On Thu, Oct 27, 2016 at 09:31:42AM +0200, Lukas Slebodnik wrote:
On (27/10/16 05:04), Daniel Hermans wrote:
Hi,
not sure if a bug or not but a quick warning that hopefully may save someone some time! We use puppet to install sssd based on a condition. we:
- yum install -y sssd
- authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap --enableldapauth --enablemkhomedir --enablecachecreds --update ( to setup PAM and nsswitch - not sure if ALL of these are necessary? )
- copy over our private config ( as you can't do all of the config with authconfig that i can see? )
This didn't work - intermittently sssd was using a 'stale' config. After much headbutting issue was twofold:
- sssd is started and activated by the authconfig command, this creates config.ldb and cache_default.ldb
- puppet writes the config file immediately and sssd restarted
- sssd compares modification time of /etc/sssd/sssd.conf with /var/lib/sss/db/config.ldb and, because the times are the same ( written in the same minute ), IT IGNORES the new config file
It is not about the same minute but about the same second.
Didn't we have a bug about this?
If puppet creates sssd.config then I think it will be the best to change authconfig options. Because it does not make a sense to generate sssd.conf by authconfig in your case.
IIRC sssd config is generated with reduced combination of options It isn't required to use ldap related options together with sssd --enablesssd --enablesssdauth --enableldap --enableldapauth
IIRC you don't need --enableldap and --enableldapauth since this would put the LDAP NSS and PAM modules to the respective stacks...
You can also remove --enablecachecreds because you can configure it ssd.conf itself which is created by puppet.
Could you try to run following comman on new machine? authconfig --enablesssd --enablesssdauth \ --enablelocauthorize --enablemkhomedir \ --update
LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org