[SSSD-users] Re: Issues with upgrade from 1.16.3 to 2.2.0 release

2019-08-20 Thread Lukas Slebodnik 
On (20/08/19 14:01), cedric hottier wrote:
>Dear SSSD users,
>
>I would like to share with you few issues I faced during the move from
>1.16.3 to 2.2.0 sssd release.
>I am a Debian user and I did this move because Debian pushed the 2.2.0
>release in the testing branch.
>
>My configuration may seem exotic as I use 'files' as id_provider and 'krb5'
>as auth_provider.
>
>Initially with the 1.16 version I faced the following issue :
>https://pagure.io/SSSD/sssd/issue/3591
>
>Thanks to Jakub Hrozek
>,
>I was able to make it working with the following workaround :
>id_provider=proxy proxy_lib_name=files
>For those interested, the discussion thread is here :
>https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/5BHXWYHNA7PT5V76CXCALZ4LVPOTRFVY/
>
>
>With the move to 2.2.0, I faced several issues...
>First, I had to remove the line services = nss, pam, ifp from sssd.conf
>because I use systemd.

Debian enabled socket activated responders by default.
You needn't remove line with services.
You can disable/mask related sssd sockets if you do not like such behaviour
Or if you do not want ot have failed services.
(sssd-nss.socket, sssd-pam-priv.socket, sssd-pam.socket)

But everything will work as expected with 2.2.1 and "services = nss, pam, ifp"
Removing the line will not be problem with socket activated responders.
It is up to you whether you want to use them or no.

So this issue is unrelated to the segfault.
And check my other email :-)

LS
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: Issues with upgrade from 1.16.3 to 2.2.0 release

2019-08-20 Thread Lukas Slebodnik 
On (20/08/19 15:01), Sumit Bose wrote:
>On Tue, Aug 20, 2019 at 02:01:40PM +0200, cedric hottier wrote:
>> Dear SSSD users,
>> 
>> I would like to share with you few issues I faced during the move from
>> 1.16.3 to 2.2.0 sssd release.
>> I am a Debian user and I did this move because Debian pushed the 2.2.0
>> release in the testing branch.
>> 
>> My configuration may seem exotic as I use 'files' as id_provider and 'krb5'
>> as auth_provider.
>> 
>> Initially with the 1.16 version I faced the following issue :
>> https://pagure.io/SSSD/sssd/issue/3591
>> 
>> Thanks to Jakub Hrozek
>> ,
>> I was able to make it working with the following workaround :
>> id_provider=proxy proxy_lib_name=files
>> For those interested, the discussion thread is here :
>> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/5BHXWYHNA7PT5V76CXCALZ4LVPOTRFVY/
>> 
>> 
>> With the move to 2.2.0, I faced several issues...
>> First, I had to remove the line services = nss, pam, ifp from sssd.conf
>> because I use systemd.
>> I think i fell in the bug described here :
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886483 . I do not know if
>> it is a debian specific integration issue, or a sssd issue. I did not find
>> any reference to sssd upstream bug, but in the meantime, it is written that
>> "We believe that the bug you reported is fixed in the latest version of sssd"
>> . Not clear for me if they are talking about sssd debian package version,
>> or upstream version.
>> Anyway, I faced this issue with new debian package 2.2.0, let me know if it
>> is a debian specific stuff to open a bug report on debian side.
>> 
>> Once the previous issue was fixed, I faced a segmentation fault in
>> libsss_proxy.so.
>
>Hi,
>
>I guess you are seeing https://pagure.io/SSSD/sssd/issue/3931 which
Actually, this issue introduced a regression
https://pagure.io/SSSD/sssd/issue/4037

Which is fixed in sssd-2.2.1.

HTH

LS
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: Issues with upgrade from 1.16.3 to 2.2.0 release

2019-08-20 Thread cedric hottier 
Le mar. 20 août 2019 à 15:15, Sumit Bose  a écrit :

> On Tue, Aug 20, 2019 at 02:01:40PM +0200, cedric hottier wrote:
> > Dear SSSD users,
> >
> > I would like to share with you few issues I faced during the move from
> > 1.16.3 to 2.2.0 sssd release.
> > I am a Debian user and I did this move because Debian pushed the 2.2.0
> > release in the testing branch.
> >
> > My configuration may seem exotic as I use 'files' as id_provider and
> 'krb5'
> > as auth_provider.
> >
> > Initially with the 1.16 version I faced the following issue :
> > https://pagure.io/SSSD/sssd/issue/3591
> >
> > Thanks to Jakub Hrozek
> > <
> https://lists.fedorahosted.org/archives/users/5980502310531547029931685919681184321/
> >,
> > I was able to make it working with the following workaround :
> > id_provider=proxy proxy_lib_name=files
> > For those interested, the discussion thread is here :
> >
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/5BHXWYHNA7PT5V76CXCALZ4LVPOTRFVY/
> >
> >
> > With the move to 2.2.0, I faced several issues...
> > First, I had to remove the line services = nss, pam, ifp from sssd.conf
> > because I use systemd.
> > I think i fell in the bug described here :
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886483 . I do not
> know if
> > it is a debian specific integration issue, or a sssd issue. I did not
> find
> > any reference to sssd upstream bug, but in the meantime, it is written
> that
> > "We believe that the bug you reported is fixed in the latest version of
> sssd"
> > . Not clear for me if they are talking about sssd debian package version,
> > or upstream version.
> > Anyway, I faced this issue with new debian package 2.2.0, let me know if
> it
> > is a debian specific stuff to open a bug report on debian side.
> >
> > Once the previous issue was fixed, I faced a segmentation fault in
> > libsss_proxy.so.
>
> Hi,
>
> I guess you are seeing https://pagure.io/SSSD/sssd/issue/3931 which
> should be fixed in sssd-2.2.1.
>
> HTH
>
> bye,
> Sumit
>
Hi,
Thank you for your reply.
It is not so obvious to me. The bug report does not mention a segmentation
fault, but an excessive amount of time to fetch all groups.
the ticket also mentions this condition : enumerate = true , who is not
fulfilled in my case.

