Thank you, master) All work fine. You save my workplace.
I think this is the best and greatest impact of the wonderful support here.
I’ve had and still have the same problem: SSSD exit code 1 e.g.
Jun 18 10:07:37 sits-srv03 httpd: [ERROR] NethServer\Tool\GroupProvider: Account provider generic error: SSSD exit code 1
is shown in the messages log file located in var/log:
No Users/Groups are shown anymore and as a consequence, no file sharing is possible any more ! didn’t check other things, that are also not working accordingly.
This happened after an Update in the Software Center a few days ago.
Then I had the idea, to restore a Configuration Backup from before the update and as a result, anything worked fine again BUT when I a do a reboot, the SSSD exit code 1 error is back
I really haven’t any idea how to solve this problem. What could be the reason for this error and how can I correct it?
Hi René
Evtl. auch CH?
Configuration Backup is a good idea, and often resolves the problem.
What Version is your NethServer running?
Are there any updates missing?
Sometimes with the SSSD error, it will show up in dashboard after reboot - but will disappear in about 5 minutes, if you do a browser refresh.
Try also Giacomo’s solution above:
My 2 cents
Andy
Thanks, for answering - Yes, auch CH
I have NethServer Version 7.8.2003 and no Updates found in the Software Center - so it should be the newest up to date version of Nethserver.
The SSSD exit code 1 error is actually only shown in the old Server Manager running on port 980.
The new one Cockpit does not show any errors at all, but again, no users are listed nor are SMB shares from my Windows client working.
Yes, I should reinstall the corrupted packages - BUT which one are corrupt resp. have a wrong configuration that’s the question. Any idea how to find out these packages?
Try this:
yum --disablerepo=* --enablerepo=nethserver-updates,nethserver-base,base,updates update
Then
rm -f /usr/lib64/ldb/modules/ldb/paged_results.so
systemctl restart sssd
Should work…
-> Holzhammermethode!
Andy
OK, I understand the yum command line:
But I don’t know what
rm -f /usr/lib64/ldb/modules/ldb/paged_results.so
really does. Please give me a short hint. Danke
Hi
This removes a “buggy” file that the normal update won’t remove. It gets replaced with the next update…
I’ve executed tihs «Holzhammermethode» but no success. After rebooting I got still the SSSD exit code 1 error on the old Server Manager. No users/groups and no windows sharing is possible
Thanks anyway for your help.
Know I need to investigate further possible causes for the error
Just a blind shot…
Is the SSSD enabled at all and is the machines.target enabled and loaded and does systemd boot into the right target (multi-user)?
systemctl get-default
systemctl list-units --type target
systemctl is-enabled sssd
Thanks for your hint.
Today morning, I had the following strange behavior:
- Started Nethserver by switching on the server HW.
- Log into it using the old server manager on port 980
- Got again the error SSSD exit code 1
- Did somthing else for about 2 hours.
