Description of problem: an sssd.conf generated by authconfig from scratch is invalid. Version-Release number of selected component (if applicable): authconfig-6.1.12-11.el6.x86_64 How reproducible: always Steps to Reproduce: 1. rm -f /etc/sssd/sssd.conf 2. authconfig --updateall --enablesssd --enablesssdauth Actual results: Starting sssd: [FAILED] Expected results: Starting sssd: [OK] However, it would be better if authconfig didn't reproduce service restart output at all, but instead output an error message and returned a non-successfull exit status. Additional info: sssd.conf generated by authconfig: [domain/default] cache_credentials = True [sssd] services = nss, pam config_file_version = 2 domains = [nss] [pam] [sudo] [autofs] [ssh] [pac]
Authconfig probably shouldn't create sssd.conf at all in this case (when enablesssd and/or enablesssdauth is used).
Also authconfig in this case (using the explicit sssd enabledment with --enablesssd or --enablesssdauth) should not try to restart the sssd.
Summarizing what will be the fix: In the case the explicit (not implicit) sssd support is enabled with --enablesssd or --enablesssdauth, authconfig will not write the sssd.conf file and will not try to restart the sssd.
Authconfig still creates sssd.conf and restarts sssd when invoked as "authconfig --updateall --enablesssd --enablesssdauth", if sssd.conf doesn't exist Verified with authconfig-6.1.12-12.el6.x86_64.
Can you please attach the output of 'authconfig --test' here?
caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is disabled LDAP+TLS is disabled LDAP server = "" LDAP base DN = "" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap range = "16777216-33554431" nss_sss is enabled by default nss_wins is disabled nss_mdns4_minimal is disabled DNS preference over NSS or WINS is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is sha512 pam_krb5 is disabled krb5 realm = "EXAMPLE.COM" krb5 realm via dns is disabled krb5 kdc = "kerberos.example.com" krb5 kdc via dns is disabled krb5 admin server = "kerberos.example.com" pam_ldap is disabled LDAP+TLS is disabled LDAP server = "" LDAP base DN = "" LDAP schema = "rfc2307" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "" smartcard removal action = "" pam_fprintd is enabled pam_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is enabled by default credential caching in SSSD is enabled SSSD use instead of legacy services if possible is enabled IPAv2 is disabled IPAv2 domain was not joined IPAv2 server = "" IPAv2 realm = "" IPAv2 domain = "" pam_cracklib is enabled (try_first_pass retry=3 type=) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir or pam_oddjob_mkhomedir is disabled () Always authorize local users is enabled () Authenticate system accounts against network services is disabled
The fix was incomplete. Fixed. Thanks for testing.
Verified fixed in authconfig-6.1.12-13.el6.x86_64.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0486.html