My config is the following :
/etc/sssd/sssd.conf : [sssd] services = nss, pam, ifp domains = ECCM.LAN
[pam] pam_verbosity = 2 offline_credentials_expiration = 0
/etc/sssd/conf.d/01_ECCM_LAN.conf [domain/ECCM.LAN] debug_level = 10
id_provider = proxy
proxy_lib_name=files
auth_provider = krb5 krb5_server = DebianCubox.eccm.lan krb5_realm =
ECCM.LAN krb5_validate = true krb5_ccachedir = /var/tmp krb5_keytab =
/etc/krb5.keytab krb5_store_password_if_offline = true
cache_credentials = true


> > Sorry to not have the exact error message. But it should be easy to
> > reproduce.
> > id_provider = files
> > auth_provider = krb5
> > should show the issue.
> >
> > Due to this seg fault, I removed the workaround of the bug 3591. sssd was
> > properly started by systemd, but, I realized, that the bug 3591, is still
> > not fixed.
> >
> > I am afraid I am locked with 1,16,3 release. ( who does the job, but not
> > aligned with debian testing )
> >
> > Thanks for your feedback
> >
> > Kind Regards
> > Cedric
>
> > ___
> > sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
>
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: Issues with upgrade from 1.16.3 to 2.2.0 release

2019-08-20 Thread Sumit Bose 
On Tue, Aug 20, 2019 at 02:01:40PM +0200, cedric hottier wrote:
> Dear SSSD users,
> 
> I would like to share with you few issues I faced during the move from
> 1.16.3 to 2.2.0 sssd release.
> I am a Debian user and I did this move because Debian pushed the 2.2.0
> release in the testing branch.
> 
> My configuration may seem exotic as I use 'files' as id_provider and 'krb5'
> as auth_provider.
> 
> Initially with the 1.16 version I faced the following issue :
> https://pagure.io/SSSD/sssd/issue/3591
> 
> Thanks to Jakub Hrozek
> ,
> I was able to make it working with the following workaround :
> id_provider=proxy proxy_lib_name=files
> For those interested, the discussion thread is here :
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/5BHXWYHNA7PT5V76CXCALZ4LVPOTRFVY/
> 
> 
> With the move to 2.2.0, I faced several issues...
> First, I had to remove the line services = nss, pam, ifp from sssd.conf
> because I use systemd.
> I think i fell in the bug described here :
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886483 . I do not know if
> it is a debian specific integration issue, or a sssd issue. I did not find
> any reference to sssd upstream bug, but in the meantime, it is written that
> "We believe that the bug you reported is fixed in the latest version of sssd"
> . Not clear for me if they are talking about sssd debian package version,
> or upstream version.
> Anyway, I faced this issue with new debian package 2.2.0, let me know if it
> is a debian specific stuff to open a bug report on debian side.
> 
> Once the previous issue was fixed, I faced a segmentation fault in
> libsss_proxy.so.

Hi,

I guess you are seeing https://pagure.io/SSSD/sssd/issue/3931 which
should be fixed in sssd-2.2.1.

HTH

bye,
Sumit

> Sorry to not have the exact error message. But it should be easy to
> reproduce.
> id_provider = files
> auth_provider = krb5
> should show the issue.
> 
> Due to this seg fault, I removed the workaround of the bug 3591. sssd was
> properly started by systemd, but, I realized, that the bug 3591, is still
> not fixed.
> 
> I am afraid I am locked with 1,16,3 release. ( who does the job, but not
> aligned with debian testing )
> 
> Thanks for your feedback
> 
> Kind Regards
> Cedric

> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Issues with upgrade from 1.16.3 to 2.2.0 release

2019-08-20 Thread cedric hottier 
Dear SSSD users,

I would like to share with you few issues I faced during the move from
1.16.3 to 2.2.0 sssd release.
I am a Debian user and I did this move because Debian pushed the 2.2.0
release in the testing branch.

My configuration may seem exotic as I use 'files' as id_provider and 'krb5'
as auth_provider.

Initially with the 1.16 version I faced the following issue :
https://pagure.io/SSSD/sssd/issue/3591

Thanks to Jakub Hrozek
,
I was able to make it working with the following workaround :
id_provider=proxy proxy_lib_name=files
For those interested, the discussion thread is here :
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/5BHXWYHNA7PT5V76CXCALZ4LVPOTRFVY/


With the move to 2.2.0, I faced several issues...
First, I had to remove the line services = nss, pam, ifp from sssd.conf
because I use systemd.
I think i fell in the bug described here :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886483 . I do not know if
it is a debian specific integration issue, or a sssd issue. I did not find
any reference to sssd upstream bug, but in the meantime, it is written that
"We believe that the bug you reported is fixed in the latest version of sssd"
. Not clear for me if they are talking about sssd debian package version,
or upstream version.
Anyway, I faced this issue with new debian package 2.2.0, let me know if it
is a debian specific stuff to open a bug report on debian side.

Once the previous issue was fixed, I faced a segmentation fault in
libsss_proxy.so.
Sorry to not have the exact error message. But it should be easy to
reproduce.
id_provider = files
auth_provider = krb5
should show the issue.

Due to this seg fault, I removed the workaround of the bug 3591. sssd was
properly started by systemd, but, I realized, that the bug 3591, is still
not fixed.

I am afraid I am locked with 1,16,3 release. ( who does the job, but not
aligned with debian testing )

Thanks for your feedback

Kind Regards
Cedric
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org