Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#53290 - [sssd] sssd-1.15.1 broken (sssd-ifp.service may be requested by dependency only.)
Attached to Project:
Community Packages
Opened by Dan (direx) - Monday, 13 March 2017, 15:51 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Wednesday, 15 March 2017, 13:59 GMT
Opened by Dan (direx) - Monday, 13 March 2017, 15:51 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Wednesday, 15 March 2017, 13:59 GMT
|
DetailsDescription:
After upgrading from 1.15.0 to 1.15.1 SSSD is no longer working. Listing the available domains does not even work any more, which is probably the root cause of this: localhost ~ # sssctl domain-list Unable to get domains list [3]: Communication error org.freedesktop.systemd1.OnlyByDependency: Operation refused, sssd-ifp.service may be requested by dependency only. Additional info: * Affected packages: "sssd-1.15.1" (1.15.0 works without any issues) From 1.15.0 to 1.15.1 the "--enable-files-domain" configure switch was changed, which *could* be related to this issue. Since logging in to the system does not work any more the impact of this issue is "high". Steps to reproduce: 1. Install SSSD and configure at least one domain 2. Run "sssctl domain-list" |
This task depends upon
Closed by Massimiliano Torromeo (mtorromeo)
Wednesday, 15 March 2017, 13:59 GMT
Reason for closing: Fixed
Additional comments about closing: sssd-1.15.1-2
Wednesday, 15 March 2017, 13:59 GMT
Reason for closing: Fixed
Additional comments about closing: sssd-1.15.1-2
The command "sssctl domain-list" works if you add "ifp" to the "services" list in /etc/sssd/sssd.conf.
There were many changes related to the sssd systemd services in 1.15.0 and 1.15.1 so the change in behaviour may be related to that but I don't think that "--enable-files-domain" has anything to do with it.
But I still think the "--enable-files-domain" broke my setup. In my environment there are some users in "/etc/passwd", which I could authenticate using SSSD and override some of their attributes in "/etc/passwd", as SSSD used to not care about this file (I was not using id_provider=files). Now this behavior breaks with "--enable-files-domain", as SSSD always uses a files provider and cannot find a relevant shadow entry for the users with a passwd-override.
Are there any reasons why this *non-default* configure switch is being used now? AFAIK the same behavior can always be achieved by a config entry, but not vice versa, as the configure switch *overrides* the config.