Hi John,

On Tue, Feb 7, 2012 at 10:42 AM, John Hodrien <J.H.Hodrien@leeds.ac.uk> wrote:
On Tue, 7 Feb 2012, Marco Pizzoli wrote:

Hi,
I'm using sssd-1.7.0-5.fc16.x86_64 and during my sssd startup I see this output:

[cut]
(Tue Feb  7 10:25:16 2012) [sssd] [mark_service_as_started] (0x0100): Now starting services!
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Queueing service nss for startup
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Queueing service pam for startup
(Tue Feb  7 10:25:16 2012) [sssd[be[my_ldap]]] [sbus_toggle_watch] (0x4000): 0x7f0043097590/0x7f004309c2a0 (17), -/W (disabled)
(Tue Feb  7 10:25:16 2012) [sssd[be[my_ldap]]] [sbus_remove_timeout] (0x2000): 0x7f004309a510
(Tue Feb  7 10:25:16 2012) [sssd[be[my_ldap]]] [sbus_dispatch] (0x4000): dbus conn: 7F0043099BF0
(Tue Feb  7 10:25:16 2012) [sssd[be[my_ldap]]] [sbus_dispatch] (0x4000): Dispatching.
(Tue Feb  7 10:25:16 2012) [sssd[be[my_ldap]]] [id_callback] (0x0100): Got id ack and version (1) from Monitor
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): Could not exec sssd_nss, reason: No such file or directory
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): (Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Child [nss] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Could not exec sssd_pam, reason: No such file or directory
Queueing service nss for startup
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): (Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Child [pam] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Could not exec sssd_nss, reason: No such file or directory
Queueing service pam for startup
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): (Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Child [nss] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Queueing service nss for startup
Could not exec sssd_pam, reason: No such file or directory
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): (Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Could not exec sssd_nss, reason: No such file or directory
Child [pam] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Queueing service pam for startup
(Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Child [nss] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Queueing service nss for startup
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): Could not exec sssd_pam, reason: No such file or directory
(Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Child [pam] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [start_service] (0x0100): Queueing service pam for startup
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): Could not exec sssd_nss, reason: No such file or directory
(Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Child [nss] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0010): Process [nss], definitely stopped!
(Tue Feb  7 10:25:16 2012) [sssd] [service_startup_handler] (0x0010): Could not exec sssd_pam, reason: No such file or directory
(Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0040): Child [pam] exited with code [1]
(Tue Feb  7 10:25:16 2012) [sssd] [mt_svc_exit_handler] (0x0010): Process [pam], definitely stopped!
[cut]

[root@fedora16 sssd]# locate sssd_pam
/usr/lib/debug/usr/libexec/sssd/sssd_pam.debug
/usr/libexec/sssd/sssd_pam

[root@fedora16 sssd]# locate sssd_nss
/usr/lib/debug/usr/libexec/sssd/sssd_nss.debug
/usr/libexec/sssd/sssd_nss

Could you help me in finding the problem?

AVC denials listed in /var/log/audit/audit.log?  SELinux was my first thought
looking at this.

If you do:

setenforce 0
service sssd restart

Does it work then?  If not, it's something else  ;)

[root@fedora16 sssd]# getenforce
Disabled

 
stracing the sssd process could give you a pointer as to exactly what it's
trying to do that's failing, in case it's looking in the wrong place or
something.

Thanks to pointing me to this. Found the problem.

[pid  1853] execve("/usr/local/bin/sssd_pam", ["sssd_pam"], [/* 26 vars */]) = -1 ENOENT (No such file or directory)
[pid  1852] <... fstat resumed> {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
[pid  1852] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  1853] execve("/sbin/sssd_pam", ["sssd_pam"], [/* 26 vars */]) = -1 ENOENT (No such file or directory)
[pid  1852] <... mmap resumed> )        = 0x7fab57569000
[pid  1853] execve("/bin/sssd_pam", ["sssd_pam"], [/* 26 vars */] <unfinished ...>
[pid  1852] read(13,  <unfinished ...>
[pid  1853] <... execve resumed> )      = -1 ENOENT (No such file or directory)
[pid  1852] <... read resumed> "# Locale name alias data base.\n# Copyright (C) 1996-2001,2003,2007 Free Software Foundation, Inc.\n#\n# This
program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the
 Free Software Foundation; either version 2, or (at your option)\n# any later version.\n#\n# This program is distributed in the hope that it w
ill be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this
 program; if not, write to the Free Software\n# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.\n\n# The format of
this file is the same as for the corresponding file of\n# the X Window System, which normally can be found in\n#\t/usr/lib/X11/locale/locale.a
lias\n# A single line contains two fields: an alias and a substitution value.\n# All entries are case independent.\n\n# Note: This file is obs
olete and is kept around for the time being for\n# backward compatibility.  Nobody should rely on the names defined here.\n# Locales should al
ways be specified by their full name.\n\nbokmal\t\tnb_NO.ISO-8859-1\nbokm\345l\t\tnb_NO.ISO-8859-1\ncatalan\t\tca_ES.ISO-8859-1\ncroatian\thr_
HR.ISO-8859-2\nczech\t\tcs_CZ.ISO-8859-2\ndanish          da_DK.ISO-8859-1\ndansk\t\tda_DK.ISO-8859-1\ndeutsch\t\tde_DE.ISO-8859-1\ndutch\t\tn
l_NL.ISO-8859-1\neesti\t\tet_EE.ISO-8859-1\nestonian\tet_EE.ISO-8859-1\nfinnish         fi_FI.ISO-8859-1\nfran\347ais\tfr_FR.ISO-8859-1"..., 4
096) = 2512
[pid  1853] execve("/usr/sbin/sssd_pam", ["sssd_pam"], [/* 26 vars */]) = -1 ENOENT (No such file or directory)
[pid  1852] read(13,  <unfinished ...>
[pid  1853] execve("/usr/bin/sssd_pam", ["sssd_pam"], [/* 26 vars */]) = -1 ENOENT (No such file or directory)
[pid  1853] execve("/root/bin/sssd_pam", ["sssd_pam"], [/* 26 vars */]) = -1 ENOENT (No such file or directory)
[pid  1852] <... read resumed> "", 4096) = 0
[pid  1853] stat("/etc/localtime",  <unfinished ...>

Is this a bug within the rpm?

Thanks for the help
Marco