socket
sssd-nss.socket
loaded active running SSSD NSS Service responder socket
● sssd-pac.socket
loaded failed failed SSSD PAC Service responder socket
sssd-pam-priv.socket
loaded active running SSSD PAM Service responder private
socket
sssd-pam.socket
loaded active running SSSD PAM Service responder socket
sssd-ssh.socket
loaded active running SSSD SSH Service responder socket
sssd-sudo.socket
loaded active listening SSSD Sudo Service responder socket
It seems that sssd-pac is still started with the main sssd process:
"sudo systemctl status sssd.service":
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/system/sssd.service; enabled; preset: enabled)
Active: active (running) since Mon 2023-08-07 12:56:45 CEST; 50min ago
Main PID: 14410 (sssd)
Tasks: 3 (limit: 9481)
Memory: 19.8M
CPU: 1.938s
CGroup: /system.slice/sssd.service
├─14410 /usr/sbin/sssd -i --logger=files
├─14411 /usr/libexec/sssd/sssd_be --domain xxxx --uid 0 --gid 0
--logger=files
└─14412 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files
Aug 07 12:56:44 yyyy systemd[1]: Starting sssd.service - System Security
Services Daemon...
Aug 07 12:56:45 yyyy sssd[14410]: Starting up
Aug 07 12:56:45 yyyy sssd_be[14411]: Starting up
Aug 07 12:56:45 yyyy sssd_pac[14412]: Starting up
Aug 07 12:56:45 yyyy systemd[1]: Started sssd.service - System Security
Services Daemon.
On Debian 11 I do net see /usr/libexec/sssd/sssd_pac as part of this output.
Does anybody have an idea on how to fix this?
Regards
Steven
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
