Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1362494 - sssctl requires ifp to be enabled manually
Summary: sssctl requires ifp to be enabled manually
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.3
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Dan Lavu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-02 11:12 UTC by Thorsten Scherf
Modified: 2017-08-01 08:58 UTC (History)
11 users (show)

Fixed In Version: sssd-1.15.0-2.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 08:58:07 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:2294 normal SHIPPED_LIVE sssd bug fix and enhancement update 2017-08-01 12:39:55 UTC

Description Thorsten Scherf 2016-08-02 11:12:53 UTC
Description of problem:

sssctl requires ifp to be added manually to sssd.conf. Even if we add a note to the documentation, customers will file bugs about this.

Here are some proposals how to fix it:

a) enable ifp by default
b) make ifp socket-activated by systemd
c) print a warning on the console saying what needs to be done to make sssctl work

For the GA release I strongly recommend to implement at least c).
   

Version-Release number of selected component (if applicable):
sssd-tools-1.14.0-14.el7.x86_64

How reproducible:
# grep services /etc/sssd/sssd.conf
services = nss, sudo, pam, ssh

# sssctl list-domains
Unable to get domains list [3]: Communication error
org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Check that SSSD is running and the InfoPipe responder is enabled.

# sed -i 's/services = nss, sudo, pam, ssh/services = nss, sudo, pam, ssh, ifp/' /etc/sssd/sssd.conf

# systemctl restart sssd

# grep services /etc/sssd/sssd.conf
services = nss, sudo, pam, ssh, ifp
# sssctl list-domains
testrelm.test


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Pavel Březina 2016-08-04 12:45:31 UTC
The error message already says that the InfoPipe needs to be enabled. What would you like to see more?

"Check that SSSD is running and the InfoPipe responder is enabled."

Comment 2 Thorsten Scherf 2016-08-04 15:27:47 UTC
Something like this:

"Please add the ifp service to the service list in sssd.conf and restart the service afterwards."

Comment 3 Jakub Hrozek 2016-08-10 15:38:18 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/3129

Comment 4 Jakub Hrozek 2016-08-10 15:39:09 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/3130

Comment 5 Jakub Hrozek 2016-08-10 15:42:14 UTC
I linked this bugzilla to two upstream tickets, one tracks the socket-activation of IFP and targets 7.4. The other tracks the better info message and tracks 7.3.

Comment 6 Lukas Slebodnik 2016-08-18 11:53:22 UTC
master:
* 9b86f8f3c07af6fd3d2b08ff66cf9dcce61e7abf

only #3130 is fixed.

Comment 7 Jakub Hrozek 2016-08-25 11:06:28 UTC
(In reply to Lukas Slebodnik from comment #6)
> master:
> * 9b86f8f3c07af6fd3d2b08ff66cf9dcce61e7abf
> 
> only #3130 is fixed.

Right, that commit is in RHEL as well, but I would prefer to use this bugzilla for the socket-activation.

Comment 8 Lukas Slebodnik 2017-01-23 18:01:38 UTC
master:
* 9222a4fcbeec9d5a6f84aab31a5131f14d4a6430

Comment 15 Dan Lavu 2017-05-16 14:23:43 UTC
Verified against sssd-1.15.2-24.el7.x86_64

[root@auto-hv-01-guest01 ~]# sssctl domain-list
child1.sssdad.com
sssdad.com
sssdad_tree.com


# /etc/sssd/sssd.conf 

[sssd]
domains = child1.sssdad.com
config_file_version = 2
services = nss, pam

--- SNIP ----

Comment 16 errata-xmlrpc 2017-08-01 08:58:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2294


Note You need to log in before you can comment on or make changes to this bug.