- Then I did a reload of the server manager page in the browser
- Got obviously a timeout and had to re-login again AND
- NO SSSD exit code 1 anymore
I’ve done nothing att all, but the error was just not reproducible AND the users/groups and the shared folders just worked, I’ve no idea way Any idea
Your proposed commands give the following output:
systemctl get-default
multi-user.target
systemctl list-units --type target
UNIT LOAD ACTIVE SUB DESCRIPTION
basic.target loaded active active Basic System
cryptsetup.target loaded active active Local Encrypted Volumes
getty.target loaded active active Login Prompts
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
machines.target loaded active active Containers
multi-user.target loaded active active Multi-User System
network-online.target loaded active active Network is Online
network.target loaded active active Network
nfs-client.target loaded active active NFS client services
nss-user-lookup.target loaded active active User and Group Name Lookups
paths.target loaded active active Paths
remote-fs-pre.target loaded active active Remote File Systems (Pre)
remote-fs.target loaded active active Remote File Systems
rpc_pipefs.target loaded active active rpc_pipefs.target
rpcbind.target loaded active active RPC Port Mapper
slices.target loaded active active Slices
sockets.target loaded active active Sockets
sound.target loaded active active Sound Card
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
timers.target loaded active active Timers
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
22 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
[3]+ Stopped systemctl list-units --type target
systemctl is-enabled sssd
enabled
And systemctl list-unit-files
looks as follows:
systemctl list-unit-files
UNIT FILE STATE
proc-sys-fs-binfmt_misc.automount static
dev-hugepages.mount static
dev-mqueue.mount static
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
tmp.mount disabled
var-lib-nfs-rpc_pipefs.mount static
brandbot.path disabled
systemd-ask-password-console.path static
systemd-ask-password-plymouth.path static
systemd-ask-password-wall.path static
session-10.scope static
session-2.scope static
session-9.scope static
arp-ethers.service disabled
auditd.service enabled
auth-rpcgss-module.service static
autovt@.service enabled
blk-availability.service disabled
brandbot.service static
certbot-renew.service static
chrony-dnssrv@.service static
chrony-wait.service disabled
chronyd.service enabled
clean-mount-point@.service static
cockpit-motd.service static
cockpit-user.service static
cockpit.service static
collectd.service enabled
conntrackd.service disabled
console-getty.service disabled
console-shell.service disabled
container-getty@.service static
containerd.service disabled
cpupower.service disabled
crond.service enabled
dbus-org.freedesktop.hostname1.service static
dbus-org.freedesktop.import1.service static
dbus-org.freedesktop.locale1.service static
dbus-org.freedesktop.login1.service static
dbus-org.freedesktop.machine1.service static
dbus-org.freedesktop.nm-dispatcher.service enabled
dbus-org.freedesktop.timedate1.service static
dbus.service static
dckfwatch.service static
debug-shell.service disabled
dm-event.service static
dnsmasq.service enabled
docker.service enabled
dracut-cmdline.service static
dracut-initqueue.service static
dracut-mount.service static
dracut-pre-mount.service static
dracut-pre-pivot.service static
dracut-pre-trigger.service static
dracut-pre-udev.service static
dracut-shutdown.service static
ebtables.service disabled
emergency.service static
firehol.service disabled
fireqos.service disabled
firewalld.service disabled
fstrim.service static
getty@.service enabled
gssproxy.service disabled
halt-local.service static
htcacheclean.service static
httpd-admin-reload.service static
httpd-admin.service enabled
httpd.service enabled
initrd-cleanup.service static
initrd-parse-etc.service static
initrd-switch-root.service static
initrd-udevadm-cleanup-db.service static
ip6tables.service disabled
iprdump.service disabled
iprinit.service disabled
iprupdate.service disabled
iptables.service disabled
irqbalance.service enabled
iscsi-onboot.service disabled
iscsi-shutdown.service static
iscsi.service enabled
iscsid.service disabled
iscsiuio.service disabled
kdump.service enabled
kmod-static-nodes.service static
lsm.service disabled
lvm2-lvmetad.service static
lvm2-lvmpolld.service static
lvm2-monitor.service enabled
lvm2-pvscan@.service static
