#8755 ipa-server-install : No such file or directory: '/etc/authselect/user-nsswitch.conf'
Closed: fixed 2 years ago by rcritten. Opened 3 years ago by pcech.

Issue

[description of the issue]

Steps to Reproduce

I've upgraded my CentOS 8 Release instansce with IPA Deploy as before I commented to CentOS 8 Stream.

sudo dnf install centos-release-stream
sudo dnf distro-sync
sudo reboot
sudo ipa-server-upgrade
sudo systemctl restart ipa.service

Actual behavior

On a new virgin host under CentOS Stream release 8 :

# ipa-server-install

ends with :

[Errno 2] No such file or directory: '/etc/authselect/user-nsswitch.conf'
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
Configuration of client side components failed!
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

To solve the problem :

# touch /etc/authselect/user-nsswitch.conf
# ipa-server-install --uninstall
# ipa-server-install

Version/Release/Distribution

python3-ipalib-4.8.7-14.module_el8.3.0+698+d6d67052.noarch
ipa-healthcheck-core-0.4-6.module_el8.3.0+482+9e103aab.noarch
ipa-server-common-4.8.7-14.module_el8.3.0+698+d6d67052.noarch
ipa-common-4.8.7-14.module_el8.3.0+698+d6d67052.noarch
centos-logos-ipa-80.5-2.el8.noarch
ipa-client-4.8.7-14.module_el8.3.0+698+d6d67052.x86_64
ipa-client-common-4.8.7-14.module_el8.3.0+698+d6d67052.noarch
python3-libipa_hbac-2.3.0-9.el8.x86_64
python3-ipaclient-4.8.7-14.module_el8.3.0+698+d6d67052.noarch
python3-ipaserver-4.8.7-14.module_el8.3.0+698+d6d67052.noarch
ipa-server-4.8.7-14.module_el8.3.0+698+d6d67052.x86_64
libipa_hbac-2.3.0-9.el8.x86_64
ipa-selinux-4.8.7-14.module_el8.3.0+698+d6d67052.noarch
sssd-ipa-2.3.0-9.el8.x86_64
Linux xx.xx.com 4.18.0-240.10.1.el8_3.x86_64 #1 SMP Mon Jan 18 17:05:51 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
NOTE: In both tests, SELinux are in permissive mode.

Additional info:

user-nsswitch.conf is missing in the Stream, but authselect can work even without the file.
It seems that IPA requires it for this step:

Configured sudoers in /etc/authselect/user-nsswitch.conf

But they probably want to call "authselect select sssd with-sudo" instead of this step.

This issue is based on https://bugzilla.redhat.com/show_bug.cgi?id=1921007


Metadata Update from @pcech:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1921007

3 years ago

authselect-libs creates this file in RHEL 8.3.0. I don't know if this is a stream problem or whether IPA should work around it. I asked Pavel for advice in the BZ.

Metadata Update from @rcritten:
- Issue assigned to rcritten

2 years ago

master:

  • 5856f10 On redhat-based platforms rely on authselect to enable sudo

ipa-4-9:

  • c1baae8 On redhat-based platforms rely on authselect to enable sudo

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata