http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c2 --- Comment #2 from Trevor McLeod --- Samuel, Please excuse my tardiness, but I have been tied up with other tasks. I've grabbed the appropriate RPM from the link provided and will test. I expect to get back to you in a day or so. Thanks, Trevor -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c4 --- Comment #4 from Trevor McLeod --- Samuel, I tried adding adding the repo and installing manually, but there is still a dependency problem: lin50:/etc/zypp/repos.d # zypper install sssd-1.16.1-lp151.7.8.1.x86_64 Loading repository data... Reading installed packages... Resolving package dependencies... Problem: sssd-1.16.1-lp151.7.8.1.x86_64 requires sssd-ldap = 1.16.1-lp151.7.8.1, but this requirement cannot be provided not installable providers: sssd-ldap-1.16.1-lp151.7.8.1.i586[home_scabrero_branches_openSUSE_Leap_15.1_Update] sssd-ldap-1.16.1-lp151.7.8.1.x86_64[home_scabrero_branches_openSUSE_Leap_15.1_Update] Solution 1: install sssd-ldap-1.16.1-lp151.7.8.1.x86_64 (with vendor change) openSUSE --> obs://build.opensuse.org/home:scabrero Solution 2: do not install sssd-1.16.1-lp151.7.8.1.x86_64 Solution 3: break sssd-1.16.1-lp151.7.8.1.x86_64 by ignoring some of its dependencies Choose from above solutions by number or cancel [1/2/3/c] (c): If I understand this correctly, I should choose solution 1 in order to obtain sssd-ldap-1.16.1-lp151.7.8.1.x86_64 from your repo? Thanks, Trevor -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c8 --- Comment #8 from Trevor McLeod --- Samuel, Using the combination of your updated sssd package AND systemd to create the /run/netconfig directory, I can confirm that the issue at boot up is resolved. In /var/log/messages, I can see that sssd ldap comes up, then goes backend offline. Afterwards, when DHCP assigns an IP address AND receives the names of the DNS hosts, sssd ldap goes backend online. Do you have any idea as to when these fixes will be released? Trevor -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c11 --- Comment #11 from Samuel Cabrero --- (In reply to Trevor McLeod from comment #10)

Hello, Samuel.

I was finally able to get back to this matter. I installed a new openSuSE 15.1 machine today. There are no updates pending. The version of sssd installed is sssd-1.16.1-lp151.7.12.1.x86_64. Our mitigation technique of installing a custom sssd.service is not installed on this machine.

The problem does NOT appear to be fixed.

Upon booting, I can only login with cached credentials. The sssd be service is offline. When I check /var/log/message, it appears that sssd comes up, then DHCP provides an IP address and then sssd be goes offline and never recovers.

I note that the version of sssd installed is newer than the one referenced in bug 1136139.

I wonder if the problem was re-introduced with the newer version of sssd that we are using?

Trevor

Hi Trevor, that version is the latest available and it contains the relevant patches. I tried to reproduce manually and it is working fine for me. Could you attach the sssd log files at debug level 10 by the time the IP address is assigned? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c13 --- Comment #13 from Samuel Cabrero --- (In reply to Trevor McLeod from comment #12)

First, I assume, this involves inserting an “debug_level = 10” statement into the sssd.conf file.

Exactly.

Secondly, there are multiple sections within our file. Each section is prefaced with “[something]” where “something” in our environment is one of:

sssd nss pam domain/LDAP

Please set it in [sssd] and [domain/LDAP].

Finally, there are sssd logs for all of the above. Do you require all of them?

No, only the ones where you enabled debug level 10, and please make sure the logs include the time the machine gets the IP address. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c15 --- Comment #15 from Trevor McLeod --- Created attachment 828732 --> http://bugzilla.opensuse.org/attachment.cgi?id=828732&action=edit A gzipped copy of /var/log/sssd/sssd.log -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c17 --- Comment #17 from Trevor McLeod --- Samuel, I've attached the relevant logs after booting up the computer at 11:21 PST. I logged in with cached credentials. Again sssd was down: montuku:~ # systemctl status sssd.service ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2020-01-30 11:21:54 PST; 2min 31s ago Main PID: 974 (sssd) Tasks: 4 (limit: 4915) CGroup: /system.slice/sssd.service ├─ 974 /usr/sbin/sssd -i --logger=files ├─1084 /usr/lib/sssd/sssd_be --domain LDAP --uid 0 --gid 0 --logger=files ├─1117 /usr/lib/sssd/sssd_nss --uid 0 --gid 0 --logger=files └─1118 /usr/lib/sssd/sssd_pam --uid 0 --gid 0 --logger=files Jan 30 11:21:54 montuku systemd[1]: Starting System Security Services Daemon... Jan 30 11:21:54 montuku sssd[974]: Starting up Jan 30 11:21:54 montuku sssd[be[1084]: Starting up Jan 30 11:21:54 montuku sssd[1118]: Starting up Jan 30 11:21:54 montuku sssd[1117]: Starting up Jan 30 11:21:54 montuku systemd[1]: Started System Security Services Daemon. Jan 30 11:21:55 montuku sssd[be[1084]: Backend is offline Within /var/log/messages at 11:21:54, sssd, sssd[be[LDAP]], sssd[pam] and sssd[nss] all start up. At 11:21:55, sssd[be[LDAP]] Backend is offline. DHCP acquires an address at 11:22:03 Within, sssd.log: (Thu Jan 30 11:21:54 2020) [sssd] [_snotify_create] (0x0400): Added a watch for /run/netconfig with inotify flags 0x8D88 internal flags 0x1 using function resolv_conf_inotify_cb after delay 1.0 Then: (Thu Jan 30 11:21:54 2020) [sssd] [process_dir_event] (0x4000): inotify name: netconfig (Thu Jan 30 11:21:54 2020) [sssd] [process_dir_event] (0x0400): received notification for watched file [netconfig] under /run This is the same time that all the sssd processes start up. Then: (Thu Jan 30 11:22:03 2020) [sssd] [process_dir_event] (0x4000): inotify name: netconfig.pid (Thu Jan 30 11:22:03 2020) [sssd] [process_dir_event] (0x0400): Not interested in netconfig.pid (Thu Jan 30 11:22:03 2020) [sssd] [snotify_internal_cb] (0x2000): All inotify events processed This is the same time that DHCP acquires an address. I don't see anything of help in the sssd_LDAP.log. Hope this helps. Trevor -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1141925 http://bugzilla.opensuse.org/show_bug.cgi?id=1141925#c19 Samuel Cabrero changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|DUPLICATE |--- Flags| |needinfo?(tabmcleo@cs.ubc.c | |a) --- Comment #19 from Samuel Cabrero --- Hi Trevor, sssd receives the notification of resolv.conf modified and the backend should switch to online: (Thu Jan 30 11:21:55 2020) [sssd] [resolv_conf_inotify_cb] (0x2000): Received inotify notification for /run/netconfig (Thu Jan 30 11:21:55 2020) [sssd] [monitor_update_resolv] (0x1000): Resolv.conf has been updated. Reloading. But in your case it remains offline, so it may be other problems when connecting to the LDAP server. The sssd_LDAP.log is empty because you have to add the "debug_level = 10" under the [domain/LDAP] section too. I have seen in the logs nscd is running, stop and disable it to avoid problems resolving users and groups. Also, "entry_cache_timeout" should be under the [domain/LDAP] section. Please attach your sssd.conf file to have a look to it. -- You are receiving this mail because: You are on the CC list for the bug.