mariadb.service disabled
mcollective.service disabled
mdadm-grow-continue@.service static
mdadm-last-resort@.service static
mdcheck_continue.service static
mdcheck_start.service static
mdmon@.service static
mdmonitor-oneshot.service static
mdmonitor.service enabled
messagebus.service static
microcode.service enabled
multipathd.service enabled
mysqld.service enabled
mysqld_recover.service disabled
nethserver-config-network.service enabled
nethserver-system-init.service enabled
NetworkManager-dispatcher.service enabled
NetworkManager-wait-online.service enabled
NetworkManager.service disabled
nfs-blkmap.service disabled
nfs-config.service static
nfs-idmap.service static
nfs-idmapd.service static
nfs-lock.service static
nfs-mountd.service static
nfs-rquotad.service disabled
nfs-secure.service static
nfs-server.service disabled
nfs-utils.service static
nfs.service disabled
nfslock.service static
nmb.service enabled
nms.service enabled
nsdc.service enabled
oddjobd.service enabled
php56-php-fpm.service enabled
php70-php-fpm.service enabled
php71-php-fpm.service enabled
php72-php-fpm.service enabled
php73-php-fpm.service enabled
php74-php-fpm.service enabled
plymouth-halt.service disabled
plymouth-kexec.service disabled
plymouth-poweroff.service disabled
plymouth-quit-wait.service disabled
plymouth-quit.service disabled
plymouth-read-write.service disabled
plymouth-reboot.service disabled
plymouth-start.service disabled
plymouth-switch-root.service static
polkit.service static
postfix.service enabled
pppoe-server.service disabled
puppet.service disabled
pxp-agent.service disabled
quotaon.service static
rc-local.service static
rdisc.service disabled
realmd.service static
rescue.service static
rh-php72-php-fpm.service enabled
rh-php73-php-fpm.service enabled
rhel-autorelabel-mark.service enabled
rhel-autorelabel.service enabled
rhel-configure.service enabled
rhel-dmesg.service enabled
rhel-domainname.service enabled
rhel-import-state.service enabled
rhel-loadmodules.service enabled
rhel-readonly.service enabled
rpc-gssd.service static
rpc-rquotad.service disabled
rpc-statd-notify.service static
rpc-statd.service static
rpcbind.service enabled
rpcgssd.service static
rpcidmapd.service static
rsyncd.service disabled
rsyncd@.service static
rsyslog.service enabled
selinux-policy-migrate-local-changes@.service static
serial-getty@.service disabled
shellinaboxd.service enabled
shorewall.service enabled
smartd.service enabled
smb.service enabled
smwingsd.service static
snmpd.service disabled
snmptrapd.service disabled
sshd-keygen.service static
sshd.service enabled
sshd@.service static
sssd-autofs.service indirect
sssd-nss.service indirect
sssd-pac.service indirect
sssd-pam.service indirect
sssd-secrets.service indirect
sssd-ssh.service indirect
sssd-sudo.service indirect
sssd.service enabled
systemd-ask-password-console.service static
systemd-ask-password-plymouth.service static
systemd-ask-password-wall.service static
systemd-backlight@.service static
systemd-binfmt.service static
systemd-bootchart.service disabled
systemd-firstboot.service static
systemd-fsck-root.service static
systemd-fsck@.service static
systemd-halt.service static
systemd-hibernate-resume@.service static
systemd-hibernate.service static
systemd-hostnamed.service static
systemd-hwdb-update.service static
systemd-hybrid-sleep.service static
systemd-importd.service static
systemd-initctl.service static
systemd-journal-catalog-update.service static
systemd-journal-flush.service static
systemd-journald.service static
systemd-kexec.service static
systemd-localed.service static
systemd-logind.service static
systemd-machine-id-commit.service static
systemd-machined.service static
systemd-modules-load.service static
systemd-nspawn@.service disabled
systemd-poweroff.service static
systemd-quotacheck.service static
systemd-random-seed.service static
systemd-readahead-collect.service enabled
systemd-readahead-done.service indirect
systemd-readahead-drop.service enabled
systemd-readahead-replay.service enabled
systemd-reboot.service static
systemd-remount-fs.service static
systemd-rfkill@.service static
systemd-shutdownd.service static
systemd-suspend.service static
systemd-sysctl.service static
systemd-timedated.service static
systemd-tmpfiles-clean.service static
systemd-tmpfiles-setup-dev.service static
systemd-tmpfiles-setup.service static
systemd-udev-settle.service static
systemd-udev-trigger.service static
systemd-udevd.service static
systemd-update-done.service static
