Bug#792519: systemd-logind fails to start on system using LDAP
Daniel Schepler
dschepler at gmail.com
Fri Jul 17 22:44:51 BST 2015
On Wed, Jul 15, 2015 at 12:30 PM, Felipe Sateler <fsateler at debian.org>
wrote:
> On 15 July 2015 at 16:09, Daniel Schepler <dschepler at gmail.com> wrote:
> > On Wed, Jul 15, 2015 at 11:48 AM, Felipe Sateler <fsateler at debian.org>
> > wrote:
> >>
> >> Hmm. Could you please attach the upgrade logs since some time before
> >> the problems occurred? Might network manager have been updated in the
> >> meantime?
> >
> >
> > Attaching /var/log/dpkg.log. I think the first failed boot was
> 2015-07-08
> > or 2015-07-09. From the previous history, the last upgrade of dbus was:
> >
> > 2015-05-20 09:46:36 upgrade dbus:amd64 1.8.16-1 1.8.18-1
> >
> >>
> >> Also, how do you manage your connections?
> >>
> >> I also found this old redhat bug[1]. Could you try adding a conf
> >> snippet to order the ldap components before dbus? Use systemctl edit
> >> <service> and add Before=dbus.service.
> >>
> >>
> >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=502072
> >
> >
> > OK, it will be a while before I can test it because I'm doing work using
> the
> > machine right now.
> >
> > It would appear to me from the logs that NetworkManager can't
> successfully
> > start before dbus is available - and I would probably want to make nslcd
> > dependent on networking being up. Would that mean that I'd have to set
> > things up so it manually connects eth0 over DHCP, then starts nslcd, then
> > starts dbus? And then NetworkManager would be left only managing wlan0?
> > And if so, where would I look for documentation on setting up the unit to
> > connect eth0? (Sorry for the last very basic question.)
>
> I think (but I'm not sure) that nm will still connect without dbus
> available yet, but it will of course not answer any dbus requests. So
> it should only be necessary to order ldap before dbus.
>
> However, this solution may prove brittle. Reading the linked redhat
> bug there are two promsing suggestions:
>
> 1. Add 'bind_policy soft' to /etc/ldap.conf.
> 2. Set nss_initgroups_ignoreusers to at least
> 'root,dirsrv,gdm,rtkit,pulse,haldaemon,polkituser,avahi,dbus'
>
> It seems the problem is that nss_ldap is trying to query ldap for
> system users. That seems wrong to me, as the system should be able to
> work without network.
>
I've added this to /etc/libnss-ldap.conf (just generated a list of system
users where I had daemons running as them):
nss_initgroups_ignoreusers
root,avahi,clamav,colord,daemon,Debian-exim,Debian-gdm,dirmngr,gitdaemon,lp,messagebus,mysql,nslcd,ntp,rtkit,statd,www-data
But still, journalctl shows dbus-daemon, accounts-daemon and nscd (at
least) giving the errors on being unable to connect to LDAP. The machine
did boot OK this morning, but as far as I know that could just be that I
got lucky and hit the 10-20% success case.
--
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150717/b75651f2/attachment-0002.html>
More information about the Pkg-systemd-maintainers
mailing list