|
Bugzilla – Full Text Bug Listing |
| Summary: | SP2: Problem with sssd config | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 12.1 | Reporter: | Forgotten User QtBI7gWTIh <forgotten_QtBI7gWTIh> |
| Component: | YaST2 | Assignee: | Jiří Suchomel <jsuchome> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | forgotten_P0S1U1H0eb, forgotten_QtBI7gWTIh, forgotten_xRcrmyYBVX, jsuchome, ralf |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | SLES 11 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | The YaST2 log | ||
|
Description
Forgotten User QtBI7gWTIh
2012-07-25 07:45:02 UTC
Please move the Report to SLES 11 SP2 Hi,Thank you for your report.could you please help to provide y2logs according to the following URL?Thanks http://en.opensuse.org/openSUSE:Bugreport_YaST Created attachment 499906 [details]
The YaST2 log
(In reply to comment #0) > 1: When I select sssd in YaST2, afterward I have warnings for nscd for caching > passwd and group (?), this is enabled in nscd config after starting sssd, but > should be disabled (?) like Documentation. Where did you select sssd? In LDAP module? Or in Kerberos? To what part of documentation are you referring, could you post a link? Which warnings do you mean, could you attach the screenshot? > 2: when I disable the sssd function in YaST2 the program is not disabled in > the Runlevel? I have to stop this manual, I can't say is the config correct > disabled (reverted). Again, where did you disable it: in Runlevel module? I select sssd in the YaST Ldap Client Module The warning is in the /log/messages and on Redhat sssd docu I have to disable the sssd in the Runlevel Editor after deselect sssd in Yast2 (In reply to comment #5) > I select sssd in the YaST Ldap Client Module > > The warning is in the /log/messages and on Redhat sssd docu Ralf, could you comment about this part? > I have to disable the sssd in the Runlevel Editor after deselect sssd in Yast2 OK, this is another bug, that sssd is not stopped and disabled when deselected in YaST LDAP Client. Ralf, can I safely stop it in such case? (In reply to comment #0) > Hello, > > > I installed a SLES 11 SP2 and tested the new sssd function and found only > questions ;). > > 1: When I select sssd in YaST2, afterward I have warnings for nscd for caching > passwd and group (?), this is enabled in nscd config after starting sssd, but > should be disabled (?) like Documentation. > In the SSSD upstream, we advise against enabling nscd for those NSS maps where the SSSD is used. The reasoning is that the SSSD provides its own caching mechanism and nscd's caching might clash with SSSD's One of the caching features that the SSSD has and the nscd does not have is that the initgroups() operation is always performed against the remote server during authentication, but can be returned from cache otherwise. This results in group memberships being always accurately reflected during login. > Or have sssd now the functionality to replace nscd full (?) but nscd is not > stopped? > Not yet (and probably not for quite some time). The SSSD currently provides support for these NSS maps: * passwd * group * netgroup * services Other maps such as protocol or hosts are not implemented. If you need caching for these maps, then I would recommend only enabling nscd for the maps you are using but the SSSD is not providing. Speed-wise, nscd was quite faster than SSSD, however, the upcoming SSSD 1.9.0 release is going to include a new "fast memory cache" that is going to improve the cache performance significantly. (In reply to comment #6) > (In reply to comment #5) > > I select sssd in the YaST Ldap Client Module > > > > The warning is in the /log/messages and on Redhat sssd docu > > Ralf, could you comment about this part? > The SSSD checks for the presence of the nscd socket during startup and issues to following warning to syslog if the socket is found: sss_log(SSS_LOG_NOTICE, "nscd socket was detected. Nscd caching capabilities " "may conflict with SSSD for users and groups. It is " "recommended not to run nscd in parallel with SSSD, unless " "nscd is configured not to cache the passwd, group and " "netgroup nsswitch maps."); (In reply to comment #6) > (In reply to comment #5) > > I select sssd in the YaST Ldap Client Module > > > > The warning is in the /log/messages and on Redhat sssd docu > > Ralf, could you comment about this part? Jakub's comment pretty much summarize the issue I guess. Thanks for that Jakub! I guess we should consider disabling nscd caching for the relevant maps in yast ldap-client when sssd is used. (Do we have code to touch nscd.conf in YaST already?) > > I have to disable the sssd in the Runlevel Editor after deselect sssd in Yast2 > > OK, this is another bug, that sssd is not stopped and disabled when deselected > in YaST LDAP Client. Ralf, can I safely stop it in such case? I think so, yes. (At least after nsswitch.conf was updated. So, the task for openSUSE 12.3 is: When sssd is activated: - "enable-cache" setting in nscd.conf to "no" for "passwd" and "group". When sssd (= actually ldap-client configuration) is disabled, - stop and disable sssd service (In reply to comment #15) > So, the task for openSUSE 12.3 is: > > > When sssd is activated: > > - "enable-cache" setting in nscd.conf to "no" for "passwd" and "group". > > When sssd (= actually ldap-client configuration) is disabled, > > - stop and disable sssd service - "enable-cache" setting in nscd.conf to "yes" for "passwd" and "group"? Done This is an autogenerated message for OBS integration: This bug (772944) was mentioned in https://build.opensuse.org/request/show/137841 Factory / yast2-ldap-client *** Bug 789277 has been marked as a duplicate of this bug. *** |