Package: debian-edu-config Severity: important Version: 2.11.39
On Roaming Workstation, the /etc/sssd/sssd-debian-edu.conf causes error messages during boot:
``` root@notebook-35:~# journalctl -b 0 | grep socket | grep -i sssdDez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD NSS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder private socket. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: (2020-12-15 11:51:41:970085): [sssd] [main] (0x0010): Misconfiguration found for the nss responder. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: The nss responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the nss's socket by calling: Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: (2020-12-15 11:51:41:970085): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[824]: "systemctl disable sssd-nss.socket" Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[826]: "systemctl disable sssd-pam.socket" Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-nss.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-nss.socket: Failed with result 'exit-code'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on SSSD NSS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on SSSD PAM Service responder private socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Dependency failed for SSSD PAM Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD AutoFS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD PAC Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD SSH Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Starting SSSD Sudo Service responder socket. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: (2020-12-15 11:51:41:978982): [sssd] [main] (0x0010): Misconfiguration found for the autofs responder. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: The autofs responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the autofs's socket by calling: Dez 15 11:51:41 notebook-35.intern sssd_check_socket_activated_responders[835]: "systemctl disable sssd-autofs.socket" Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-autofs.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:41 notebook-35.intern systemd[1]: sssd-autofs.socket: Failed with result 'exit-code'. Dez 15 11:51:41 notebook-35.intern systemd[1]: Failed to listen on SSSD AutoFS Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD SSH Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD PAC Service responder socket. Dez 15 11:51:41 notebook-35.intern systemd[1]: Listening on SSSD Sudo Service responder socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder private socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder socket. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: (2020-12-15 11:51:56:347851): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1607]: "systemctl disable sssd-pam.socket" Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: (2020-12-15 11:51:56:348023): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'. Dez 15 11:51:56 notebook-35.intern sssd_check_socket_activated_responders[1608]: "systemctl disable sssd-pam.socket" Dez 15 11:51:56 notebook-35.intern systemd[1]: Failed to listen on SSSD PAM Service responder private socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: Dependency failed for SSSD PAM Service responder socket. Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'. Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Control process exited, code=exited, status=17/n/a Dez 15 11:51:56 notebook-35.intern systemd[1]: sssd-pam.socket: Failed with result 'exit-code'. Dez 15 11:51:56 notebook-35.intern systemd[1]: Closed SSSD PAM Service responder socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder private socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: Starting SSSD PAM Service responder socket. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: (2020-12-15 12:00:45:730707): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4875]: "systemctl disable sssd-pam.socket" Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: (2020-12-15 12:00:45:730867): [sssd] [main] (0x0010): Misconfiguration found for the pam responder. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: The pam responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the pam's socket by calling: Dez 15 12:00:45 notebook-35.intern sssd_check_socket_activated_responders[4876]: "systemctl disable sssd-pam.socket" Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Control process exited, code=exited, status=17/n/a Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam-priv.socket: Failed with result 'exit-code'. Dez 15 12:00:45 notebook-35.intern systemd[1]: Failed to listen on SSSD PAM Service responder private socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: Dependency failed for SSSD PAM Service responder socket. Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Job sssd-pam.socket/start failed with result 'dependency'. Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Control process exited, code=exited, status=17/n/a Dez 15 12:00:45 notebook-35.intern systemd[1]: sssd-pam.socket: Failed with result 'exit-code'. Dez 15 12:00:45 notebook-35.intern systemd[1]: Closed SSSD PAM Service responder socket.
``` To possible ways to fix this:Solution 1 (I guess the preferred, but maybe we loose the filter_groups and filter_users options)
``` root@notebook-35:~# etckeeper vcs diff diff --git a/sssd/sssd.conf b/sssd/sssd.conf index 9451b33..1eb8078 100644 --- a/sssd/sssd.conf +++ b/sssd/sssd.conf @@ -3,19 +3,8 @@ config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 -services = nss, pam, autofs domains = intern -[nss] -filter_groups = root -filter_users = root -reconnection_retries = 3 - -[pam] -reconnection_retries = 3 - -[autofs] - [domain/intern] ; Using enumerate = true leads to high load and slow response enumerate = false ``` Solution 2 (possibly old-stylish): Disable these systemd socket listeners: /lib/systemd/system/sssd-autofs.socket /lib/systemd/system/sssd-nss.socket /lib/systemd/system/sssd-pam.socket (Maybe also these???) /lib/systemd/system/sssd-ssh.socket /lib/systemd/system/sssd-pam-priv.socketI am not an expert on sssd, but I think we should make sure to avoid error messages / service startup failures during system boot on Debian Edu Roaming Workstations.
Any other ideas? Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
pgp6EPDMYyDBv.pgp
Description: Digitale PGP-Signatur
