Join Log in
Score:1
avatar Ubuntu

sssd-pac.service crashes periodically on Ubuntu 20.04

cn flag
Herr-Herner

We are using the RedHat IdM 7 and have bound our server systems for central user management to our IdM cluster. We have recognized on our Ubuntu 20.04 systems that the sssd-pac.service crashes periodically every 7-8 minutes and gets automatically restarted. Unfortunately, we have not found the reason so far. We are running the following SSSD version:

(~) root@srv2-t $ sssd --version
2.2.3

The /var/log/syslog contains the following entries:

Oct  7 11:01:32 srv2-t  sssd_pac[537014]: dbus[537014]: The last reference on a connection was dropped without closing the connection. This is a bug in an application. See dbus_connection_unref() documentation for details.
Oct  7 11:01:32 srv2-t  sssd_pac[537014]: Most likely, the application called unref() too many times and removed a reference belonging to libdbus, since this is a shared connection.
Oct  7 11:01:32 srv2-t  sssd_pac[537014]:   D-Bus not built with -rdynamic so unable to print a backtrace
Oct  7 11:01:32 srv2-t  systemd[1]: sssd-pac.service: Main process exited, code=dumped, status=6/ABRT
Oct  7 11:01:32 srv2-t  systemd[1]: sssd-pac.service: Failed with result 'core-dump'.
Oct  7 11:01:32 srv2-t  systemd[1]: sssd-pac.service: Scheduled restart job, restart counter is at 5.
Oct  7 11:01:32 srv2-t  systemd[1]: Stopped SSSD PAC Service responder.
Oct  7 11:01:32 srv2-t  systemd[1]: Starting SSSD PAC Service responder...
Oct  7 11:01:32 srv2-t  systemd[1]: Started SSSD PAC Service responder.
Oct  7 11:01:33 srv2-t  sssd_pac[537271]: Starting up
Oct  7 11:09:03 srv2-t  sssd_pac[537271]: dbus[537271]: The last reference on a connection was dropped without closing the connection. This is a bug in an application. See dbus_connection_unref() documentation for details.
Oct  7 11:09:03 srv2-t  sssd_pac[537271]: Most likely, the application called unref() too many times and removed a reference belonging to libdbus, since this is a shared connection.
Oct  7 11:09:03 srv2-t  sssd_pac[537271]:   D-Bus not built with -rdynamic so unable to print a backtrace
Oct  7 11:09:03 srv2-t  systemd[1]: sssd-pac.service: Main process exited, code=dumped, status=6/ABRT
Oct  7 11:09:03 srv2-t  systemd[1]: sssd-pac.service: Failed with result 'core-dump'.
Oct  7 11:09:03 srv2-t  systemd[1]: sssd-pac.service: Scheduled restart job, restart counter is at 6.
Oct  7 11:09:03 srv2-t  systemd[1]: Stopped SSSD PAC Service responder.
Oct  7 11:09:03 srv2-t  systemd[1]: Starting SSSD PAC Service responder...
Oct  7 11:09:03 srv2-t  systemd[1]: Started SSSD PAC Service responder.
Oct  7 11:09:03 srv2-t  sssd_pac[537522]: Starting up

All other depend services are socket activated and the sssd.conf has no services entry for services that should directly run on startup:

[domain/lx.mycompany]
id_provider = ipa
ipa_server = _srv_, idm2.lx.mycompany
ipa_domain = lx.mycompany
ipa_hostname = srv2-t.lx.mycompany
auth_provider = ipa
chpass_provider = ipa
access_provider = ipa
cache_credentials = True
ldap_tls_cacert = /etc/ipa/ca.crt
dyndns_update = True
dyndns_iface = ens160
krb5_store_password_if_offline = True
default_shell = /bin/bash

[sssd]
domains = lx.mycompany

[nss]
homedir_substring = /home

[pam]
offline_credentials_expiration = 7

[sudo]

[autofs]

[ssh]

[ifp]

[secrets]

[session_recording]

We have recognized that there are two sssd_pac processes running, one gets started directly with the sssd.service and the other one gets activated by sssd-pac.socket. The socket activated process periodically crashes after 7-8 minutes, while the other one runs without any issue.

Let’s restart SSSD and check the process list:

(~) root@srv2-t  $ systemctl stop sssd* --all
(~) root@srv2-t  $ systemctl start sssd.service
(~) root@srv2-t  $ systemctl status sssd.service
● sssd.service - System Security Services Daemon
     Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-10-07 12:31:04 CEST; 9s ago
   Main PID: 540692 (sssd)
      Tasks: 3 (limit: 9448)
     Memory: 8.2M
     CGroup: /system.slice/sssd.service
             ├─540692 /usr/sbin/sssd -i --logger=files
             ├─540705 /usr/libexec/sssd/sssd_be --domain lx.mycompany --uid 0 --gid 0 --logger=files
             └─540706 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files

Oct 07 12:31:03 srv2-t  systemd[1]: Starting System Security Services Daemon...
Oct 07 12:31:04 srv2-t  sssd[540692]: Starting up
Oct 07 12:31:04 srv2-t  sssd_be[540705]: Starting up
Oct 07 12:31:04 srv2-t  sssd_pac[540706]: Starting up
Oct 07 12:31:04 srv2-t  systemd[1]: Started System Security Services Daemon.
Oct 07 12:31:04 srv2-t  sssd_be[540705]: GSSAPI client step 1
Oct 07 12:31:04 srv2-t  sssd_be[540705]: GSSAPI client step 1
Oct 07 12:31:04 srv2-t  sssd_be[540705]: GSSAPI client step 1
Oct 07 12:31:04 srv2-t  sssd_be[540705]: GSSAPI client step 2
(~) root@srv2-t  $ ps aux | grep sssd_
root      540705  0.1  0.2  71752 19740 ?        S    12:31   0:00 /usr/libexec/sssd/sssd_be --domain lx.mycompany --uid 0 --gid 0 --logger=files
root      540706  0.0  0.1  38836 13932 ?        S    12:31   0:00 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files
root      540751  0.0  0.0   6300   736 pts/0    S+   12:31   0:00 grep --color=auto sssd_

