Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1792184
Description of problem: after upgrading to fedora 31 (no problem before), I face very frequent sssd_be crashes. Issue seems related to sssd_ldap though can't be sure. System is up-to-date with latest components Version-Release number of selected component (if applicable): sssd-common-pac-2.2.2-3.fc31.x86_64 sssd-nfs-idmap-2.2.2-3.fc31.x86_64 sssd-krb5-common-2.2.2-3.fc31.x86_64 sssd-krb5-2.2.2-3.fc31.x86_64 sssd-proxy-2.2.2-3.fc31.x86_64 sssd-2.2.2-3.fc31.x86_64 sssd-common-2.2.2-3.fc31.x86_64 sssd-ipa-2.2.2-3.fc31.x86_64 sssd-client-2.2.2-3.fc31.x86_64 sssd-tools-2.2.2-3.fc31.x86_64 python3-sssdconfig-2.2.2-3.fc31.noarch sssd-client-2.2.2-3.fc31.i686 sssd-ldap-2.2.2-3.fc31.x86_64 sssd-ad-2.2.2-3.fc31.x86_64 sssd-kcm-2.2.2-3.fc31.x86_64 How reproducible: Happens when using sudo commands, getting error message: sudo: PAM account management error: Protocol not supported Executing sudo multiple times will show same error then works. Steps to Reproduce: 1. 2. 3. Actual results: sudo often fails with message "sudo: PAM account management error: Protocol not supported" Expected results: sudo should work Additional info: /var/log/message extract: Jan 17 09:36:57 maelle systemd-coredump[37859]: Process 37803 (sssd_be) of user 0 dumped core.#012#012Stack trace of thread 37803:#012#0 0x00007f957a350d76 sysdb_user_base_dn (libsss_util.so)#012#1 0x0000558301f47d4b be_refresh_step (sssd_be)#012#2 0x0000558301f480b2 be_refresh_send (sssd_be)#012#3 0x0000558301f47531 be_ptask_execute (sssd_be)#012#4 0x00007f957a266f3d tevent_common_invoke_timer_handler (libtevent.so.0)#012#5 0x00007f957a2670e0 tevent_common_loop_timer_delay (libtevent.so.0)#012#6 0x00007f957a2684a9 epoll_event_loop_once (libtevent.so.0)#012#7 0x00007f957a26653b std_event_loop_once (libtevent.so.0)#012#8 0x00007f957a2615d8 _tevent_loop_once (libtevent.so.0)#012#9 0x00007f957a26187b tevent_common_loop_wait (libtevent.so.0)#012#10 0x00007f957a2664cb std_event_loop_wait (libtevent.so.0)#012#11 0x00007f957a380e17 server_loop (libsss_util.so)#012#12 0x0000558301f3ec42 main (sssd_be)#012#13 0x00007f957a0a41a3 __libc_start_main (libc.so.6)#012#14 0x0000558301f3edfe _start (sssd_be) Jan 17 09:36:57 maelle systemd[1]: systemd-coredump@70-37858-0.service: Succeeded. Jan 17 09:36:57 maelle abrt-dump-journal-core[993]: Failed to obtain all required information from journald Jan 17 09:36:57 maelle abrt-server[37872]: Deleting problem directory ccpp-2020-01-17-09:36:57.463705-37803 (dup of ccpp-2020-01-14-09:52:17.183530-1002) Jan 17 09:36:58 maelle abrt-notification[37906]: Process 1002 (sssd_be) crashed in sysdb_user_base_dn() sssd config: [sssd] domains = XXX.XXX, files services = nss, pam, autofs config_file_version = 2 [domain/files] #A new files provider was added. This provider mirrors the contents of /etc/passwd and /etc/group into the SSSD database id_provider = files [domain/XXX.XX] #debug_level = 9 #/var/log/sssd/ id_provider = ldap auth_provider = ldap cache_credentials = true entry_cache_timeout = 5400 #entry_cache_netgroup_timeout = #You can consider setting this value to 3/4 * entry_cache_timeout. refresh_expired_interval = 4000 ldap_uri = ldaps://ldap.XXX.XXX.XXX ldap_search_base = ou=XXX,dc=XXX,dc=XXX #ldap_id_use_start_tls = true ldap_tls_cacert = /etc/ssl/certs/chain-TCS.pem ldap_schema = rfc2307bis #Number of days entries are left in cache after last successful login before being removed during a cleanup of the cache. 0 means keep forever. The value of this parameter must be greater than or equal to offline_credentials_expiration #account_cache_expiration = 45 # By default SSSD will use the value retrieved from LDAP homedir_substring = /home override_homedir = %H/%u override_shell = /usr/bin/bash autofs_provider = ldap entry_cache_autofs_timeout = 86400 ldap_autofs_search_base=ou=autofs,ou=XXX,dc=XXX,dc=XXX #ldap_autofs_map_master_name= [pam] # If the authentication provider is offline, how long should we allow cached logins (in days since the last successful online login). 0 means no limit. offline_credentials_expiration = 0 [nss] filter_users = root filter_groups = root [autofs]
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1792184
master
Metadata Update from @pbrezina: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @lslebodn: - Issue tagged with: regression
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/5100
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.