systemd-update-utmp-runlevel.service static
systemd-update-utmp.service static
systemd-user-sessions.service static
systemd-vconsole-setup.service static
tcsd.service disabled
teamd@.service static
tuned.service enabled
udisks2.service enabled
vsftpd.service enabled
vsftpd@.service disabled
winbind.service enabled
wpa_supplicant.service disabled
yum-cron.service enabled
-.slice static
machine.slice static
system.slice static
user-0.slice static
user.slice static
cockpit-user.socket enabled
cockpit.socket enabled
dbus.socket static
dm-event.socket enabled
docker.socket disabled
iscsid.socket enabled
iscsiuio.socket enabled
lvm2-lvmetad.socket enabled
lvm2-lvmpolld.socket enabled
rpcbind.socket enabled
rsyncd.socket disabled
sshd.socket disabled
sssd-autofs.socket disabled
sssd-nss.socket disabled
sssd-pac.socket disabled
sssd-pam-priv.socket disabled
sssd-pam.socket disabled
sssd-secrets.socket disabled
sssd-ssh.socket disabled
sssd-sudo.socket disabled
syslog.socket static
systemd-initctl.socket static
systemd-journald.socket static
systemd-shutdownd.socket static
systemd-udevd-control.socket static
systemd-udevd-kernel.socket static
basic.target static
bluetooth.target static
cryptsetup-pre.target static
cryptsetup.target static
ctrl-alt-del.target disabled
default.target enabled
emergency.target static
final.target static
getty-pre.target static
getty.target static
graphical.target static
halt.target disabled
hibernate.target static
hybrid-sleep.target static
initrd-fs.target static
initrd-root-fs.target static
initrd-switch-root.target static
initrd.target static
iprutils.target disabled
kexec.target disabled
local-fs-pre.target static
local-fs.target static
machines.target enabled
multi-user.target enabled
network-online.target static
network-pre.target static
network.target static
nfs-client.target enabled
nss-lookup.target static
nss-user-lookup.target static
paths.target static
poweroff.target disabled
printer.target static
reboot.target disabled
remote-cryptsetup.target disabled
remote-fs-pre.target static
remote-fs.target enabled
rescue.target disabled
rpc_pipefs.target static
rpcbind.target static
runlevel0.target disabled
runlevel1.target disabled
runlevel2.target enabled
runlevel3.target enabled
runlevel4.target enabled
runlevel5.target static
runlevel6.target disabled
shutdown.target static
sigpwr.target static
sleep.target static
slices.target static
smartcard.target static
sockets.target static
sound.target static
suspend.target static
swap.target static
sysinit.target static
system-update.target static
time-sync.target static
timers.target static
umount.target static
vsftpd.target disabled
certbot-renew.timer disabled
chrony-dnssrv@.timer disabled
fstrim.timer disabled
httpd-admin-reload.timer static
mdadm-last-resort@.timer static
mdcheck_continue.timer disabled
mdcheck_start.timer disabled
mdmonitor-oneshot.timer disabled
systemd-readahead-done.timer indirect
systemd-tmpfiles-clean.timer static
359 unit files listed.
Salü René
As I mentionned in my first reply:
In your case it took a bit more than 5 minutes…
I think this a bit of
A) a Browser caching issue
B) Server also has caching issues…
As mentionned, I operate about 25-30 NethServers for clients, about 2-3 have the same issue (or also non-issue…). These NethServers also have heavier usage than the others.
Andy
Good to hear it works now, even if we don’t know why.
I had a problem after a disaster recovery, where my systemd boot was messed up with very similar symptons to your case.
But your systemboot is o.k. It’s the right target and the service is enabled and loaded.
You bring it to the point
But a system that somehow recovers doesn’t give me a really good feeling I’d like to know, how to change e.g.the startup behavior of NethServer, to solve this SSD exit code 1 error.
Salü René!
How old is your NethServer / the used Hardware?
My home NethServer is running in Proxmox virtualisation, on an old HP Proliant ML110 G6 (About 9 years old).
On the few systems where that error occurs, it’s is often after an update.
I also have one clients NethServer, which after updates will have yum cache problems.
Before I needed to use the “Holzhammermethode” for the yum cache:
rm -f /var/lib/rpm/__db*
db_verify /var/lib/rpm/Packages
rpm --rebuilddb
yum clean all
rm -rf /var/cache/yum
Now just clicking the big red button (Clear yum cache) works (After a major update a while back). It’s still the only NethServer that displays this regularily… Not every time, but very often.