After a user has logging in into the system. We get the following:

(~) root@srv2-t  $ ps aux | grep sssd_
root      540705  0.1  0.2  72168 21720 ?        S    12:31   0:00 /usr/libexec/sssd/sssd_be --domain lx.mycompany --uid 0 --gid 0 --logger=files
root      540706  0.0  0.1  38836 13932 ?        S    12:31   0:00 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files
root      540752  0.1  0.4  58416 39016 ?        Ss   12:31   0:00 /usr/libexec/sssd/sssd_nss --logger=files --socket-activated
root      540787  0.0  0.1  33436 13308 ?        Ss   12:32   0:00 /usr/libexec/sssd/sssd_ssh --logger=files --socket-activated
root      540806  0.0  0.1  33980 13448 ?        Ss   12:32   0:00 /usr/libexec/sssd/sssd_pam --logger=files --socket-activated
root      540810  0.0  0.1  38968 14664 ?        Ss   12:32   0:00 /usr/libexec/sssd/sssd_pac --logger=files --socket-activated
root      540921  0.0  0.0   6300   736 pts/0    R+   12:32   0:00 grep --color=auto sssd_

After round about 15 minutes the socket activated sssd_pac processs got restarted twice. Have a loot at the reported startup time.

(~) root@nxrepo-srv2-t $ ps aux | grep sssd_
root      540705  0.0  0.2  72164 20944 ?        S    12:31   0:00 /usr/libexec/sssd/sssd_be --domain lx.eurodata.de --uid 0 --gid 0 --logger=files
root      540706  0.0  0.1  38836 13932 ?        S    12:31   0:00 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --logger=files
root      541428  0.0  0.1  38836 13960 ?        Ss   12:47   0:00 /usr/libexec/sssd/sssd_pac --logger=files --socket-activated
root      541546  0.0  0.0   6432   736 pts/0    S+   12:51   0:00 grep --color=auto sssd_

This is the log entry:

Oct  7 12:32:18 srv2-t sssd_pac[540810]: Starting up
Oct  7 12:32:19 srv2-t kernel: [8020600.723391] audit: type=1400 audit(1633602739.238:35): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/etc/selinux/semanage.conf" pid=540811 comm="selinux_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Oct  7 12:39:13 srv2-t sssd_nss[540752]: Shutting down
Oct  7 12:39:13 srv2-t systemd[1]: sssd-nss.service: Succeeded.
Oct  7 12:39:46 srv2-t sssd_ssh[540787]: Shutting down
Oct  7 12:39:46 srv2-t systemd[1]: sssd-ssh.service: Succeeded.
Oct  7 12:39:48 srv2-t sssd_pam[540806]: Shutting down
Oct  7 12:39:48 srv2-t systemd[1]: sssd-pam.service: Succeeded.
Oct  7 12:39:48 srv2-t sssd_pac[540810]: dbus[540810]: The last reference on a connection was dropped without closing the connection. This is a bug in an application. See dbus_connection_unref() documentation for details.
Oct  7 12:39:48 srv2-t sssd_pac[540810]: Most likely, the application called unref() too many times and removed a reference belonging to libdbus, since this is a shared connection.
Oct  7 12:39:48 srv2-t sssd_pac[540810]:   D-Bus not built with -rdynamic so unable to print a backtrace
Oct  7 12:39:49 srv2-t systemd[1]: sssd-pac.service: Main process exited, code=dumped, status=6/ABRT
Oct  7 12:39:49 srv2-t systemd[1]: sssd-pac.service: Failed with result 'core-dump'.
Oct  7 12:39:49 srv2-t systemd[1]: sssd-pac.service: Scheduled restart job, restart counter is at 1.
Oct  7 12:39:49 srv2-t systemd[1]: Stopped SSSD PAC Service responder.
Oct  7 12:39:49 srv2-t systemd[1]: Starting SSSD PAC Service responder...
Oct  7 12:39:49 srv2-t systemd[1]: Started SSSD PAC Service responder.
Oct  7 12:39:49 srv2-t sssd_pac[541181]: Starting up
Oct  7 12:47:19 srv2-t sssd_pac[541181]: dbus[541181]: The last reference on a connection was dropped without closing the connection. This is a bug in an application. See dbus_connection_unref() documentation for details.
Oct  7 12:47:19 srv2-t sssd_pac[541181]: Most likely, the application called unref() too many times and removed a reference belonging to libdbus, since this is a shared connection.
Oct  7 12:47:19 srv2-t sssd_pac[541181]:   D-Bus not built with -rdynamic so unable to print a backtrace
Oct  7 12:47:19 srv2-t systemd[1]: sssd-pac.service: Main process exited, code=dumped, status=6/ABRT
Oct  7 12:47:19 srv2-t systemd[1]: sssd-pac.service: Failed with result 'core-dump'.
Oct  7 12:47:19 srv2-t systemd[1]: sssd-pac.service: Scheduled restart job, restart counter is at 2.
Oct  7 12:47:19 srv2-t systemd[1]: Stopped SSSD PAC Service responder.
Oct  7 12:47:19 srv2-t systemd[1]: Starting SSSD PAC Service responder...
Oct  7 12:47:19 srv2-t systemd[1]: Started SSSD PAC Service responder.
Oct  7 12:47:20 srv2-t sssd_pac[541428]: Starting up

How can we get rid of the problem?

Thanks a lot.

130
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.