Hello,
My department has run into a problem with openSuSE Leap 15.1, LDAP and sssd. In short, it appears that sssd starts prior to DHCP obtaining an IP address for the network interface. At that point, sssd ldap be goes into the “Backend is offline” state and never recovers. It appears to never recover, because it is never informed by inotify when a DHCP address is obtained and resolv.conf is updated. Consequently, a console login followed by a “systemctl restart sssd.service” is required or a reboot before non-local users can login.
Some Ubuntu users have run into the same problem: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/172335
I’ve modified our sssd.service file and placed it in /etc/systemd/system to override the default file in /usr/lib/systemd/system:
[Unit]
Description=System Security Services Daemon
SSSD must be running before we permit user sessions
After=network-online.target <================================================ Added this line
Before=systemd-user-sessions.service nss-user-lookup.target
Wants=nss-user-lookup.target network-online.target <======================== Added “network-online.target”
PartOf=network-online.target <=============================================== Added this line
[Service]
Environment=DEBUG_LOGGER=–logger=files
EnvironmentFile=-/etc/sysconfig/sssd
ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER}
Type=notify
NotifyAccess=main
PIDFile=/var/run/sssd.pid
[Install]
WantedBy=multi-user.target
Note that this is a workaround and not a fix.
We are using wicked.
So far, this is reproducible with desktop computers running openSuSE 15.1 using DHCP, sssd and an LDAP backend for authentication.
Was wondering if anyone else has encountered this problem and if there might be a fix forthcoming?
Thanks,
Trevor