On Mon, Aug 7, 2023 at 2:02 PM Steven McCormack <smc...@fedoraproject.org> wrote: > > Hello, > I have a similar problem after upgrading to Debian 12. On all upgraded > machines sssd-pac.service fails. My understanding is, that services listed in > the services line are not socket activated. Therefore I completely removed > this line in Debian 11. Since Debian preconfigured the socket services I > would then still have failed services when I would add them to services=. > This is my sssd.conf (domain names removed): > > [sssd] > domains = xxxx > config_file_version = 2 > > [domain/xxxx] > default_shell = /bin/bash > krb5_store_password_if_offline = True > cache_credentials = True > krb5_realm = XXXX > realmd_tags = manages-system joined-with-adcli > id_provider = ad > fallback_homedir = /home/%u@%d > ad_domain = xxxx > use_fully_qualified_names = True > ldap_id_mapping = True > access_provider = ad > ldap_user_ssh_public_key = altSecurityIdentities > ad_gpo_access_control = disabled > > [pam] > > [pac] > > [ssh] > > [sudo] > > [nss] > default_shell = /bin/bash > shell_fallback = /bin/bash > allowed_shells = /bin/bash,/bin/zsh > > > I can see the same errors as described above in my log file. "sudo systemctl > | grep sssd" provides the following output: > > sssd-nss.service > loaded active running SSSD NSS Service responder > ● sssd-pac.service > loaded failed failed SSSD PAC Service responder > sssd-pam.service > loaded active running SSSD PAM Service responder > sssd-ssh.service > loaded active running SSSD SSH Service responder > sssd.service > loaded active running System Security Services Daemon > sssd-autofs.socket > loaded active listening SSSD AutoFS Service responder > socket > sssd-nss.socket > loaded active running SSSD NSS Service responder socket > ● sssd-pac.socket > loaded failed failed SSSD PAC Service responder socket > sssd-pam-priv.socket > loaded active running SSSD PAM Service responder > private socket > sssd-pam.socket > loaded active running SSSD PAM Service responder socket > sssd-ssh.socket > loaded active running SSSD SSH Service responder socket > sssd-sudo.socket > loaded active listening SSSD Sudo Service responder > socket > > It seems that sssd-pac is still started with the main sssd process:
Hi, does your SSSD version support the `implicit_pac_responder` sssd.conf option (see `man sssd.conf`)? If "yes", could you please try setting it to 'false'? > "sudo systemctl status sssd.service": > ● sssd.service - System Security Services Daemon > Loaded: loaded (/lib/systemd/system/sssd.service; enabled; preset: > enabled) > Active: active (running) since Mon 2023-08-07 12:56:45 CEST; 50min ago > Main PID: 14410 (sssd) > Tasks: 3 (limit: 9481) > Memory: 19.8M > CPU: 1.938s > CGroup: /system.slice/sssd.service > ├─14410 /usr/sbin/sssd -i --logger=files > ├─14411 /usr/libexec/sssd/sssd_be --domain xxxx --uid 0 --gid 0 > --logger=files > └─14412 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files > > Aug 07 12:56:44 yyyy systemd[1]: Starting sssd.service - System Security > Services Daemon... > Aug 07 12:56:45 yyyy sssd[14410]: Starting up > Aug 07 12:56:45 yyyy sssd_be[14411]: Starting up > Aug 07 12:56:45 yyyy sssd_pac[14412]: Starting up > Aug 07 12:56:45 yyyy systemd[1]: Started sssd.service - System Security > Services Daemon. > > On Debian 11 I do net see /usr/libexec/sssd/sssd_pac as part of this output. > > Does anybody have an idea on how to fix this? > > Regards > Steven > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue