Problems with SSSD Configuration
SSSD fails to start
SSSD requires that the configuration file be properly set up, with all the required entries, before the daemon will start.- SSSD requires at least one properly configured domain before the service will start. Without a domain, attempting to start SSSD returns an error that no domains are configured:
# sssd -d4 [sssd] [ldb] (3): server_sort:Unable to register control with rootdse! [sssd] [confdb_get_domains] (0): No domains configured, fatal error! [sssd] [get_monitor_config] (0): No domains configured.
Edit the /etc/sssd/sssd.conf file and create at least one domain.
- SSSD also requires at least one available service provider before it will start. If the problem is with the service provider configuration, the error message indicates that there are no services configured:
[sssd] [get_monitor_config] (0): No services configured!
Edit the
/etc/sssd/sssd.conffile and configure at least one service provider.SSSD requires that service providers be configured as a comma-separated list in a single
servicesentry in the/etc/sssd/sssd.conffile. If services are listed in multiple entries, only the last entry is recognized by SSSD.
NSS fails to return user information
This usually means that SSSD cannot connect to the NSS service.- Ensure that NSS is running:
# service sssd status
- If NSS is running, make sure that the provider is properly configured in the
[nss]section of the/etc/sssd/sssd.conffile. Especially check thefilter_usersandfilter_groupsattributes. - Make sure that NSS is included in the list of services that SSSD uses.
- Check the configuration in the
/etc/nsswitch.conffile.
NSS returns incorrect user information
If searches are returning the incorrect user information, check that there are not conflicting usernames in separate domains. When there are multiple domains, set theuse_fully_qualified_domains attribute to TRUE in the /etc/sssd/sssd.conf file. This differentiates between different users in different domains with the same name.
Setting the password for the local SSSD user prompts twice for the password
When attempting to change a local SSSD user's password, it may prompt for the password twice:[root@clientF11 tmp]# passwd user1000 Changing password for user user1000. New password: Retype new password: New Password: Reenter new Password: passwd: all authentication tokens updated successfully.
This is the result of an incorrect PAM configuration. Ensure that the use_authtok option is correctly configured in your /etc/pam.d/system-auth file.
Part IV. System Configuration
Part of a system administrator's job is configuring the system for various tasks, types of users, and hardware configurations. This section explains how to configure a Community Enterprise Linux system.
Table of Contents
- Console Access
- The
sysconfigDirectory -
- Files in the
/etc/sysconfig/Directory -
/etc/sysconfig/amd/etc/sysconfig/apmd/etc/sysconfig/arpwatch/etc/sysconfig/authconfig/etc/sysconfig/autofs/etc/sysconfig/clock/etc/sysconfig/desktop/etc/sysconfig/dhcpd/etc/sysconfig/exim/etc/sysconfig/firstboot/etc/sysconfig/gpm/etc/sysconfig/hwconf/etc/sysconfig/i18n/etc/sysconfig/init/etc/sysconfig/ip6tables-config/etc/sysconfig/iptables-config/etc/sysconfig/irda/etc/sysconfig/keyboard/etc/sysconfig/kudzu/etc/sysconfig/named/etc/sysconfig/network/etc/sysconfig/nfs/etc/sysconfig/ntpd/etc/sysconfig/radvd/etc/sysconfig/samba/etc/sysconfig/selinux/etc/sysconfig/sendmail/etc/sysconfig/spamassassin/etc/sysconfig/squid/etc/sysconfig/system-config-securitylevel/etc/sysconfig/system-config-selinux/etc/sysconfig/system-config-users/etc/sysconfig/system-logviewer/etc/sysconfig/tux/etc/sysconfig/vncservers/etc/sysconfig/xinetd
- Directories in the
/etc/sysconfig/Directory- Additional Resources
- Files in the
- Date and Time Configuration
- Keyboard Configuration
- The X Window System
- X Window System Configuration
- Users and Groups
- Printer Configuration
- Automated Tasks
- Log Files