Adding to this, I've found that 'getent group' works just fine despite
using the same socket:
# grep pipe getent_passwd.strace getent_group.strace
getent_passwd.strace:connect(4, {sa_family=AF_UNIX,
sun_path="/var/lib/sss/pipes/nss"}, 110) = 0
getent_passwd.strace:connect(3, {sa_family=AF_UNIX,
sun_path="/var/lib/sss/pipes/nss"}, 110) = -1 ECONNREFUSED (Connection
refused)
getent_group.strace:connect(4, {sa_family=AF_UNIX,
sun_path="/var/lib/sss/pipes/nss"}, 110) = 0
Prentice
On 11/5/25 9:53 AM, Prentice Bisbal wrote:
Yesterday we upgrade some of our systems to OpenSuSE 15.6. We have
sssd configured to to enumate, but when I do 'getent passwd, I get
only the contents of /etc/passwd, a hang for 3-5 seconds, and then the
command ends w/o any of our user information from LDAP. using strace,
I see getent is failing with this error:
connect(3, {sa_family=AF_UNIX, sun_path="/var/lib/sss/pipes/nss"},
110) = -1 ECONNREFUSED (Connection refused)
Even with logging turned all the way up, the only message I see in the
logs is this:
(2025-11-04 16:51:16): [sssd] [svc_child_info] (0x0020): Child [71156]
('nss':'nss') was terminated by own WATCHDOG
I know this isn't a communication issue between the client and the
server. With logging turned all the way up, I see that sssd is getting
all the account information from LDAP.
Any ideas what is wrong here? The client system does have apparmor
enabled, but I'm not as familiar with apparmor as I am with SELinux,
so I don't know a reliable way to confirm/disprove that AA might be
part of this problem.
--
Prentice
--
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
