[Bug 2142140] Re: rootless sssd upgrade issues

Andreas Hasenack Tue, 24 Feb 2026 05:35:47 -0800

I did an upgrade from 2.10.1-2ubuntu7 to 2.12.0-1ubuntu3, having started
with the configuration done by the test ldap-user-group-krb5-auth
(kerberos auth, and ldap user/group info).


I got the following error possibly related to permissions:

==> /var/log/sssd/sssd_pam.log <==                                              
                                                                                
                               
(2026-02-24 13:19:26): [pam] [orderly_shutdown] (0x3f7c0): SIGTERM: killing 
children                                                                        
                                   
(2026-02-24 13:19:26): [pam] [orderly_shutdown] (0x3f7c0): Shutting down 
(status = 0)                                                                    
                                      
(2026-02-24 13:19:26): [pam] [cleanup_preauth_indicator] (0x0040): Failed to 
remove preauth indicator file [/var/lib/sss/pubconf/pam_preauth_available] 13 
[Permission denied].  

After the upgrade finished I checked:

root@ldap:~# l /var/lib/sss/pubconf/
total 4.0K
drwxrwxr-x 1 sssd sssd 108 Feb 24 13:12 .
drwxrwxr-x 1 sssd sssd 100 Feb 24 13:12 ..
-rw-r--r-- 1 sssd sssd  11 Feb 24 13:12 kdcinfo.EXAMPLE.COM
drwxrwxr-x 1 sssd sssd   0 Dec 11 20:09 krb5.include.d
-rw------- 1 sssd sssd   0 Feb 24 13:12 pam_preauth_available

Perhaps the removal was attempted by the now unprivileged daemon and
before the chown took place.


The other upgrade error was there before, and doesn't look like it's related to 
permissions. I even wonder why it's so loud, as it generates a huge backtrace 
in the logs:

==> /var/log/sssd/sssd_LDAP.log <==                                             
                                                                                
                               
(2026-02-24 13:19:26): [be[LDAP]] [server_setup] (0x3f7c0): Starting with debug 
level = 0x0070                                                                  
                               
(2026-02-24 13:19:26): [be[LDAP]] [krb5_init_kpasswd] (0x0010): Missing 
krb5_kpasswd option and KDC set explicitly, will use KDC for password change 
operations!                               
********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING 
BACKTRACE:                                                                      
                                        
   *  [be[LDAP]] [ldb] (0x0400): server_sort:Unable to register control with 
rootdse!                                                                        
                                  
   *  (2026-02-24 13:19:26): [be[LDAP]] [server_setup] (0x0400): CONFDB: 
/var/lib/sss/db/config.ldb                                 
(...)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2142140

Title:
  rootless sssd upgrade issues

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2142140/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2142140] Re: rootless sssd upgrade issues

Reply via email to