Account provider generic error: SSSD exit code 1 after 7.9 update

samuel_grenier · December 12, 2020, 9:39am

Hello,

I updated a production server to Nethserver 7.9, and after reboot I get “Account provider generic error: SSSD exit code 1” in “users and groups”. After a config restore data and a reboot all is going well. why ???

Samuel

federico.ballarini · December 12, 2020, 1:02pm

Could you post

systemctl status nsdc
systemctl status sssd
systemctl status shorewall

output?

Thanks

samuel_grenier · December 13, 2020, 8:18am

At the moment all is going well, no error in “users and groups” after a config restore without restore packages selected. But if i selected config restore with restore packges selected I get an error in “users and groups” and I lost all my “users et groups” settings (get a blank page with “Account provider generic…”. I updated 10 servers and only 1 got broken.

nsdc.service - NethServer Domain Controller container
Loaded: loaded (/usr/lib/systemd/system/nsdc.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-12-12 11:29:18 CET; 21h ago
Docs: man:systemd-nspawn(1)
Main PID: 1300 (systemd-nspawn)
Status: “Container running.”
CGroup: /machine.slice/nsdc.service
├─1300 /usr/bin/systemd-nspawn --quiet --keep-unit --boot --network-bridge=br0 --machine=nsdc --capability=CAP_SYS_TIME
├─1331 /usr/lib/systemd/systemd
└─system.slice
├─samba.service
│ ├─ 2377 /usr/sbin/samba -i --debug-stderr
│ ├─ 2602 /usr/sbin/samba -i --debug-stderr
│ ├─ 2603 /usr/sbin/samba -i --debug-stderr
│ ├─ 2604 /usr/sbin/samba -i --debug-stderr
│ ├─ 2605 /usr/sbin/samba -i --debug-stderr
│ ├─ 2606 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 2607 /usr/sbin/samba -i --debug-stderr
│ ├─ 2608 /usr/sbin/samba -i --debug-stderr
│ ├─ 2609 /usr/sbin/samba -i --debug-stderr
│ ├─ 2610 /usr/sbin/samba -i --debug-stderr
│ ├─ 2611 /usr/sbin/samba -i --debug-stderr
│ ├─ 2612 /usr/sbin/samba -i --debug-stderr
│ ├─ 2613 /usr/sbin/samba -i --debug-stderr
│ ├─ 2614 /usr/sbin/samba -i --debug-stderr
│ ├─ 2615 /usr/sbin/samba -i --debug-stderr
│ ├─ 2616 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
│ ├─ 2617 /usr/sbin/samba -i --debug-stderr
│ ├─ 2618 /usr/sbin/samba -i --debug-stderr
│ ├─ 2742 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 2743 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 2745 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 2746 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 2747 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─ 2759 /usr/sbin/samba -i --debug-stderr
│ ├─11485 /usr/sbin/samba -i --debug-stderr
│ └─11975 /usr/sbin/samba -i --debug-stderr
├─console-getty.service
│ └─2376 /sbin/agetty --noclear --keep-baud console 115200,38400,9600 vt220
├─dbus.service
│ └─2363 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─ntpd.service
│ └─2373 /usr/sbin/ntpd -u ntp:ntp -g
├─systemd-logind.service
│ └─2360 /usr/lib/systemd/systemd-logind
└─systemd-journald.service
└─2332 /usr/lib/systemd/systemd-journald

Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: [ OK ] Started Login Service.
Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: [ OK ] Started Network Service.
Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: [ OK ] Reached target Network.
Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: [ OK ] Started Samba domain controller daemon.
Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: [ OK ] Reached target Multi-User System.
Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: [ OK ] Reached target Graphical Interface.
Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: Starting Update UTMP about System Runlevel Changes…
Dec 12 11:29:21 srv.adv-peinture.fr systemd-nspawn[1300]: [ OK ] Started Update UTMP about System Runlevel Changes.
Dec 12 11:29:22 srv.adv-peinture.fr systemd-nspawn[1300]: CentOS Linux 7 (Core)
Dec 12 11:29:22 srv.adv-peinture.fr systemd-nspawn[1300]: Kernel 3.10.0-1160.6.1.el7.x86_64 on an x86_64

samuel_grenier · December 13, 2020, 8:19am

● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-12-12 11:29:19 CET; 21h ago
Main PID: 1682 (sssd)
CGroup: /system.slice/sssd.service
├─1682 /usr/sbin/sssd -i --logger=files
├─2041 /usr/libexec/sssd/sssd_be --domain adv-peinture.fr --uid 0 --gid 0 --logger=files
├─2278 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
└─2279 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

Dec 13 08:59:27 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 2
Dec 13 09:11:43 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 1
Dec 13 09:11:43 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 1
Dec 13 09:11:43 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 1
Dec 13 09:11:43 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 2
Dec 13 09:11:44 srv.adv-peinture.fr be[adv-peinture.fr][2041]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Dec 13 09:14:27 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 1
Dec 13 09:14:27 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 1
Dec 13 09:14:27 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 1
Dec 13 09:14:27 srv.adv-peinture.fr sssd_be[2041]: GSSAPI client step 2

samuel_grenier · December 13, 2020, 8:20am

● shorewall.service - Shorewall IPv4 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/shorewall.service.d
└─nethserver-firewall-base.conf
Active: active (exited) since Sat 2020-12-12 11:29:19 CET; 21h ago
Main PID: 1304 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/shorewall.service

Dec 12 11:29:18 srv.adv-peinture.fr shorewall[1304]: 0 TC commands executed
Dec 12 11:29:18 srv.adv-peinture.fr shorewall[1304]: All Done! Enjoy…
Dec 12 11:29:18 srv.adv-peinture.fr shorewall[1304]: bye…
Dec 12 11:29:19 srv.adv-peinture.fr shorewall[1304]: Preparing iptables-restore input…
Dec 12 11:29:19 srv.adv-peinture.fr shorewall[1304]: Running /sbin/iptables-restore --wait 60…
Dec 12 11:29:19 srv.adv-peinture.fr shorewall[1304]: IPv4 Forwarding Enabled
Dec 12 11:29:19 srv.adv-peinture.fr shorewall[1304]: Processing /etc/shorewall/start …
Dec 12 11:29:19 srv.adv-peinture.fr shorewall[1304]: Processing /etc/shorewall/started …
Dec 12 11:29:19 srv.adv-peinture.fr shorewall[1304]: done.
Dec 12 11:29:19 srv.adv-peinture.fr systemd[1]: Started Shorewall IPv4 firewall.