I still haven’t figured out what is causing that problem, but as my client, a Hotel, is closing end of the year, I figured, that server is running quite well, besides that small problem with the yum cache. So I won’t bother with researching the issue!
My 2 cents
Andy
Here is my hardware description used for my Nethservers. I used to have two of them but then a friend of mine gave me an old but quite powerful but a bit exotic shuttle system SX58J3 with the following core components:
- Intel® Core™ i7-950 Processor with 4 cores in a 1366 socket
- 16 Gbyte of Ram
- 2 x 1Gbit Ethernet
- Raid 0 with two WesternDigital 1TB WDC WD1002FAEX-0 harddisks
And as you mentioned, I got this SSSD error after an Update. And you are probably right, I will not bother anymore with researching the issue at the moment. If not even such experienced guy as you are regarding NethServer has found the problem.
Actually, I have another much more annoying problem regarding WebServer configuration and Virtual Hosts - but this is probably not the right place to discuss it. I will either join an existing discussion in the category HowTo or open a new one. I don’t know yet. I will know leave.
Have a good night and sleep well
Finally, I found the cause for the SSSD exit code 1 error:
It is nethserver-docker package that is not compatible with the standard samba (nmpd) installation. It generates the following log entries:
Jun 24 10:24:14 sits-srv03 nmbd[1573]: [2020/06/24 10:24:14.521091, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Jun 24 10:24:14 sits-srv03 nmbd[1573]: *****
Jun 24 10:24:14 sits-srv03 nmbd[1573]:
Jun 24 10:24:14 sits-srv03 nmbd[1573]: Samba name server SITS-SRV03 is now a local master browser for workgroup NETBIOS on subnet 172.28.0.1
Jun 24 10:24:14 sits-srv03 nmbd[1573]:
Jun 24 10:24:14 sits-srv03 nmbd[1573]: *****
Jun 24 10:24:14 sits-srv03 nmbd[1573]: [2020/06/24 10:24:14.521205, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Jun 24 10:24:14 sits-srv03 nmbd[1573]: *****
Jun 24 10:24:14 sits-srv03 nmbd[1573]:
Jun 24 10:24:14 sits-srv03 nmbd[1573]: Samba name server SITS-SRV03 is now a local master browser for workgroup NETBIOS on subnet 172.17.0.1
Jun 24 10:24:14 sits-srv03 nmbd[1573]:
Jun 24 10:24:14 sits-srv03 nmbd[1573]: *****
That over rights the standard values:
Jun 21 12:52:22 sits-srv03 nmbd[1500]: [2020/06/21 12:52:22.856396, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Jun 21 12:52:22 sits-srv03 nmbd[1500]: *****
Jun 21 12:52:22 sits-srv03 nmbd[1500]:
Jun 21 12:52:22 sits-srv03 nmbd[1500]: Samba name server SITS-SRV03 is now a local master browser for workgroup NETBIOS on subnet 192.168.0.103
Jun 21 12:52:22 sits-srv03 nmbd[1500]:
Jun 21 12:52:22 sits-srv03 nmbd[1500]: *****
Jun 21 12:52:22 sits-srv03 nmbd[1500]: [2020/06/21 12:52:22.856481, 0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Jun 21 12:52:22 sits-srv03 nmbd[1500]: *****
Jun 21 12:52:22 sits-srv03 nmbd[1500]:
Jun 21 12:52:22 sits-srv03 nmbd[1500]: Samba name server SITS-SRV03 is now a local master browser for workgroup NETBIOS on subnet 192.168.0.104
Jun 21 12:52:22 sits-srv03 nmbd[1500]:
Jun 21 12:52:22 sits-srv03 nmbd[1500]: *****
After removing docker:
yum remove nethserver-docker
the SSD exit code 1 error diapears
Docker was installed without my explicit permission or I can’t remember anymore on it
I’m unsure what to do know, should I do a bug report but where?
Any hints.
Salü René
Good detective work!
Bug report here:
Just start a new subject, and choose Bugreport…
Gruss
Andy
Thanks, I’ve will do it.
Thank you , it resolved my problem me too